Basingstoke, England, United Kingdom
Security in regulated organisations rarely fails on the technical side. It fails in the space between the security function and the business ambition. Over 24 years working across audit, governance, and consulting, the consistent pattern I see is that organisations with mature security cultures treat security as a business question, not a technical one. At RightCue, we work with regulated organisations in healthcare, defence, financial services and other sectors helping leadership teams turn compliance obligations into genuine resilience. Through RightCue, I also serve as CISO for Convex Group, which keeps me close to the realities of leading security inside a complex, fast-moving organisation, scaling up the security program from a greenfield start up. If something here resonates, I am always open to a conversation.
RightCue helps regulated organisations stay secure, compliant, and operational. Founded in 2009, we are an independent consultancy working across healthcare, defence, financial services and other sectors where security and compliance carry real consequences. Our team brings together expertise in governance, assurance, compliance, and technical security, the disciplines that are often handled separately but work best when joined up. We work with leadership teams who need more than a report. We are the partner who understands the regulatory landscape, thinks commercially, and delivers work that holds up under scrutiny.
Serving as CISO for Convex Group, a specialty insurer and reinsurer operating across Bermuda, London, Europe and the US. Responsible for leading a security function that keeps pace with a fast-growing business while meeting the demands of multiple regulatory environments across jurisdictions.
Provide specialist input on selected IT security and GxP audit engagements, with a focus on Computer System Validation, information security, and governance. Support the auditing team to ensure compliance and quality assurance oversight for regulated clients.
Provided enterprise security leadership during a multi-year global SAP consolidation programme, delivered through RightCue. Key contributions included: • Leading the IT Security workstream to ensure secure implementation and configuration of global SAP systems • Developing risk management standards to strengthen data privacy and information management practices • Advising the Global CISO on budgeting, recruitment planning, and strategy for multi-million-dollar security projects
First client engagement delivered through RightCue, supporting the Finance Transformation programme at the British Council in London. Key contributions included: • Leading technology and data initiatives within the transformation programme • Designing and implementing SAP processes, managing data migration, and establishing a risk management framework • Developing technology solutions for the service desk and invoice scanning, and designing SAP roles for shared services