Leading the bank's cyber security function to ensure regulatory compliance and secure banking operations for our clients. I own the Information Security strategy and framework, setting the roadmap for security based on identified threats and risks to the company. This includes:Delivery and maintenance of ISO27001 certification as defined by the board. I’ve defined and agreed the scope of the certification to maximise the cost/benefit of delivery, including the non-tangible benefits such as easier audit response and client assurance.Delivering Information Security Policy and Standards to ensure there is a defined and consistent approach to the security controls that are required throughout the organisation in order to maintain compliance with relevant regulation and risk appetite. Feeding into the existing Risk Management Framework and supporting the maturing of that framework by delivering robust Risk and Exceptions processes within Information Security to ensure that the security risks are visible to key stakeholders, driving the remediation of risk, and consistent improvement in the way teams address their compliance with policy.Starting from ad-hoc controls, delivery of a Compliance Assurance program to ensure the organisation has a consolidated view of the security controls it is implementing, driving improvements in the coverage and effectiveness of those controls, and feeding requirements back into policy.Taking a new CMDB and delivering a new, related data asset register to support GDPR compliance in addition to defining where our biggest data loss risks reside.Starting with a base level attestation process, delivery of a Supplier Assurance program to assess and assure the risks around outsourcing of services and sharing of data. The process takes account the level of data and connectivity when defining the inherent risk, and moving to detailed assessments for high risk supplier services.

Shaping and establishing a Technology General Controls capability across a complex technology landscape, spanning the Sainsbury’s business.Accountable for measuring, evidencing, and reporting on control compliance across critical technology products and applications.

Managing a team of 9 to deliver GRC for Data Governance and Information Security.Delivering Information Security Policy and Standards to ensure there is a defined and consistent approach to the security controls that are required throughout the organisation.Defining and delivering a new suite of InfoSec policies, setting clear control objectives for the company to main compliance with relevant regulation and risk appetite. To support the delivery of policies to the business I've also defined a new framework and process to support the creation and maintenance of the policy set. Delivering robust Risk and Exceptions process to ensure that the organisational risks are visible to key stakeholders, driving the remediation of risk, and consistent improvement in the way teams address their compliance with policy.To support the management of IS risk, I've defined a new Risk Management framework, process and training regime for InfoSec risk. Ensuring that all identified issues are recorded in the risk register and tracked through remediation activity. Delivery of a Compliance program to ensure the organisation has a consolidated view of the security controls it is implementing, driving improvements in the coverage and effectiveness of those controls, and feeding requirements back into policy.To support the controls assessments, I have defined a controls testing framework and process to identify opportunities for control improvements and any potential non-conformities. Delivery of the data inventory to support GDPR compliance and track policy non-compliances for key systems.Responsible for co-ordination of the remediation of audit actions across InfoSec. Actions span internal audit, and customer audit findings.

- Leading the compliance function within Sainsbury's InfoSec- Implemented new processes for assessing the implementation and effectiveness of security controls- Built team to deliver on the goals and objectives - drive a risk based approach for the business, identifying levels of risk and ensuring that risks are managed through the corporate risk framework- Using risk analysis to drive improvements in process and the control environment for a multi channel, multi business group the scope of work spans; retail, banking, and customer loyalty

- Creating and developing security policy and standards- Management of CASB solution, including rule reviews and analysis- Management of exceptions to security policy and standards- Act as SME to the wider business on behalf of Information Security- Deputy team lead for the Information Security Standards and Compliance team

- Act as SME for the Information Security team and the wider business on risk management and supplier assurance.- Review and assessment of supplier controls to identify risk related to third party service provision- Presentation of risk reports to relevant business owners- Risk conversations with business stakeholders to ensure they understand the risks associated with their suppliers and provide advice and guidance on how to reduce and manage risk- Drive the development of the team processes- Interim team lead (May 2018 - August 2018)- Feed into the business data governance process- Active member of the Information Security Community of Practice

- Anti-Money Laundering Investigator - responsible for KYC and card usage pattern analysis to ensure compliance with legislation- Fraud Investigator - responsible for analysis of fraud patterns and design/implementation of rules to prevent future fraud- Information Security Associate - responsible for operations and engineering of security tools and processes