Glasgow, Scotland, United Kingdom
Seasoned security professional with 10+ years in cyber-physical security and risk management in high-growth, high-demand environments. Flourished in leadership profiles as an air force pilot and corporate leader across military and corporate strategy roles, leading change and building strong relationships with internal and external stakeholders through effective communication. Demonstrated performance excellence in championing technology-driven changes, gaining commitment from, and leading highly cross-functional and culturally diverse workforces. Passionate about creating long-term value for organisations through delivery of cyber-secure, human-centric transformation solutions, focussed on bridging the digital divide between complex technologies and end-consumer. Having successfully led cross functional teams of well over 200 personnel in strength, across my career in the military, and having drawn a deep sense of satisfaction understanding and solving complex human centric problems, I see myself as a strong people manager. All the years of experience in zero tolerance environments, be it aviation, ground based defence or cybersecurity, crafted me into a disciplined professional with attention to detail, resilience and perseverance to see a project from start to finish with desired results and prescribed quality. These ingrained habits enabled me to consistently manage and nurture high performance teams. Here to build traction in the corporate world, and assist other transitioning veterans accomplish the same.
(In continuation from the previous role) - Developed and implemented cyber risk measurement, reporting and governance processes, including establishment of cyber risk taxonomy, conducting threat-led cyber risk assessments incorporating key risk and control metrics to determine enterprise-wide residual cyber risk for organisations in the financial sector including large MNC banks and regulatory authorities. - Developed and coordinated tracking and reporting mechanisms across an extensive cyber control and indicator catalogue uplift activity as part of a large transformation programme for a marquee client, significantly improving process efficiency. - Trained and mentored junior colleagues in various activities including but not limited to delivery of cyber risk management activities, budgeting and tracking project finances, status reporting etc.
- Developed cyber risk assessment frameworks aligned to FAIR model, including cyber risk scenarios, mapping to threat scenarios, threat vectors and relevant controls utilising frameworks such as MITRE ATT&CK and NIST CSF 2.0. - Implemented cyber risk quantification (CRQ) and reporting dashboards, and developed tailored risk insights for Board-level reporting. - Assessed cyber risks for major clients, including a large multinational bank, evaluating loss magnitude, frequency (impact & likelihood), and control scores to aggregate cyber risk at enterprise and business entity levels, enhancing overall risk visibility and decision-making. - Conducted control maturity assessments against NIST CSF, ISO 27001, CMMI frameworks, NIS Regulations/ NCSC Cyber Assessment Framework (for CNI clients) and Digital Operational Resilience Act (DORA) regulatory requirements (for Financial Entities and in-scope ICT Third Party Providers). - Implemented risk-based cybersecurity assurance programmes using the 3 Lines of Defence model to identify and mitigate high-risk areas for leading clients. Enabled clients to prioritise risks and develop targeted mitigation strategies, ensuring robust regulatory compliance across IT / OT environments, in one instance, directly reducing regulatory risk exposure by GBP 10M per entity. - Executed tailored cybersecurity internal audits, including cloud security audits against Azure & AWS Well-Architected Frameworks (Security Pillar), developing RACMs, control objectives and design and operating effectiveness tests to assess adequacy and coverage of security controls. - Developed and sustained stakeholder relations across CISO / board / senior management, risk & control owners and PMO functions while working across 1st and 2nd Line of Defence functions.
- Working as a Reach Out Ambassador in the state-of-the-art James McCune Smith Learning Hub, as part of the University of Glasgow Information Services. - Enjoying building relationships and meeting new faces everyday including academic and administrative staff, old, current and prospective students and just about anyone out to enjoy the magnificent views of the UofG Tower from the JMS Building - Finding little joys in the super fun task of frontline customer service as I work alongside on my Glasgow MBA.
- Handling Cybersecurity Service Delivery Projects of value $100,000 and above, involving implementation of offshore Security Operations Centre delivery for Master Service Providers and MNC Clients. - Overseeing the service delivery lifecycle from maturity assessment to custom code-level integration, implementation of controls, and subsequent monitoring and controlling of service delivery. - Assisting the leadership in preparing proposals and responding to RFPs, and organising pre-contract meetings with prospective clients - both government and corporate. - Quality Management of service delivery ensuring KPIs as per SLAs are met, including monitoring adherence to agreed upon TAT and quality of weekly and monthly reports. - Handling corporate communication with key stakeholders including clients and company leadership, ensuring quality of content. - Working with the leadership for the past one year to develop and implement business and growth strategy for US and India operations. - Experience handling virtual teams and client in the US and MENA region, constantly organising and engaging stakeholders in virtual meetings.
- Overseeing and managing a team of competent Demand Managers, consistently delivering in excess of laid down targets. - Involved in Offline B2B Sales with multiple Corporate Organisations and Travel Agent Businesses. - Handling P&L Management including delivery of set targets to keep team overheads well within overall monthly take generated from the business. - Handling escalations projected by the sales team and daily sales operations, acting as the median between central leadership and the field sales representatives. - Responsible for complete employee lifecycle within the team- starting from hiring, to training, promotions, appraisals, performance improvement, attrition control and exit formalities.