Craig Thompson

Head of Information Security @ Financial Services | Information Security, IT Audit

Newcastle Upon Tyne, England, United Kingdom

About

Experience

  • Security Risk Manager at Hard Rock Digital
    Jul 2024 - Present · 2 yrs 1 mo

  • Head of Information Security at Financial Services
    Dec 2018 - Jul 2024 · 5 yrs 8 mos

  • Information Security & Business Continuity Risk Manager at Virgin Money
    Dec 2013 - Nov 2018 · 5 yrs

  • Principal Information Security Specialist at Sage UK Ltd
    Apr 2013 - Dec 2013 · 9 mos

  • Sage Group plc (7 yrs 4 mos)
    • Group IT Auditor
      Dec 2010 - Apr 2013 · 2 yrs 5 mos

      Responsibilities Supporting the Group Risk and Assurance function in achieving strategic assurance goals through the provision of independent and objective audits and risk based reviews Develop effective working relationships with business contacts and key stakeholders Ensuring the adequacy and effectiveness of IT controls and agreeing pragmatic recommendations and improvements within the control environment Assisting in the development of risk based IT internal audit plans to support and add value Liaising with and where appropriate managing third party specialists from the co source provider model Following up on the status of all outstanding audit actions regularly Preparing audit reports and detailed working papers Providing support to the business for incident management and guidance for the implementation of IT controls Balancing risk, controls and governance with the potential cost/benefits to operating companies Reviewing and developing the Group IT policies Identifying best practice and sharing throughout the company Working with operating companies to determine local and sector compliance requirements

    • Information Security Specialist
      Jan 2006 - Dec 2010 · 5 yrs

      As the Information Security Officer for Sage to take all practical steps to secure key information/data at Sage, to create information security policies, to drive awareness campaigns establishing personal ownership for information security, to classify information/data into different categories and to ensure that appropriate protection is in place to ensure access to /usage of data is in accordance with business needs and in compliance with applicable laws. Have real depth of expertise, specialism in information security to provide advice, take ownership of a pro-active cross-functional roadmap and recommend the best value for money solutions to secure targeted information for Sage. Translate specialist knowledge into an English based service for use by other IS colleagues or Sage people. Learn about new trends, data protection issues and explore the potential of new technologies or trends to secure information.