---
name: "Arian Sheremeti"
github: "bitsecura"
specializations:
- "Audit & Assurance"
- "Cloud Security"
- "Incident Response"
- "Offensive Security"
- "Risk Management"
- "Security Architecture"
- "Security Governance"
- "Security Operations"
- "Third-Party Risk"
- "Vulnerability Management"
- "AI Governance"
- "Cloud Governance"
title: "Principal GRC Architect"
company: "Bitsecura"
linkedin: "https://www.linkedin.com/in/ariansh/"
blog: "https://bitsecura.com"
frameworks:
- "COBIT"
- "CSA STAR"
- "EU AI Act"
- "ISO 27001"
- "ISO 42001"
- "NIST 800-53"
- "NIST AI RMF"
- "NIST CSF"
- "NIST RMF"
- "PCI-DSS"
- "SOC 2"
languages:
- "PowerShell"
- "Python"
- "SQL"
certifications:
- "CISM"
- "CISA"
- "ISO/IEC 42001:2023 Lead Auditor"
- "ISO/IEC 27001:2022 Lead Auditor"
- "ISO/IEC 27001:2022 Lead Implementer"
available_for:
- "mentoring"
- "speaking"
- "consulting"
- "freelance"
- "collaboration"
---
## About Me
I help organisations make sense of governance before it becomes a headline. Whether it's ISO certification, NIS2, DORA, SOC 2, or AI governance, my role is to turn complex frameworks into practical decisions and audit-ready proof.
I work with founders, security leaders, and boards to build governance that is defensible under scrutiny. That includes supporting certification and compliance outcomes, but without "compliance theatre". The aim is simple: controls that work in real life, risks that are understood, and documentation that tells a coherent story.
With 15+ years across start-ups, financial institutions, and critical-sector operators, I align technology, governance, and regulation so leaders can act with confidence and demonstrate progress. After years at PwC and Deloitte, I now run Bitsecura independently, which means you work directly with the person who owns the outcome.
