Curriculum Vitae

Svenn R. Norendal
Svenn Norendal, CGEIT CISA
Director
Senior GRC Adviser and Auditor

Norendal International Ltd

21 Castlegate Drive
Cockermouth
CA13 9HD
U. K.

Office: +44 (0)1900 826 587

Mobile: +44 (0)7917 154 634
svenn@norendal.com

Revised: 08/04/2010

SUMMARY

My background is Telecom Engineer 1973. Now, the main area is business support within Governance, Risk Management
and Compliance, GRC. Most tasks are carried out in the capacity as project manager or adviser.

Employments:
1974-1986: Security officer/engineer, IT security analyst and project manager, Swedish Telecom.
1986-1998: Corporate IT security manager, IAM owner, IT auditor, program manager and senior consultant, Ericsson.
1998-2004: Partner, management consultant, IT auditor and project manager, Norendal International.
2004-: Director, manager, senior GRC adviser, business development, Norendal International Ltd.

Norendal International is a provider of Governance, Risk Management and Compliance support in the UK and abroad. We
have extensive understanding of IAM solutions and implementation, Access control, Data Classification, Information
Security Management Systems (ISMS) and security standards.

Clients: Electrolux, Lansforsakringar, SAS, Handelsbanken, SPP, Ford Motor Company, Xerox UK, Shell International,
Alliance & Leicester, Banco Santander, EDB Business Partner etc.

I am;
- Not afraid to put my view forward, based on experience (mine or others) to influence decision and direction;
- Result oriented in every task with a pragmatic view in a business oriented environment;
- Enjoy working with people to progress tasks and to resolve issues;
- Motivated, experienced, reliable and productive with a taste for challenges and changes;
- Interact with people and achieve objectives through knowledge transfer that change attitudes and behaviour;
- Tolerant but expect failures to be part of a learning experience;
- Certified Information Systems Auditor (CISA, 1993)
- Certified in the Governance of Enterprise IT (CGEIT, 2008).
- In the pipeline is to gain ISO 27001 Lead Auditor certification.
1 (5) Curriculum Vitae Svenn R. Norendal
 PROFESSIONAL PROFILE

August 1998 to present Senior GRC Adviser and Auditor, Norendal International Ltd
Director

Since 1998 I have managed the development and administration of Norendal International and provided professional
services to clients in the UK and abroad. I am available for contract engagements for up to 9 months every year.

Project experience the last 5 year, 12 contracts:

09/03/01-09/05/31 Senior GRC Adviser, EDB Business Partners, Oslo, 1 contract

Support project regarding project risks and scope. Plan and perform review of IAM/IDM functionality,
operations and services. Coordinate regulatory requirements business and ITGC impact, including
SOX, and detail recertification and improvements.

08/06/01-08/11/30 Senior GRC Adviser, Alliance & Leicester/Banco Santander, 2 contracts

Review of current RM methodology and process. Plan, develop and implement new RM process
based on the Forums IRAM methodology. Coordinate RM activities as SME and Project Manager.
BAU activities covering remedy of audit issues including Basel II.

06/03/01-07/01/31 Senior GRC Adviser and SME, Shell International, London-The Hague-Rotterdam, 5 contracts
Manage review of current RM methodology and process. Manage the design, test and
implementation of new RM process based on the Forums IRAM methodology. Manage GAP analysis
within Trading, Downstream, Central Finance and EP. Manage review and GAP analysis of PCI DSS
compliance of Downstream projects in scope. Manage and Evaluate and recertification of ITGC and
SOX controls within Central Finance and recommend improvements. Manage Business Impact
Assessments at Corporate Centre covering information risks and report to management.

05/05/01-05/12/31 SOX Analyst/Tester/SME and project Manager. Xerox UK, 2 contracts

Plan, manage and perform SOX testing of ITCG and SOX controls on behalf of business managers
and IM manager. Identify and prioritize gap and with business managers develop cost effective
sustainable remedy solutions. Coordinate recertification and retesting when necessary. Review result
with external auditors and coordinate status and management reports.

04/06/01-04/12/31 SOX Analyst/Tester/SME and project Manager. Ford Motor Company, 2 contracts
Plan, manage and perform SOX testing of ITCG and SOX controls on behalf of business managers
and IM manager. Identify and prioritize gap and with business managers develop cost effective
remedy solutions. Coordinate recertification and retesting when necessary. Review result with
external auditors and coordinate status and management reports to Audit Committee.

Summary of previous contracts:

2002-2004 International marketing/sale of the SBA Method series; SBA Check, SBA Scenario and SBA Project
2000-2002 Project manager of corporate awareness programme, (Pharmacia/Pfizer)
2001 Information security status review (ISSS) as project manager (SAS)
2000 Adviser to Information security status reviews including data centre physical security (Electrolux)
2000 Project review/support, SSO (Handelsbanken)
1998-1999 Manage GAP analysis to BS7799, QA reviews (Lansforsakringar).
1998-1999 Information security status review (ISSS) as project manager (SAS).

2 (5) Curriculum Vitae Svenn R. Norendal

 EDUCATION

2000, 2 days Internet: Control Issues and Audit Methods, ISACA Northern UK Chapter
1999, 3 days Compsec International 1999, Elsevier
1996, 3 days Businessmanship, Ericsson Data/Business Training Systems AB
1995, 3 days How to Measure Advantages for Customers, Ericsson Data
1993, 2 weeks CISA prep course (ISACA Sweden Chapter)
1993, January Offensive Quality Work (Ericsson Quality Institutes)
1992, 6 weeks Project Management, FUTURUMS Higher Project management), 10 p, Ronneby University
1992, 2 weeks Advanced Management, AVANT/Ericsson Data
1991, 6 days Quality Service Program, Ericsson Data/Vendator
1990, May MVS Security, BackupCentralen
1990, May Network Security, Frost & Sullivan, Management Development Seminar
1989, October Computer Related Legislation, University of Linköping
1988, November Relations Database Basics, Monitor ADB utveckling AB
1988, 2 weeks Information Security, 5 p, Royal Institute of Technology and Stockholm University
1988, November Continuity Planning - Disaster Recovery, Frost & Sullivan, Management Development
1988, February Computer Security, CGS Institute
1987, 1 week Project Management, Öppna Dataskolan, Ericsson Data
1986, 5 weeks Diploma in IT-security Management, Infosec PROSAB
1986, 2 years, part time Electric Power Engineer Degree, Huddinge College
1985, October U. S. Export Controls 7 - intensive course, Stockholm Chamber of Commerce
1984, May Data Communication II, STF ingenjörsutbildning
1983, December SBA Management course, INFOSEC Prosab AB
1983, February Securicom-83, Cannes
1982, December Time Manager, Time Manager International
1982, November Physical Protection of Computer Plants, SBF Svenska Brandförsvarsföreningen
1982, 21 weeks Programmer Education, IBM/UNIVAC, Swedish Telecom
1981, January Infrared Physics for Professionals, 2 p, Royal Institute of Technology, Stockholm
1980, October Direct Current Systems, STF Ingenjörsutbildning
1980, March Methodology for Education, Swedish Telecom
1979, March MULTICOM, Swedish Telecom
1976 – 1978 MULTILARM, MULTILARM L 300, MULTILARM L 400 Swedish Telecom
1973, 4 years Electronic and Telecommunications Engineering Degree, Thorildsplans College

Other
1979-2007, several customer focusing IT management courses/seminars providing guidance on the planning,
delivery and management of quality IT services to support business needs (ITIL).
(This list is not complete, cover approximately 50% of all training during 1973 to 2008)

3 (5) Curriculum Vitae Svenn R. Norendal

 CERTIFICATIONS

2008 CGEIT Certified in the Governance of Enterprise IT (24/08/2008 Cert No 0800494)

Information Systems Audit and Control Association (ISACA)

2004 Information Technology Accredited Security & Control Application Inspector

Ford Motor Company

1993 CISA Certified Information Systems Auditor (30/09/1993 Cert No 9313072)

Information Systems Audit and Control Association (ISACA)

1992 Management Certification

L M Ericsson Data AB

1992 Diploma in Project Management

University College Karlskrona Ronneby

1986 Authorised Electrical Contractor

General authority as electric installer to 1000V, Statens Energiverk (1990-11-20 Cert No 520913-0219, valid
until 2023)

1986 Diploma in Advanced Computer Security

Infosec Prosab AB

1986 Certified Intruder Alarm Installer

Authorised to Approve and Connect Intruder and Assault Alarms to the Police Authority in Sweden. Police
Authority in Stockholm (Cert No AA 576-6575/95)

ASSOCIATION MEMBERSHIPS

ISACA, Information Systems Audit and Control Association, U.S.A.

CONFERENCE PRESENTATIONS

Norendal, S. (1996, March). Experiences from using SBA SAFER. Paper presented at the ASIS Sweden
Chapter meeting, SAS Head office, Stockholm.

Norendal, S. (1995, October). SBA SAFER - major breakthrough in risk-evaluation. Paper presented at the
ESF Congress, Carlton hotel, Cannes.

4 (5) Curriculum Vitae Svenn R. Norendal

 TEACHING EXPERIENCE

1995 - 1997
SIGNUM and business benefits, 10 days teaching, Corporate L M Ericsson

1986– 1995
Security and IT-Security at Ericsson, 30 days teaching, Corporate L M Ericsson

1985, November
SBA-methodology, 2 days teaching, University of Lund

1983 - 1985
IT-Security at Swedish Telecom, 10 days teaching, Swedish Telecom

1980, November
Protection from Lightning, 3 days teaching, Swedish Telecom

1978 – 1981
Intruder Systems - basic and advanced courses, 50 days teaching, Swedish Telecom

COMMITTEE MEMBERSHIP

1994-1998
Information Security Forum – Council member and participation in the development of the Forum Information
Security Status Survey, ISSS, and the Forum Standard of Good Practice, SoGP.

1992 - 1998
ISACA Sweden Chapter – Chair Program Committee 1994-96

1990 - 1998
SWERUG, Swedish RACF User Group – Chair 1996-98

1986 - 1997
NORDSEC, Nordic Security Group – Chair (rotating)

1982 - 1992
Swedish Information Processing Society, SIG Security

REFERENCES

Mona Nypan, senior adviser/project manager, Unibridge AS, mona.nypan@unibridge.no, +47 982 65004
Mick Paisley, Information Security Mgr, Alliance & Leicester Banco Santander, Michael.paisley@alliance-leicester.co.uk
Harvey Webb, Security Manager, Shell International, harvey.webb@shell.com, +44 20 7934 1234
Cedric Williams, IM Manager, Xerox UK, cedric.williams@xerox.com, +44 1895 843692
Kim Hathrell, Jaguar&Landrover Audit & Security Manager, khathrel@ford.com: +44 121 700 9919

5 (5) Curriculum Vitae Svenn R. Norendal