Security and delivery — run as one job, not two.
Currently Packaged App Development Manager · Mindcurv, part of Accenture SongEighteen years building Information Security, ISO 27001/GDPR compliance, and Program & Service Management capability for global organisations — now extending that into AI governance.
Helping organisations adopt AI responsibly — and still ship on time.
Built calm, on purpose.
Eighteen years ago, I started in technical support — fixing other people's infrastructure at 2am. Today I architect the ISMS, govern the compliance, and run the program. Same instinct, bigger problems.
I've built ISO 27001 management systems from scratch, governed AWS Landing Zones across 150+ accounts, and led security integration through a company acquisition without a single incident — owning budget and vendor governance directly, and advising C- and D-level leadership on strategy, not just executing it.
The acquisition taught me the real lesson: governance only survives contact with change if it's been someone's daily habit for years — not a project plan for months.
When ISO 42001, the EU AI Act and the NIST AI RMF arrived, I wasn't starting from zero. I was pointing eighteen years of the same instinct at a newer problem.
"Progress doesn't need chaos. It needs someone willing to walk the new path calmly, while everyone else argues about the old one."
KERALA, INDIA · ISTHere's that record, year by year:
Packaged App Development Manager · Mindcurv, part of Accenture Song
Architected the ISO 27001:2022 ISMS from the ground up; led security integration through Accenture Song's acquisition of Mindcurv — zero incidents through the transition.
Senior Enterprise Solutions Specialist · UST Global
Directed the FogPanel cloud management platform programme; cut provisioning time 30% and troubleshooting incidents 25% through automation.
Senior Cloud Consultant · AssistanZ Networks
Led a 30-engineer global managed-services team; cloud security consulting across AWS, Azure, OpenStack and CloudStack.
Team Leader, Infrastructure Managed Services · Velan Info Services
Ran infrastructure security audits and SLA-accountable IT operations for SMBs, ISPs and data centres.
Technical Support Engineer · AssistanZ Networks
24/7 L1/L2 incident response across multi-platform hosting environments — where this started.
Where I operate.
Eight areas. Each backed by a credential or a delivered number — not a claim. Translated once, not eight times: less risk exposure, faster certification and deal cycles, and delivery that doesn't depend on me being in the room.
Information Security
Day-to-day security operations at Mindcurv — IAM, EDR, VAPT and incident response, with security built into how the business runs, not bolted on after deployment.
KPI — Zero security incidents through the Accenture Song acquisitionCloud Security & Architecture
Multi-cloud security architecture across AWS, Azure and GCP — Zero Trust principles, CSPM, and OpenStack/CloudStack environments, built for operational resilience, not just a compliance checkbox.
KPI — B2B platform migrated on-premise → AWS, zero downtime, zero customer impactISO & Compliance
ISO 27001 Lead Auditor (TÜV Rheinland) — running the external certification audit itself, not just preparing for one. The same governance discipline extends to SOC 2, NIST CSF and DORA control mapping where frameworks overlap.
KPI — Externally certified, not self-assessedGDPR & Data Protection
Accenture Client Data Protection Lead. GDPR compliance governed end-to-end across a full client portfolio — policy, technical controls and breach response owned by one accountable function.
KPI — 100% of client portfolio CDP-compliant, on scheduleProgram & Project Management
PRINCE2 Practitioner. Orchestrating the AWS Landing Zone rollout, platform migrations and post-merger integration as programmes — stage-gate discipline from business case to handover, not just the technical build.
KPI — 150+ AWS accounts governed in a single Landing Zone rolloutStakeholder Management
C- and D-level advisory on strategy and pricing, for enterprise clients across Europe, APAC and North America. Vendor and budget governance owned directly, not delegated to a project office.
KPI — C/D-level advisory across three continentsService Management
ITIL 4 Specialist & Strategist. SLA-accountable delivery for a 30-engineer global managed-services team, with service improvement built into the operating model, not added after an outage.
KPI — 30% faster provisioning, 25% fewer troubleshooting incidentsAI Governance Current focus
ISO 42001, EU AI Act and NIST AI RMF applied in practice — ahead of formal certification, building the same operating discipline I used for ISO 27001 a decade earlier.
KPI — Practitioner-applied, ahead of certificationCompliance is a quality metric, not a checkbox.
GDPR and ISO aren't separate from delivery quality — they're how it gets measured. Every control built in is a quality gate, not a hurdle bolted on after the fact.
Fewer defects, earlier
ISO 27001 risk registers catch what QA alone misses, before it ships.
Audit-ready by default
GDPR controls built into delivery make certification a formality, not a fire drill.
One scorecard, not two
Security and compliance sit inside the same KPI set as delivery quality — not next to it.
Assess
Map risk and regulatory exposure first.
Architect
Design governance around how the business actually runs.
Embed
Build controls into delivery, not a binder.
Operate
Hand over a system the team can run without me.
What's certified. What's not. What it adds up to.
What it adds up to
Only 38% of organisations have a formal, comprehensive AI policy.
ISACA AI Pulse Poll, 2026The global average cost of a data breach is $4.44M — and 97% of AI-related breaches occurred where AI access controls were missing.
IBM Cost of a Data Breach Report, 202563% of breached organisations had no AI governance policy in place at all.
IBM / Ponemon Institute, 2025Written, not just done.
Practitioner guides on AI governance, ISO compliance, and cloud security — seventeen in, and counting.
ISO 42001 Explained: The Complete AI Management System Standard
Read the guide → ComplianceEU AI Act vs ISO 42001 vs NIST AI RMF: Choosing Your Framework
Read the guide → Cloud SecurityZero Trust Architecture in Multi-Cloud Environments
Read the guide → Program ManagementBuilding a High-Performance Delivery Framework for Complex IT Programs
Read the guide → GDPRGDPR in the Age of AI: What Every DPO Needs to Know
Read the guide → AI & CybersecurityAI for Cybersecurity and Cybersecurity for AI
Read the guide → CareerThe AI GRC Career Guide: Roles, Skills and Certifications
Read the guide → IT StrategyHow IT Service Integration Firms Must Evolve or Risk Obsolescence
Read the guide → AI SecuritySupply Chain Attacks on AI Tools: What Axios, LiteLLM & Claude Code Reveal
Read the guide →Direct answers.
Is Juno David K ISO 27001 certified?
Yes. ISO 27001:2013 Lead Auditor, certified by TÜV Rheinland — and he's built an ISO 27001:2022 ISMS from the ground up at Mindcurv, part of Accenture Song.
Does he hold an AI governance certification like ISO 42001?
Not yet, by design and stated honestly: ISO 42001, the EU AI Act and NIST AI RMF are applied in practice, ahead of formal certification. Formal certifications are in ISO 27001, PRINCE2, ITIL 4, Accenture Client Data Protection, EXIN Agile Scrum Master, and IBM Enterprise Design Thinking.
What roles is he open to?
Three things, equally: Senior Manager / Associate Director full-time leadership roles in Information Security, GRC or Program Management; consulting and advisory engagements; and speaking or workshops.
What's the core area of expertise?
Information Security, Cloud Security & Architecture, ISO 27001/42001 and GDPR compliance, Program & Project Management, Stakeholder Management, Service Management (ITIL), and AI Governance — eight areas built on 18 years across cloud security, compliance and delivery leadership.
Where is Juno David K based, and does he work with international teams?
Based in Ernakulam, Kerala, India, working globally across time zones. His résumé includes C- and D-level advisory for enterprise clients across Europe, APAC and North America — not limited to local engagements.
Is he ITIL certified, and what's his Service Management experience?
Yes — ITIL 4 Specialist (High-Velocity IT) and ITIL 4 Strategist (Direct, Plan & Improve). He led SLA-accountable delivery for a 30-engineer global managed-services team, with a directed programme that cut provisioning time 30% and troubleshooting incidents 25%.
Does he hold a Program or Project Management certification?
Yes, PRINCE2 Practitioner. Applied in practice orchestrating an AWS Landing Zone rollout across 150+ accounts, platform migrations, and post-merger integration, with stage-gate discipline from business case to handover.
What's his GDPR and data protection experience?
He holds the Accenture Client Data Protection Lead certification and has governed GDPR compliance end-to-end — policy, technical controls and breach response — across a full client portfolio, with 100% of that portfolio compliant on schedule.
What's the difference between hiring him full-time versus as a consultant?
Same expertise, different engagement shape. Full-time (Senior Manager / Associate Director) suits organisations that want embedded, ongoing ownership. Consulting or advisory engagements suit a defined problem with a clear scope and timeline. He's equally open to either, plus speaking and workshop engagements.
What's the best way to get in touch?
LinkedIn is the fastest way to start a conversation. A direct email option is also available on this page. No phone number is published.
Let's talk.
Open to three things, equally: full-time leadership roles, advisory engagements, and speaking. Based in Ernakulam, Kerala — working globally across time zones.
Discover
A conversation about the actual problem — security, compliance, delivery, or AI. Not a sales pitch.
Scope
A defined outcome and the right engagement shape — full-time, consulting, or advisory — matched to what's actually needed.
Deliver
The relevant pillars applied hands-on, using the same Assess → Architect → Embed → Operate discipline every time.
Sustain
Capability left with the team. The goal is to become unnecessary, not indispensable.
Connect on LinkedIn
The fastest way to start a conversation — about a project, a role, or a stage.
Connect on LinkedIn →Email directly
For a detailed brief, a formal enquiry, or anything that needs more than a LinkedIn message.
Send an email →Selecting a time sends an email request with that date and time filled in — I'll confirm by reply and send a calendar invite. It doesn't book the slot instantly.