Expert GRC consultancy services from perfect affinity Consulting

At perfect affinity Consulting, we provide top-notch governance, risk management, and compliance consulting services to organizations and businesses in Norway, the Nordics, and internationally.

We combine deep subject matter expertise and decades of consulting experience, with sector-specific knowledge, to help your business or organization address the evolving risk and threat picture, balancing risk with opportunity, while fulfilling your compliance obligations. Trust perfect affinity Consulting to elevate your organization or business to new levels of success!

Further information about our services is available below:

Cyber security governance, risk and compliance

As part of our Cyber Security Governance, Risk, and Compliance service, we can help you improve your security posture to protect your organization or business from even the most advanced cyber security threats.  

This includes conducting cyber security health checks and/or audits to help map your current situation so that any weaknesses (including compliance gaps with regulations, such as DORA and NIS2, or sector specific regulations), and improvement opportunities can be identified and prioritized. We can then assist you with the design of a cyber security strategy and improvement plan, working with you to secure stakeholder buy-in, as well as design the business case for investment, should this be required.

We can also assist with the design &  implementation (or improvement of existing) Information Security Management Systems (ISMS) and Cyber Security Management Systems (CSMS), including as part of a goal to secure ISO 27001 compliance, whereby the use of AI helps accelerate the work, including for example as part of policy design.

Further, we can help elevate existing GRC capabilities, such as cyber security governance, risk management processes, security as part of third-party/supplier management, and more. 

Management-for-hire, including CISO-as-a-service

Our Management-for-hire service, including  CISO-as-a-Service, delivers an executive-level information security/cyber security management capability for organizations which lack the scale for an in-house senior resource, or for those organizations who prefer a flexible, cost-effective approach, scaled to the needs of the organization, without hiring for a permanent position.

We are able to provide a virtual CISO who can provide strategic direction for information security and cyber security, as well as provide ongoing oversight of cyber security programs and cyber security operations. This can be provided on either a full-time or part-time basis.

A virtual CISO from perfect affinity can also assist you with the design and execution of a comprehensive security roadmap, oversight of compliance with governance frameworks, regulatory requirements and security requirements, and ongoing communication with key stakeholders, including the company board and management teams. 

Our virtual CISOs have hands-on experience with AI and can deploy this knowledge as an integral part of the service.

GRC/Cyber security program & project management

Our GRC and Cyber Security Program & Project Management services are design for maximum flexibility, allowing us to calibrate our support precisely to the unique size, scope, and maturity level of any organization, from startups and small-to-medium businesses to large corporations and public sector entities. 

We tailor our project management approach methodologies to match the specific scale and nature of what you want to achieve and adapted to fit the complexity of the issues at hand, ensuring that our support is perfectly scaled to your needs. 

Our experience spans the entire lifecycle, from conducting strategic needs assessments, designing the business case and helping you secure investment, to running competitive procurements to enable you to assess and select the right service providers or solutions, and then leading the detailed design and hands-on execution of the resulting programs and projects. 

We bring the flexibility to deliver projects using Agile, traditional Waterfall, or hybrid methodologies, ensuring the approach aligns perfectly with your organizational culture and the specific complexity of your goals. The use of AI is an integral part of our approach.

Secure software development (SSDLC)

Our Secure Software Development Lifecycle (SSDLC) services provide a comprehensive approach to embedding security into every stage of your software creation, from initial concept to deployment, and continual improvement, while ensuring alignment with evolving regulatory requirements including the Cyber Security Act, NIS2, and DORA. 

We can assist by performing thorough DevSecOps and SSDLC health checks and audits to identify gaps in your current framework, development practices and pipelines, followed by strategic implementation and modernization efforts that transform legacy processes into robust, security compliant workflows.

Our expertise extends to the seamless integration of advanced security technologies and tools, including AI to enable rapid risk assessments, threat modeling and secure coding, ensuring your development environment meets the stringent obligations of EU cybersecurity legislation. 

Additionally, we specialize in the design and execution of tailored security testing regimes—including automated scanning, penetration testing, and code review—to validate defenses continuously against both technical threats and in accordance with regulatory mandates. 

Whether you are looking to modernize an existing SSDLC, integrate new security stacks, or establish a mature DevSecOps culture from scratch, we deliver the technical depth and strategic oversight needed to build resilient, secure applications that satisfy both operational and compliance requirements across the regulatory landscape.

Cyber Security Operations (SecOps) modernization

Our Cyber Security (SecOps) Modernization services are dedicated to building security operations capabilities from the ground up or significantly enhancing your existing capabilities to defend your organization against even the most advanced and persistent cyber threats. 

We provide end-to-end design and implementation of security operations capabilities, including strategic outsourcing of Security Operations Centres via Managed Detection and Response (MDR) services, as well as the establishment of dedicated SecOps and Computer Security Incident Response Teams (CSIRT). 

Our approach encompasses the rigorous design of security monitoring architectures, vulnerability management lifecycles, and streamlined incident management processes to ensure rapid detection and response. We consider and utilize AI at every stage of our approach, according to your company's own appetite for, and use of, AI technology.

Crucially, we extend these capabilities beyond traditional IT to encompass Industrial Control Systems and Operational Technology (OT) environments, creating a unified defense posture that secures your entire digital and physical infrastructure against advanced and sophisticated adversaries.

Depending on your goals and risk appetite, we can help you elevate your security operations capability to world class level.

Digital resilience and emergency preparedness

Our Digital Resilience and Emergency Preparedness services are designed to strengthen your organization's ability to withstand and recover from disruptions, with a specific focus on achieving compliance with critical regulations such as DORA and NIS2, as well as sector specific regulations. 

We can assist with comprehensive Business Impact Analyses (BIA) to identify critical assets and potential vulnerabilities, forming the foundation for tailored emergency preparedness and disaster recovery solutions, including as part of a holistic approach to Business Continuity Planning (BCP) design and implementation. 

Beyond static planning, we are able to help you validate your business continuity plans and processes, and thoroughly test your organization's readiness to respond to a major crisis, including sophisticated cyber security incidents. 

The use of AI in our approach enables a rapid, systematic and repeatable approach to planning and testing, continually in synch with the evolving risk and threat picture.

This can include crisis management rehearsals, disaster recovery exercises, process walkthroughs, tabletop exercises and realistic scenario tests (including simulations).