United Kingdom
Information Security and Technology Risk Professional with experience in both the Public Sector and private sector. Fan of problem solving to find a balance of security and letting the business do business, and simplifying risk and control approach to help decision making
Modification of my role, moving in to a newly created group wide function to support further maturity of our Tech and Security Risk management
Moved in to first line risk for Group Functions, helping understand and manage risk positions to enable clearer decision making
Took the opportunity to move to 2nd Line risk initially as an InfoSec SME then broader Technology risk. Included setting up a group wide governance committee
Leading the Security Architecture and Assurance functions, sharing processes between these and seeking improvements to securing systems and identification of risk
Senior Security Consultant as part of the Group Security Team, reviewing solutions, creating security requirements, meeting with clients, delivering Security solutions.
Established and built up (hiring 3 staff members) the Security Operations function at Equiniti
Security Consultant as part of the UK Security team. Set security requirements, reviewed projects, owned penetration testing, support security technologies.
Security Architect IAS1 risk assessments, ISO27001 (Baseline Countermeasure Set) gap analysis and writing RMADS in accordance with IAS2 on both new and legacy systems. Providing technical architecture advice in accordance with the Security Policy Framework (and previously Manual of Protective Security) & HMG Standards, Manuals and Memos. Security Consultant for the main internet presence of a mail and parcels company involved in the end-to-end security management. Specific functions included assessment and mitigation planning for penetration test results, risk assessment, review and security assessment of new projects, delivery of security training, security monitoring (IPS, HIDS, log files), assisting in delivering new security technologies.
Information Security Consultant involved in conducting IS1-based risk assessment, IS2 based RMADS, providing technical advice to live projects, and educating colleagues on security basics. A range of projects including working on an in-house build team providing technical support, and assurance documentation including RMADS, and client facing roles in a security architect role.