Open to opportunities

Ray Swartz

@rayswartz

Message

I lead ISO 27001, SOC and PCI GRC programs to strengthen client information security.

South Africa

Message

What I'm looking for

I’m looking for a role where I can lead ISO 27001/GRC work end-to-end, partner with senior stakeholders, and drive practical risk management. I thrive on audit outcomes, remediation roadmaps, and mentoring teams delivering clear security improvements.

I’m a Cape Town-based Cyber & Information Security Specialist with a BSc in Computer Science, bringing a methodical, analytical approach to complex security and audit problems. I’m at my best in high-pressure environments—composed, clear, and focused on measurable risk reduction.

At Cognisys, I work as an Information Security, GRC and Compliance Consultant, leading and supporting ISO 27001, SOC, and PCI Code B projects from scoping through certification. I develop and maintain core ISMS documentation (policies, procedures, Statements of Applicability, and risk treatment plans) and run comprehensive internal audits and risk assessments—turning findings into actionable governance and improvement plans.

Previously, as an Information Security and Compliance Senior at Stitch Money, I owned GRC compliance and stakeholder reporting while directing a team of analysts. I led and co-led audits including PCI-DSS, PCI-P2PE, ISO 27001:2022, and the FSCA / PA Joint Standard, along with independent IT risk assessments guided by risk-based audit planning.

My broader cyber-security foundation includes senior roles at EY and supervision across KPMG’s Tech Assurance engagements, spanning Cyber Maturity Assessments, Incident Response Maturity Assessments, Internal Audit, Patch and Vulnerability Management, Penetration Testing, and Business Continuity. I bring hands-on tool experience (Nessus, NMap, Burp Suite, Aircrack-ng, Metasploit in Kali Linux) and firewall exposure (Cisco, Palo Alto), and I actively mentor junior team members while continuously improving security posture and delivery.

Experience

Work history, roles, and key accomplishments

Current

Information Security GRC Consultant

Current

Cognisys

Jan 2026 - Present (5 months)

Led ISO 27001, SOC and PCI Code B engagements from scoping through certification, developing and maintaining ISMS documentation including policies, procedures, Statements of Applicability, and risk treatment plans. Conducted internal audits and risk assessments, translating findings into remediation roadmaps and improving client-facing governance and compliance reporting.

ISO 27001 Statement Of Applicability Internal Auditing SOC Risk Assessment Compliance Reporting Stakeholder Management

Information Security & Compliance Senior

Stitch Money

Apr 2025 - Oct 2025 (6 months)

Served as Information Security and Compliance Senior for a payments-focused start-up, overseeing GRC compliance to ensure the GRC function operated smoothly. Led audits including PCI-DSS, PCI-P2PE, ISO 27001:2022 and the FSCA/PA Joint Standard, directed a team of analysts, and reported compliance posture to senior leadership.

GRC PCI DSS ISO 27001 FSCA PA Joint Standard Team Leadership Compliance Reporting

Cyber Security Senior (Tech Assurance)

Ernst & Young

Aug 2024 - Mar 2025 (7 months)

Worked as a Cyber Security Senior in the Tech Assurance division, managing on-the-ground teams and reporting to senior managers and partners across multiple global clients. Drafted internal audit reports and advised on IT risk management, including evaluating security vulnerabilities through to mitigation recommendations.

Security Auditing IT Risk Management Audit Reporting Vulnerability Assessment Client Management Security Advisory

Cyber Security Supervisor

KPMG

Jan 2021 - Jul 2024 (3 years 6 months)

Fulfilled the role of Cyber Security Supervisor within KPMG’s Cape Town office, delivering Tech Assurance engagements for a portfolio of global clients. Led and coordinated cyber maturity assessments, incident response maturity assessments, internal audits, patch and vulnerability management, penetration testing, and business continuity activities while producing audit-level documentation and mana

Cyber Maturity Internal Audit Patch Management Business Continuity Penetration Testing Nessus Nmap Burp suite Kali Linux

Cyber Senior Analyst (Secondment)

KPMG UK

May 2023 - Oct 2023 (5 months)

Completed a six-month cyber security secondment to KPMG UK (Belfast), selected as a South African representative at management level as part of an EMEA connectivity initiative. Collaborated with UK cyber security colleagues and leadership on cross-functional initiatives, contributing expertise to an international context and applying resulting learnings back to the local practice.

Cross Functional Collaboration International Client Delivery Workshop Facilitation Process Improvement