London, England, United Kingdom
Motivated and experienced CISO with a proven track record of improving the cyber defences and information assurance of FTSE100 organisations, to the highest levels of regulatory and security demands. Draws on a broad range of experiences gained in a varied career route from hands on technical roles, Security Operations Centre implementations and development, through to CISO roles within the Defence Industry and Managed Service Provider sectors. Significant experience in defence organisations during prolonged and sustained adverse Cyber circumstances, developing and transforming defensive tactics at pace and breadth. Succeeds by developing skilled and driven teams, dedicated to both the organisation and broader societal benefits of reducing the impact of Cyber incidents and risk. Accomplished at stakeholder management, be that supplier, customer or regulatory authorities, ensuring alignment in strategic business objectives supported by a pragmatic, risk led and proportionate approach to security. Established track record in building, growing and transforming security teams, capabilities and functions that reduce business information risks that are proportionate and practical. Specialities include: Cyber defences and technologies (SIEM, SOAR, PCAP, IDS, UBA, Threat Intelligence, Deception), Insider Threat, Infosec Risk Management, Security Culture and Awareness, Regulatory and certification compliance (HMG, NCSC CAF, GDPR, NIST, ISO, DFARS/CMMC), Audit, Personnel Vetting), Policy, Process, Governance and Strategy.
As Director of Information Security UK at Northrop Grumman, I lead all aspects of information security strategy and operations across the UK, serving as the senior security representative to NG Corporate. I oversee risk assessment and mitigation, the development and execution of security plans, continuous assurance and testing, policy and standards creation, stakeholder and customer engagement, and the management of security KPIs and budgets, while ensuring alignment with UK government requirements, corporate controls, and business needs under sovereign constraints.
Reporting directly into the ExCo, I was responsible for setting the Information Systems and Cyber Security strategy across all Sopra Steria UK businesses.
Reporting directly to the Global CIO, and responsible for the planning, development and implementation of all IT Security interventions across the non-US based businesses, providing governance and assurance of Information Security
Responsible for the Cyber Defences and Information Assurance for Babcock, comprising of the Security Operations Centre, Governance, Accreditation, Risk Management, Compliance, Policy, Audit, Business Continuity, Personnel Vetting, Travel Security, Security Culture and Supply Chain security.
Operationally responsible for leading Babcock's cyber defences, developing capability and integrating the service into wider IT process. The SOC had only recently been created on my joining Babcock, so one of the first priorities was to move the SOC from its initial state into full operational capability. The development of SIEM, IDS/IPS, full packet capture, client device monitoring and a multi layered detection capability have been key in the SOC success.
Operationally responsible for leading MBDA's response to the cyber risk. This led to the introduction of new technical solutions to enable the IT team to identify and respond to threats.