Michel Hjazeen

Michel Hjazeen

AI Governance · Risk · Security

I help organizations ship AI and scale securely—while staying ahead of the EU AI Act, ISO 42001, ISO 27001, SOC 2, and board expectations.

ISO 42001 EU AI Act ISO 27001 SOC 2 SOX Incident Command

Why This Matters to Executives

Faster Deals

Enterprise security evidence on day one.

Fewer Surprises

Predictable audits and regulator-ready comms.

Confident AI Scale-Up

Controls that live in pipelines—not slide decks.

10+

Business Units Scaled

50%

Risk Reduction

5+

Clean SOC2 Cycles

Executive Value Proposition

AI That Ships with Guardrails

AI IAs, model cards, and release gates inside CI/CD. Faster launches, audit-ready artifacts, less rework.

Risk That Drives Decisions

ERM built for action—appetite, accepts, and KRIs that trigger budget and roadmap moves.

Security Leadership When It Counts

Incident commander with regulator-grade communications and “never again” control upgrades.

Compliance That Accelerates Sales

ISO 27001/27701/22301 & SOC 2 programs that produce evidence portals and cut procurement timelines.

SOX Without the Drag

ITGC redesign and control consolidation with automated evidence—less audit time, fewer findings.

M&A Without Surprises

Security/privacy diligence and Day-90 alignment. Standardized governance, zero critical findings.

Achievements

ISO 42001 cert; AI Act operating model; RAG guardrails. Lifecycle controls wired to CI/CD; automated evidence. Controls for prompts/tools and telemetry for toxicity/drift/leakage.

ISO 27001/27701/22301, SOC 2 Type II; SOX control consolidation. Consistently low findings; evidence automation; trust portal. SOX ITGC redesign and >100 controls consolidated.

Diligence + Day-90 standardized governance. Zero critical findings; aligned identity, logging, privacy. Exec reporting with milestones and owners.

Incident command; regulator comms; BCP/DR cross-border. Declared incidents with clear external comms. DORA/NIS2 mapping and exercises.

Articles & Papers

EU AI Act: Make It an Operating Model

Move faster with a release-gate approach and automated evidence.

Read More
Secure AI at Scale in 6 Weeks

From triage to telemetry to go-live.

Read More
ERM Boards Actually Use

Decision-anchored KRIs that move budgets.

Read More
AI Incident Communications

Protect trust when models misbehave.

Read More

Contact

For a private CV, references, or a role-specific discussion, reach out directly.

Email Michel
Signals

CRISC · CISM · CDPSE
ISO 42001 · EU AI Act · ISO 27001 · SOC 2 · SOX
ERM & Board Reporting · Incident Leadership