Greater London, England, United Kingdom
Over twenty three years of technical and managerial experience gained over a variety of assignments and organizations I have provided management, consulting, design and implementation expertise in different projects in the retail/telecommunications/oil industries/ banking and finance industries. Providing product management, research and development, marketing and business development services to companies developing next generation telecommunications and IT&C products and services. Specialities : Cyber Security Services for all industries .
• Develop, implement and monitor a strategic, comprehensive enterprise information security program to ensure the integrity, confidentiality and availability of data. Document and maintain a risk assessment framework covering information and physical security, data governance and business continuity. Develop and maintain information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies, standards and guidelines. • Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation. • Partner with the Enterprise Risk Management to define standards and processes and provide subject-matter expertise to oversee vendor information security risk and inform periodic audits of third-party service providers' information security and business continuity controls. Provide regular and consistent reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of the strategic enterprise risk management program. • Oversee the development, implementation, and maintenance of global security policy, enterprise security standards, guidelines and procedures; develops emergency procedures and incident response protocols; acts as the control point during significant privacy and security incidents • Coordinate and track all security related audits including scope of audits, timelines, auditing parties and outcomes • Provide guidance, evaluation and advocacy on audit responses and remediation activities • Develop , implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security threats and vulnerabilities • Provide leadership and security guidance
• Work on a team that designs and develops new systems, applications, and technical solutions for external customer's enterprise-wide cyber systems and networks • Provides training and mentorship of designed technical solutions to team members • Ensure system security needs are established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recover, and business continuity planning and provides analytical support for security policy development and assist in the implementation of the required government policy, make recommendations on process tailoring, participate in and document process activities. • Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. • Analyze needs and requirements of existing and proposed systems. • Develop technical, structural, and organizational specifications. • Create standards and/or do modeling to monitor and enhance capacity and performance • Perform analysis on existing system architecture security controls and recommend changes for better security practices, based on enterprise standard processes. • Collaborate with program and company engineering to guide the design of classified information systems and reduce waste associated with deploying systems. • Demonstrated ability to formally present technical solutions to senior leadership. • Maintains critical external customer contact to understand their technical needs.
• Actively lead the creation and updating of standards and reference architectures. These reference architectures will provide direction and guidance on proper compliance with defined standards while ensuring is deploying secure infrastructure solutions. • Responsible for leading infrastructure assessments, making decisions on threat modeling and proper security service design and implementation. • Communicate and collaborate with cross-functional peers outside of Information Technology, including second-line Risk, Enterprise Risk Management, Third Party Risk Management, Procurement, and business unit leadership. • Drive objectivity and build consensus among internal and external stakeholders with widely divergent perspectives and motivators. • Interact with industry peers from other financial institutions, research organizations, solution providers, etc. • Lead the planning/remediation of assessment, audit, and risk findings. • Participate in and contribute to key projects and initiatives across the enterprise as well as groups including but not limited to: Architecture Review Board, Security Review Board, and Change Review Boards. • Prepare reports for senior management including presentations, metrics, and other documentation required to communicate status and maturity of the Technology Security Program. • Participate in the development of the security roadmap and communicate the Technology Security vision to business partners and IT staff. • Act as an advocate for security and lead efforts to promote security awareness at all levels of the organizations. • Monitor and enhance secure architecture standards, process and Security Review Boards. • Identify and establish core architectural principles to enhance the security of services and solutions being delivered. • Support larger architectural projects while leading internal projects. • Provide consultation on secure infrastructure design.
• Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members. • Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates. • Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards. • Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation. • Verifies security systems by developing and implementing various applications. • Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs. • Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements. • Prepares system security reports by collecting, analyzing, and summarizing data and trends. • Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organization
Outsource consultant as SIAM Lead & Security Architect at Ministry of Justice UK Act as Client Delivery Lead for the following: Development and maintenance of security policy documentation, such as RMADS, SyOPs, Security Architecture. Ethical Hacking and Counter Measures Governance Assurance & Risk Management ISO 27001 ISMS Lead Implementer Vulnerability Management Incident Response Identity Access Management(IAM) Data Loss Prevention(DLP) Data Classification Data Protection Application Security IDS/IPS/Firewall/Web Security gateways Perform security risk assessments for client deliveries Delivery HLD and LLD designs Produce and maintain Client’s security risk documentation Manage a team for delivery against agreed schedule of works Produce and maintain ISMS, RMADS or other security related deliverables as required, including supporting clients through IT Security Testing processes and interpretation of results Support and facilitate client all related accreditation activities Promote information security awareness with clients and delivery partners Have a good demonstrable understanding of technical security architecture practices within Public and Private sectors PSN experience