Public Sector – Provincial Government

Grovemex consultant led a $10M SAP GRC 12 Access Control implementation for a Provincial Government in Canada, enhancing identity governance across 30,000 users. He established cybersecurity controls aligned with NIST 800-53 and ISO 27001, improving audit readiness and reducing SoD violations by 40%. The engagement delivered a unified access-control framework and measurable gains in compliance efficiency

Project Duration: 18 months

Frameworks & Tools: NIST 800-53, ISO 27001, SAP GRC 12 AC, Power BI, Azure DevOps, Archer GRC

01 . What’s the challenge?
Our client required a large-scale SAP GRC 12 Access Control implementation to strengthen identity governance and regulatory compliance across multiple ministries.
Challenges included complex legacy role structures, inconsistent segregation-of-duties (SoD) enforcement, and a lack of centralized user-access visibility for 30,000+ users across different government departments.
02. What we did
Our consultant led the project management and cybersecurity oversight for a $10 million enterprise-wide SAP GRC modernization initiative, ensuring secure configuration, compliance, and operational readiness. Key activities included: SAP GRC 12 Access Controls implementation, designing secure role-based authorization for 500 roles and 30,000 users. Established cybersecurity control framework aligned with NIST 800-53, ISO 27001, and Client’s security policies. Managed audit and compliance alignment with internal and external regulatory requirements. Integrated automated patch management and logging to minimize vulnerabilities and improve audit transparency. Developed KPIs and dashboards in Power BI to monitor SoD violations and remediation timelines. Delivered security awareness training to improve compliance culture and reduce policy breaches.
03. How did it go?
The engagement enhanced the Client’s access-control maturity, providing a unified governance structure across multiple ministries. Reduced SoD violations by 40% within the first year of deployment. Improved audit readiness and shortened remediation timelines by 30%. Established a sustainable access-control and monitoring model that became the blueprint for future SAP security projects across the province.
Public Sector – Municipal Government

Grovemex consultant led a cybersecurity audit and assessment of our Municipality client’s five divisions, delivering detailed reports, recommendations, and an implementation roadmap. We also developed over 15+ OT cybersecurity policies and standards aligned with NIST 800-53, NIST 800-82, AESO-CIP, and NERC-CIP frameworks.

Project Duration: (6 months) Standards: NIST, AESO-CIP, NERC-CIP.

01 . What’s the challenge?
Our client needed to assess and strengthen its cybersecurity posture across five divisions managing both IT and OT assets.
Existing controls and governance frameworks required review against NIST and regulatory standards to ensure compliance and resilience.
02. What we did
Grovemex consultant led the cybersecurity audit and assessment, evaluating risks and control maturity across departments. Delivered detailed assessment reports, recommendations, and an implementation roadmap for each division. Also designed and developed 15+ cybersecurity policies and standards tailored to the city’s OT environment.
03. How did it go?
The engagement provided a clear, actionable roadmap for cybersecurity improvement. City leadership adopted the new OT standards, improving governance alignment and compliance with NERC and AESO CIP requirements.
Power Generation

Grovemex implemented an enterprise-wide OT cybersecurity program for our Power Generation client, enhancing visibility, compliance, and risk management across 32 industrial sites. We deployed the Verve Industrial OT Security Platform, established patch and vulnerability management processes, and aligned security controls with NERC-CIP and AESO-CIP standards to strengthen OT resilience and operational integrity.

Project Duration: (24 months) Frameworks, Standards & Tools: NERC CIP, AESO CIP, Verve Industrial Platform, SIEM Integration, Backup & Recovery Solutions.

01 . What’s the challenge?

Our client needed to secure its multi-site OT environment consisting of legacy ICS and critical assets. The challenge included lack of centralized visibility, inconsistent baselines, and regulatory compliance gaps with NERC CIP and AESO CIP standards.

02. What we did

Grovemex supported the rollout of a comprehensive OT cybersecurity program across 32 high-priority sites. Implemented Verve Industrial OT Security Platform, integrated logging and monitoring for real-time threat visibility, and established patch/vulnerability management and system hardening baselines. Collaborated with OT and IT teams to operationalize controls and delivered cyber awareness training for site personnel.

03. How did it go?

The engagement improved visibility, compliance, and risk reduction across all OT assets. Our client achieved alignment with NERC and AESO requirements, reduced remediation timelines, and established a repeatable OT security framework for sustainable operations.

Public Sector

Grovemex provided cybersecurity architecture and system integration services for a Provincial Government in Canada. We embedded security-by-design principles into enterprise and OT system integrations, performing threat modeling, risk assessments, and secure architecture reviews across Azure and hybrid environments. Our delivery improved integration security, compliance alignment, and overall system resilience.

Project Duration: (24 months) Standards & Tools: NIST 800-53, ISO 27001, CIS Benchmarks, Azure, OCI, SDLC, SAMM, IoT

01 . What’s the challenge?
The client required secure integration of enterprise and OT systems supporting procurement and facilities management operations.
Existing architectures lacked standardized integration controls, and inconsistent security validations during development exposed systems to unauthorized access and data integrity risks.
There was a need to embed security-by-design practices into the system development lifecycle (SDLC) for hybrid and cloud platforms (Azure, OCI).
02. What we did
Grovemex provided Cybersecurity Architecture services, partnering with the infrastructure and application teams to embed security architecture patterns into integration workflows.​ We conducted threat modeling, risk assessments, and API security design reviews, ensuring secure interoperability between OT management systems and enterprise IT.​ We implemented role-based access control (RBAC) across Azure workloads, integrated logging with Microsoft Sentinel, and developed security reference architectures.​
03. How did it go?
The project delivered secure, compliant integration architectures, reducing system vulnerabilities by over 40%. Adoption of reference designs improved project delivery time and reduced rework during audits. The integration of security into development cycles fostered a culture of secure-by-design engineering, enhancing resilience and governance consistency across cloud and OT environments.
Energy/Pipeline Infrastructure

Project Description: Grovemex led an enterprise OT/IT cybersecurity enhancement program for a large North American Energy Infrastructure company, strengthening resilience across critical infrastructure. The engagement led to the EDR rollout, Third-Party Risk Management (TPRM) program, and a cyber-metrics dashboard to improve visibility and control effectiveness. The engagement achieved compliance alignment with NIST 800-53, IEC 62443, and ISO 27001, elevating audit and operational maturity

Project Duration: 12 months Frameworks & Tools: NIST 800-53, IEC 62443, ISO 27001, CrowdStrike EDR, Cyber Metrics Dashboard.

01 . What’s the challenge?

Our client required an enterprise-wide OT/IT cybersecurity enhancement to align with board-level strategic objectives and evolving regulatory mandates. Challenges included fragmented risk visibility, inconsistent vendor security controls, and a lack of unified metrics for compliance tracking.

02. What we did

Grovemex Consultant  led the delivery of a comprehensive OT/IT security consulting program, including:

  • Designing and deploying a cyber-risk metrics dashboard to track maturity and compliance.
  • Leading Third-Party Risk Management (TPRM) engagements to assess supplier gaps and drive remediation.
  • Rolling out OT EDR (CrowdStrike) and integrating privileged access management.
  • Conducting Threat and Risk Assessments across infrastructure projects for resilience and compliance.
  • Facilitating NIST 800-53 risk workshops and cyber maturity sessions for business unit leaders.

03. How did it go?

Delivered a unified cyber-governance and metrics framework, enabling measurable improvements in compliance maturity.

Enhanced vendor assurance and OT endpoint visibility across multiple business units. The engagement elevated our client’s cybersecurity posture and set a repeatable model for future assessments.

Higher Education-Public

Project Description: Grovemex provided services to a Public University institute in Alberta on its CASB project to deliver Cloud Security – Threat protection, Data Loss, and Network Private Access – for more than 2000 staff and 1400 student users.

Project Duration: (10 months) Hardware & Software: Netskope CASB, DNS, VPN, IP

01 . What’s the challenge?
Over 80% of learning at the University happens online. They needed stronger cloud security and data protection for 2,000 staff and 1,400 students while ensuring zero downtime.
02. What we did
Grovemex consultant led the deployment of Netskope CASB and piloted the NPA to secure SaaS applications and prevent data loss. We used a phased rollout with clear change-management and rollback plans to avoid disruptions. Training and integration with Microsoft 365 and 35 Applications improved visibility and control.
03. How did it go?
Delivered on time with no service interruption. Data-loss incidents dropped 60%, and user adoption exceeded expectations. The university now uses the framework as part of its Zero-Trust and SASE roadmap.