Assessment, roadmap, implementation — for boards, CISOs, and risk managers who need governance that works under regulatory scrutiny, not just on paper.
Every engagement follows the same sequence — because governance built on assumptions collapses. Governance built on assessed reality holds.
Understand where you actually are — not where you assume you are. Against a specific framework or regulatory requirement.
What needs to be done, in what order, with what resources. Regulatory exposure + business impact = remediation sequence.
Policies, procedures and controls that reflect how your organisation actually operates — not how a template assumes it does.
Senior advisory across four domains — each delivered end-to-end, from assessment through implementation.
Gap assessment and end-to-end implementation — policies, procedures, controls, risk management frameworks, and governance structures that translate regulatory requirements into how your organisation actually operates.
Governance structures for AI deployment — from AI inventory and risk classification to accountability frameworks and AI Act compliance readiness.
Supply chain risk assessment, vendor due diligence frameworks, and NIS2/DORA-compliant third-party contractual requirements — because your vendor's gap is your compliance exposure.
GDPR compliance programs, DPIAs, privacy-by-design integration, and breach readiness — structured for organisations operating across multiple jurisdictions.
Business impact analysis, continuity planning, ITDR, and tabletop exercises — designed for organisations where operational disruption carries regulatory and reputational consequence.
Decision architecture for cyber and AI risk at board level. Governance structures, management accountability frameworks, and board-ready reporting — without technical jargon.
"Who is responsible if something goes wrong — and can we prove we made informed decisions?"
"How do I build governance that holds under scrutiny — not just looks right on paper?"
"What does this regulation actually require — and how do we prove we've done it?"
I'm Senad Džananović — a Cyber and AI Governance advisor with over 20 years of experience across Central and Eastern Europe, working with regulated industries across multiple jurisdictions.
My work covers the full lifecycle: assessment of current state, prioritised remediation roadmap, and implementation of the frameworks, policies and controls that translate governance requirements into how an organisation actually operates.
The differentiator is not knowledge of the frameworks. It's the implementation experience — knowing where organisations get stuck between steps, why governance structures collapse under regulatory scrutiny, and what defensible actually means in practice.
20 questions across NIST AI RMF domains — Govern, Map, Measure, Manage. Takes 8 minutes. Produces an honest current-state picture.
If your organisation is facing regulatory pressure, an upcoming audit, or you're not sure what your actual governance posture is — that's exactly the conversation I'd like to have.
Tell me what you're working on. No pitch, no template response.