David Andersson

Remote

Director of Security Engineering

Grafana Labs AB

Leading a team of 10 across two sub-teams: one building security tooling as a plugin within the Grafana open source ecosystem, and one serving as internal security consultants — architecture reviews, vulnerability remediation support, and hands-on AppSec advisory across engineering teams.

• Elevated first-party vulnerability management into an end-to-end process — intake, triage, remediation, coordinated disclosure, and embargo handling — in an open source environment
• Internal advisory function providing architecture reviews and remediation support to product teams
• Staff and budget ownership, operational and strategic improvements across incident management, secure SDLC, and vendor governance

Remote

Director of Security Engineering

Snow Software/Flexera

Owned product security, application security, and cloud infrastructure security for the SaaS platform. Started as a single manager with one report, grew the function, and through the Flexera acquisition scaled to leading a team of 15 including a reporting manager.

• Drove key parts of successful ISO 27001 certification and SOC 2 Type 2 accreditation
• Led security engineering through the Flexera acquisition and team integration
• Daily operational and strategic risk management across development and production

Karlstad, Sweden

Chief Information Security Officer

Swedish Defence Recruitment Agency

Rebuilt the agency's ISMS largely from scratch, establishing a clear separation between information governed by the Swedish Protective Security Act and standard information — two domains with fundamentally different handling requirements. Worked closely with development teams to embed security requirements into internal systems.

• Designed and implemented controls for both ISO 27001/27002 and protective security legislation
• Served as acting unit manager and member of department leadership team
• Established security requirements processes for in-house software development

Remote

Senior Consultant, Information Security

Versitile Consulting AB

Independent consulting practice delivering information security engagements that range from interim leadership to hands-on architecture and compliance work.

• Interim CISO for an AI startup — building security governance from the ground up
• Senior security advisor for a web-based medical records system
• Security accreditation assessments and compliance follow-up

Karlstad, Sweden

Senior Consultant & Business Area Manager

Bitsec AB

Led the IT and information security business area — procurement, consultant assignments, and delivery. Key engagements included security architecture for a mainframe migration at the Swedish Transport Agency, developing Secure Development Lifecycle processes, and creating a cyber security strategy for a multinational corporation.

Karlstad, Sweden

Senior Information Security Consultant

ÅF Technology AB

Technical information security for industrial control systems (ICS) — security requirement profiling, SIEM implementation, and security reviews. Represented Sweden in SIS TK 318, the standardization committee for the ISO 27000 family.

Oslo, Norway

Senior Information Security Consultant

Avan AS

Enterprise PKI — design, implementation, and operations for large organizations. Also performed IT security reviews and assessments.

Karlstad, Sweden

Information Security Consultant

Veriscan Security AB

Technical security specialist across a broad client base — enterprises, municipalities, and government agencies. Led ISO 27001/27002 compliance assessments and served as security advisor for high-security ICS environments.