United Kingdom
As a strategic Technology & Information Security leader, I specialise in steering high-growth scale-ups through their critical development phases. With an MSc in Cyber Security and years of experience in the Financial Services and Health-Tech industries, I have a proven track record of leading transformation and growth. My approach involves developing and executing scalable Technology and Information Security roadmaps that align with business goals and drive operational efficiency. I bring extensive experience in key areas critical for high-performing technology and information security functions in fast-growing environments. My strengths include building and leading high-performing tech teams, fostering a robust security culture, and designing and implementing resilient security programs that underpin both organisational and architectural integrity. Skilled in securing cloud technologies, I effectively implement and manage security frameworks, achieving globally recognised security certifications. My track record also includes effective risk management, ensuring compliance with European and US data privacy laws, and proficiency in NIST/ISO27001/SOC2/CIS frameworks.
Acquired by Visa, Currencycloud is a heavily regulated Financial Services provider in which I work to maintain ISO 27001:2013 certification, ensure systems and processes comply with regulatory requirements & industry best practices, whilst advising on matters relating to data privacy and organisational security. - Directing and maintaining the organisations’ Supplier Due Diligence Process. This involves negotiations, assessing suppliers’ security controls, reviewing contracts/service agreements, and ensuring relevant data privacy clauses are included. - Supporting and leading both internal and external audits to ensure compliance with a number of security programs and frameworks (ISO27001:2013, SWIFT, etc.). - Advising on matters where expert knowledge of EU and UK data regulation (GDPR, UK DPA, Schrems II) are required, and data integrity practices need to be considered. This includes monitoring for changes in privacy laws, regulations, and other requirements (CCPA, PDPO, PDPA, PIPEDA, HIPAA). - Coordinating the review of existing business processes, including legal basis, purpose of use etc. Ensuring these processes continue to meet Article 30 requirements on record keeping by maintaining both an Information Asset Owners & Data Processing Register. - Acting as Google Workspace Administrator to monitor, audit, and provide continuous security improvements of the organisations’ Google Workspace, e.g. Access Controls, DLP, Google MDM, Email Security Controls, User Groups, and Device Security/Compliance. - Working closely with the Compliance team to assist with KYC/AML investigations. Extracting and reviewing security audit logs, archived email entries, and payment transaction information using AWS Athena and Google Vault Search.
Brought into Tilney to support integration activities with Smith and Williamson. I have been responsible for supporting the processes and controls that make up the organisations ISMS. This involved the management of key applications and security toolsets, incident response, and supporting the framework of assurance reviews which ensures critical security controls and processes are in place and operating effectively. - Improved the email security posture by managing email security solutions and implementing best-practice security controls for all email domains across Tilney owned infrastructure (SPF, DKIM, and DMARC). This ensured authorized 3rd parties were identified, and the risk of unauthorized parties spoofing our domains was minimized. - Monitored key security systems and toolsets, including vulnerability scanners, DLP alerts, and SOC tickets. Ensured all remediation work was completed in line with company processes and SLA’s. - Reviewed and managed all phishing activities within the business by completing investigative work, implementing safeguards, and collating data into management information for shareholders. I also implemented lasting processes to ensure phishing emails are tracked and categorised based on risk. - Managed the security guidance and training to colleagues in line with organisation requirements, current events, emerging threats, and NCSC recommendations. This included guidance pieces, monthly newsletters, and phishing simulations. - Guided new initiatives, projects, and business activities as they became available and Information Security guidance was required, e.g. 3rd party supplier assurance, IAM implementation, O365 migration. Assisted in the creation and implementation of the Information Security policies, standards, procedures, and controls based on ISO 27001/2, NIST and CIS.