Greater Cheshire West and Chester Area
Experienced Chief Information Security Officer with a pedigree across services verticals. Successful in identifying, delivering and managing diverse security requirements from legal, regulatory and contractual sources. Qualified expert in Security Management, Audit, Standards and Technical Validation Assurance.
I extended my responsibilities to cover the North America Region, focusing on enhancing global security operations and expanding compliance and crisis management capabilities across both Regions. I lead security for approximately 2,000 users, contributing 85% of global profit (FY24), reporting to the Global CIO, and managing a regional and offshore team. My core responsibilities include: * Broadening security compliance initiatives to encompass FISMA and SOC 2 standards across the North America Region. * Working closely with business leaders on business impact analysis (BIA) to develop effective business continuity plans (BCP), ensuring shared ownership with Operations and other principal stakeholders. * Leading Crisis Management, critical to the Board: * Co-creating foundational incident response, business continuity, and disaster recovery (BCDR) plans for the expanded remit. * Blending our Security Operations Centre (SOC) with robust, tailored incident response strategies. * Running regional and global incident response exercises. * Acting as Security Incident Response Team (SIRT) Leader during security incidents, performing risk evaluation, evidence collection, and directing swift, effective action. * Leveraging learning from security incidents for continual improvement in business resilience planning and enterprise risk strategies. * Overseeing application security and infrastructure security for on-premise and cloud hosting environments (primarily Microsoft Azure), including scalable cloud security, access control, and continuous vulnerability assessment. * Leading targeted application & network penetration testing / vulnerability scanning, providing continual assurance of our internet security posture.
I own the strategic risk management and compliance frameworks, enabling safe operation and alignment with rapidly evolving customer security expectations and Global Policy. My key responsibilities include: * Developing and owning risk assessments and risk treatment plans. * Leading security compliance initiatives, ensuring adherence to critical industry standards like ISO 27001, PCI DSS, and Cyber Essentials Plus. * Providing robust assurance through internal audits for regional leadership. * Acting as a trusted Subject Matter Expert (SME), advising internal and external customers. I deliver effective RFP, questionnaire, and customer audit responses, translating obligations (e.g., NIS2, DORA) into clear solutions. * Providing initial and ongoing assurance of the supply chain through comprehensive third-party risk management (TPRM), collaborating with finance/legal/data protection teams. This includes supply chain risk management (SCRM) practices and tooling (UpGuard), with prioritization based on business risk. * Building and managing security operations on a Security-defined toolstack (CrowdStrike, Zscaler, ProofPoint, FortiGate, Tenable.io), enhancing threat detection, vulnerability management, and logical access management. * Contributing to Strategic Planning for the security function within the region, aligning with global objectives. * Fostering strong stakeholder engagement to embed risk management frameworks and asset management practices. * Supporting training & education initiatives, collaborating on periodic anti-phishing testing (KnowBe4) and delivering security awareness training to foster a strong information security and cyber security culture.
Led security strategy for a fast-scaling SaaS business delivering legal and insurance technology solutions. Focused on securing an Azure-based platform while enabling expansion into new markets and risk-sensitive client sectors. Key achievements: * Built and implemented a tailored governance framework combining ISO 27001, ISO 9001, and Cyber Essentials. * Drove alignment towards SOC 2, NIST SP 800-53/171, and Australia's IRAP to position the company for global business wins, aligned with the growth plan. * Embedded security into the sales process, helping build trust with cautious clients handling sensitive data, and win bigger opportunities. * Implemented strategic changes to development team, providing the basis of a more repeatable outcome. * Provided due diligence preparation for the company's upcoming sale (announced March 2025).
I directed Information Security strategy for a high-growth FinTech firm, enabling its journey from start-up through acquisition and full integration into Sabre, a global technology enterprise of approximately 6,000 people. Key achievements: * Served as a member of the 6-person Senior Leadership Team, reporting directly to the CEO, the parent company Board, and the Sabre Global CISO. * Owned and delivered the organisation’s security strategy, governance, risk register, personnel training, and policy landscape. A highlight was the gamification of phishing testing to drive effective engagement from all personnel. * Drove risk management processes, including asset-level risk assessments, remediation tracking, and KPI reporting. * Delivered assurance across ~70 global financial institutions and enterprise customers. * Maintained ongoing compliance with ISO 27001, PCI DSS, GDPR, and client-specific security standards. Supported SOx compliance to meet parent company obligations. * Oversaw application and infrastructure technical security testing (SAST, DAST, SCA, penetration testing, vulnerability scanning), leveraging automation and significant use of external partners. * Supported customer sales and pre-sales by providing security input to bid processes, due diligence, and contractual negotiations. * Advised internal teams as the lead SME across Development, Architecture, Descopes, IT, and Legal to manage risk and aid technical design across the enterprise. * Managed third-party risk, improving visibility into supply chain security of vendors and beyond to support risk-based decision making. * Led the design and delivery of Conferma Connect, a new revenue-generating platform and award winner at the Business Travel Awards. * Protected £12 billion in transactional flow (2022) and £15 billion held at rest.
I laid the foundation for the Security and Project Management Office functions, whilst maintaining elements of technical leadership of the software code base and architectural strategy. Key achievements: * Managed Information Security governance to align with global banking standards and expectations, ensuring compliance and risk mitigation. * Expanded the security practices, continuing to deliver a secure operating environment, effective incident response and compliance to the evolving PCI DSS and ISO 27001 standards and the increasingly adversarial operating environment. * Established a formal Project Management Office, enhancing project delivery efficiency and achieving multi-£million project delivery at pace. * Implemented Agile methodologies, resulting in a 30% increase in project responsiveness to customer needs.
The architect for the business, providing technical leadership and architectural design of solutions and working closely with key Banking customers. Leading the technical team (Infrastructure and Development), and delivering the Security and Compliance needs for the organisation. Key achievements: * Designed technical solutions, working closely with key banking customers on multi-million projects. One success was leading the design, development and implementation of a £2m+ cost project with Barclays – Barclaycard PrecisionPay – a major ongoing generator of annual recurring revenue. * Architecture and development support of a Single Sign-On solution, enhancing system security and user experience – Conferma Assure.
• Transitioned from Senior Developer to Internet Development Manager, overseeing a team of seven experts across the UK and India. • Spearheaded the development of a comprehensive content management system and a global e-commerce platform. • Enabled internet functionality for the dental division's product suite, enhancing user accessibility and engagement. • Managed server environments to ensure optimal performance and reliability of cloud services.
Creation and management of the e-commerce system from code to hosting environment for a start-up, online-only retailer. Ensuring it was effective and safe for customer data, including for payment card processing.