Information Security And Risk Consultant
A key part of this role was the support for successful ISO27001 certifications up until the risk and compliance functions were separated. After this change, as well as providing a risk model to my team to provide a consistent risk assessment capability, I also devised processes to manage compliance training to cover all relevant company staff. The standard risk work involved the logging, assessment and reporting of risk. Some of this involved the discussion, review and management of corrective action tracking for issues raised during audit work.The risk model was based on FAIR and linked to multiple risk models allowing risks to be transferred between different business units. It was also taken and used by the large payments company to scope and assess risk for significant ad hoc projects.Also during this time I acted as a policy and documentation librarian, making sure that relevant documents were updated as required for ISO purposes.