London, England, United Kingdom
TECHNOLOGY LEADERSHIP WITH A STRONG BUSINESS ETHOS A specialist in information & cyber security, cloud services, enterprise risk, technology risk and business resilience with over 20 years of experience in multiple industries and geographies - from engineering to board-level management. Multinational experience in Financial Services, Banking, Energy, Consumer Electronics, Aerospace, Manufacturing, National Governments, and Information Technology Services. Expert leader of transformation, cultural change, integration of existing internal frameworks, and international best practices. Developed 15+ tailored Training & Awareness Programs relevant to unique organisations' risks and culture. Successfully recruited and developed 40+ certified CISSP CISM CISA CCISO CIPM, ISO 27001, and ISO 27002 business-centric professionals. Mentored 10 staff members who became CROs, CIOs, or CISOs. Led 10+ Target Operating Model redesigns, averaging 20% expense reduction 12% improvement of employee engagement. Led over 50 successful tech risk projects reducing financial, regulatory and legal losses. Agile, PMI and Prince2 experienced. Developed 20+ risk assessment programs for sites, suppliers, software, infrastructure, privacy and cyber risk. Led tech and cyber policy work at 30+ organisations, reducing audit findings by 18%. COMPETENCIES: Communications Competitive knowledge Relationship-building Cost-benefits analysis Commercial awareness Financial analysis Plan-driven Building passionate professional teams Executive protection Business Launch Strategy Business Strategic Vision ROI, KPI and KRI quantitative reporting Mergers & Acquisitions Emergency Management Integrations Technology Due-Diligence C-Suite Presentations Regulator Examinations Financial Prioritisation SEIM Data Leakage Surveillance Crisis Management Third-Party Risk Policy Development Data Forensics Endpoint Security Network Security Asset management Access control Cryptography Operations security Communications Security Cloud Security Operational Technology (OT) Cybersecurity SOC build-outs Business Intelligence Software Bill of Materials Security Architecture ITAM SDLC Systems Authorisation Systems Monitoring Operational Technology Industry 4.0 Cybersecurity Cyber-Physical Systems (CPS) SoC (System-on-a-Chip) NIST ISO 27036 Cyber Essentials IoT Security IT Service Management I'm always looking to grow my personal and professional network. Please feel free to get in touch with me. [email protected] +44 (0)776 932 2777
Strategic risk advisory, consulting and transformation for operational risk & resilience, technology risk, cyber security, regulatory compliance, third-party risk, supply chain cyber risk, procurement and business continuity. Experienced in organisational start-up, redesign, optimisation and M&A. NOTABLE SUCCESSES: Led a technology and cyber control pre-audit / examination preparedness review for a European stock market. Provided advice, guidance and oversight of remediation of high-risk deficiencies. Contextualised and packaged evidence signposted for outside reviewers leading to a satisfactory external audit report and regulatory exam. Led a rapid vulnerability response initiative at an energy company due to the sector's heightened cyber attacks and ransomware events: identified source code vulnerabilities and security patching deficiencies in critical systems. Liaised with outsourced CISO service, monitored remediation and provided independent testing to ensure cyber readiness. No financial losses due to cyber attacks occurred. Led program to reduce Supplier Risk concentration across all business-critical systems of a large US-based private equity company resulting in a 32% reduction of single supplier dependency on cloud infrastructure service providers. Launched Operating Technology (OT) Cybersecurity program at a manufacturer of IoT devices. Delivered Phase 1 components: Operating Model, Organisational & Job Design, Training Strategy and technology upgrades (e.g. secure browsing, one-way data diodes, VPN, virtual desktop infrastructure) and subsequently led successful OT cybersecurity transformation impacting 2000+ employees in 5 countries.
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA Cloud Controls Matrix Working Group provides gap analysis, addendums, and control mappings between external research releases, industry standards, and global regulations to continually updated versions of the following publications: The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing composed of 197 control objectives in 17 domains covering all critical of cloud technology. The Consensus Assessments Initiative Questionnaire (CAIQ) is a survey provided by the Cloud Security Alliance (CSA) for cloud consumers, risk managers and auditors to assess the security capabilities of a cloud service provider.
Led the creation of Digital, Technology and Cyber Product Services for the UK's leading banking and financial services trade group representing more than 300 firms across the industry. Developed and operationalised a multi-year strategy, organisational design, operating model, advisory board, policy promulgation, security operations, regulatory consultation responses, sector-wide guidance and third-party control framework design. Proposed and led the establishment of the Financial Sector Cyber Collaboration Centre. Drove the establishment of annual Digital Innovation Summits in London and Belfast.
The United Kingdom's Financial Sector Cyber Collaboration Centre (FSCCC) promotes intelligence sharing across its membership to ensure sector-wide awareness of potential cyber threats to maintain banking and financial services resilience in the UK. The FSCCC prides itself in being the UK financial sector's first point of call for intelligence sharing and acting proportionately to a potential systemic threat to the UK economy and critical national infrastructure. Whether due to software vulnerabilities, supply-chain failures or geopolitical events, the FSCCC provides briefings and overviews of financial sector discussions and intelligence from incident calls (without attribution to participants) to the financial authorities. By providing a formal link between firms, authorities and the National Cyber Security Centre (NCSC), the FSCCC helps the financial sector manage cyber risks and subsequently become more resilient through sharing and knowledge.
The Internet Security Alliance integrates technology, economic and public policy to promote sustainable and effective cybersecurity. The ISA board comprises cyber leaders from virtually every critical industry sector, including defence, insurance, banking, utility, manufacturing, IT, security, agribusiness, utilities, healthcare, retail, aerospace and cyber research industries. Over 20 years, ISA has created a comprehensive cybersecurity theory and practice covering enterprise risk management and government cyber policy.