Chris Flynn

Tech Risk & Information Security specialist

United Kingdom

About

Information Security and Technology Risk Professional with experience in both the Public Sector and private sector. Fan of problem solving to find a balance of security and letting the business do business, and simplifying risk and control approach to help decision making

Experience

  • Legal & General (7 yrs 2 mos)
    • Business Technology Risk Partner - Group Functions
      Dec 2025 - Present · 8 mos

      Modification of my role, moving in to a newly created group wide function to support further maturity of our Tech and Security Risk management

    • Security & Tech - Risk and Quality Manager
      Nov 2024 - Dec 2025 · 1 yr 2 mos

      Moved in to first line risk for Group Functions, helping understand and manage risk positions to enable clearer decision making

    • Groupwide Technology and Security Risk (2LoD)
      Feb 2022 - Nov 2024 · 2 yrs 10 mos

      Took the opportunity to move to 2nd Line risk initially as an InfoSec SME then broader Technology risk. Included setting up a group wide governance committee

  • Equiniti (3 yrs 5 mos)
    • Head of Security Architecture & Assurance
      Jan 2018 - Jun 2019 · 1 yr 6 mos

      Leading the Security Architecture and Assurance functions, sharing processes between these and seeking improvements to securing systems and identification of risk

    • Senior Information Security Consultant
      Feb 2016 - Jun 2019 · 3 yrs 5 mos

      Senior Security Consultant as part of the Group Security Team, reviewing solutions, creating security requirements, meeting with clients, delivering Security solutions.

    • Head of Security Operations
      Feb 2016 - Jan 2018 · 2 yrs

      Established and built up (hiring 3 staff members) the Security Operations function at Equiniti

  • Security Consultant at RSA
    Jun 2014 - Feb 2016 · 1 yr 9 mos

    Security Consultant as part of the UK Security team. Set security requirements, reviewed projects, owned penetration testing, support security technologies.

  • Security Architect at Capgemini
    May 2008 - Jun 2014 · 6 yrs 2 mos

    Security Architect IAS1 risk assessments, ISO27001 (Baseline Countermeasure Set) gap analysis and writing RMADS in accordance with IAS2 on both new and legacy systems. Providing technical architecture advice in accordance with the Security Policy Framework (and previously Manual of Protective Security) & HMG Standards, Manuals and Memos. Security Consultant for the main internet presence of a mail and parcels company involved in the end-to-end security management. Specific functions included assessment and mitigation planning for penetration test results, risk assessment, review and security assessment of new projects, delivery of security training, security monitoring (IPS, HIDS, log files), assisting in delivering new security technologies.

  • Information Security Consultant at Detica
    Sep 2007 - Feb 2011 · 3 yrs 6 mos

    Information Security Consultant involved in conducting IS1-based risk assessment, IS2 based RMADS, providing technical advice to live projects, and educating colleagues on security basics. A range of projects including working on an in-house build team providing technical support, and assurance documentation including RMADS, and client facing roles in a security architect role.