Monday, 22 June 2026Connect on LinkedIn →
Greg Shine

Security Governance · Risk · AI Governance · Compliance

Profile

Governance the board can read, and engineering can run.

I'm Greg Shine — a GRC leader who turns fragmented, complex security programmes into focused, measurable execution. I've built security and AI governance teams, critical asset management functions and third-party risk programmes from concept to operational delivery, and led customer audit and assurance for a major enterprise software business — turning a regulatory obligation into a trust and retention touchpoint.

My career started in a deeply technical Fintech role, navigating heavy regulatory and certification demands on live payment infrastructure. That hands-on perspective still shapes how I think about governance — I know where to apply guard-rails and how to manage growth that is not going to slow down. I put human judgement where it counts and let automation handle the rest.

View full profile on LinkedIn →me@gregshine.com

Core strengths

I foster a culture of accountability and continuous improvement — the kind where people know the strategic direction, understand the tactical constraints, and are trusted to close the gap. My career has tracked digital transformation from the inside, so the programmes I build are designed to keep pace with growth rather than slow it down.

  • Security Governance & Strategy
  • Risk Management
  • AI Governance & Automation
  • Critical Asset Protection
  • Customer Audit & Assurance
  • Third-Party Risk (TPRM)
  • Continuous Control Monitoring
  • Board & Executive Reporting
  • ISO 27001 · ISO 42001 · NIST CSF
  • PCI-DSS · NIS2 · DORA · GDPR

Section 01

Experience

ServiceNow logo

Mar 2025 — Present

Director of Security Governance

ServiceNow

Re-built the governance function into focused, measurable execution. Scope spans automated compliance pipelines, Critical Assets protection, third-party risk reset, AI-assisted policy management, BCM/DR overlay and the red-team programme. Lead a multidisciplinary team of individual contributors and managers, never afraid to get my hands dirty, but never at the expense of strategic or tactical direction. Member of GRC and Regulatory Committees reporting into Audit Committee. Full detail on the CV.

ServiceNow logo

Apr 2021 — Feb 2025

Head of Customer Audits

ServiceNow

Built and ran the customer audit function across Financial, Pharma and Group audits. Treated assurance as a trust and retention touchpoint rather than compliance overhead — standardised the operating model, introduced AI-generated walkthroughs and a self-serve assurance layer, and reduced repeat engagement load while improving customer experience. Full detail on the CV.

Akamai logo

May 2015 — Apr 2021

Head of Security & Compliance

Akamai

Designed the Information Security Framework and stood up ISO 27001 certification, regulatory readiness (NIS2, SCCs/BCRs, FedRAMP, FIPS 140-2) and a Security Operations Centre embedded inside the NOC. Owned the security platforms, vendor relationships and team that backed it. Full detail on the CV.

First Data / Fiserv logo

Oct 2008 — May 2015

Payments Platform Lead & Technical PM

First Data / Fiserv

Deeply technical Fintech role on a PCI-DSS and SOC 2 regulated payments platform. Led delivery on data-centre migrations and enterprise virtualisation programmes with zero tolerance for downtime on live payment flows. The hands-on perspective from this era still shapes how I think about governance — guard-rails where they matter, automation everywhere else. Full detail on the CV.

Section 02

Whitepapers

Neural-network style abstract data visualisation

01 · AI Governance

Placing AI in the middle of the obligation-to-evidence chain

Most GRC functions treat AI as a side experiment. I argue for the opposite: AI belongs in the centre of the chain that runs from regulatory obligation to control design to tested evidence. Used well, it shortens the loop from a new rule landing on the desk to a measurable control running in production — without removing the human judgement that the auditor, the regulator and the board ultimately want to see.

Whitepaper · 6 min readRead →
Hands signing a contract — an assurance touchpoint

02 · Customer Audits

Audit as a sales tool — turning assurance into retention and growth

Customer audits are still treated by most providers as a cost centre to be minimised. Handled well, they are one of the highest-signal trust events in the customer lifecycle. This piece sets out the operating model — self-serve assurance, AI-generated walkthroughs and a standardised engagement playbook — that reframes the audit conversation from compliance overhead to a commercial touchpoint.

Whitepaper · 5 min readRead →
Stacked shipping containers — a global supply chain motif

03 · Third-Party Risk

Resetting TPRM around a continuous monitoring supplier lifecycle

Point-in-time questionnaires age the moment they're returned. We rebuilt the programme around a supplier security lifecycle anchored in risk — onboarding, tiering, continuous monitoring, periodic deep review and exit — with signal flowing from external attack surface, breach intel, certifications and contract telemetry into a single inherent-vs-residual view.

Whitepaper · 7 min readRead →

Certifications

  • CISSPISC2
  • PMPPMI
  • EU DPO CertifiedIrish Computer Society

Education

  • MSc, Innovation & Technology Management

    Dublin Institute of Technology, College of Business

  • Graduate Diploma, Information Technology

    St. Patrick's College, Maynooth

  • BA, Philosophy & Politics

    University College Dublin

Section 03

Off the clock

Tennis

Long-standing club player. Always up for a hit or a doubles set when the Irish weather allows.

Padel

The newer obsession. Mixed level, plays anywhere with four walls and decent floodlights.

Vibe coding & walking the dog

Building small tools and automations that make GRC life easier, and long walks on the Wicklow coast — the best place to think through a control framework.

Get in touch

The full CV, references and ongoing work all live on LinkedIn.

Connect there, or drop a short email if you'd prefer. I reply to both — usually within a working day.

linkedin.com/in/gregshineirelandme@gregshine.com