Alex Brewer Email & Phone Number

London, United Kingdom

A key part of this role was the support for successful ISO27001 certifications up until the risk and compliance functions were separated. After this change, as well as providing a risk model to my team to provide a consistent risk assessment capability, I also devised processes to manage compliance training to cover all relevant company staff. The standard.

Paddock Wood

I took a break from the smoke to see how business works outside the M25. Exposure to preparing information for accounts, tax, payroll, CIS, VAT and management information for small businesses.Also in the front line against the cyber world, being the acting IT manager when Windows etc. doesn't behave itself...

London

• Devised and performed audits of controls over the development and release of quantitative models used in front office and core IT (London branches of two international investment banks).Managed an audit team reviewing.
• IT and Information Security
• Service certification audits and reviews of third party audit work on IT controls
• Review of cybersecurity
• Project portfolio management
• Business Continuity

All manner of reviews relating to the bank's business and use of ITPost implementation reviews covering strategic projects.ERP application security reviews covering all user entitlements assigned using activity groups and detailed authorisations. Built a tool to automate this work.ERP infrastructure security review including entitlements, configuration.

I ran and presented courses for the BCS IRMA Specialist Group. As there were links with ISACA and ICAEW we also ran joint events.

Active member of committee signing off projects covering the information security and regulatory risks of projects due for release.Helped produce and deliver presentations for security awareness induction sessions for new staff.Input from EMEA region to develop and revise the Firm’s global information security policies.Co-produced global survey of the Firm.

Application reviews including supporting infrastructure work in a fast moving trading environment:Review of equity derivative model valuation process and environment.General controls review of the Firm’s CDS application, including a gap analysis of controls present in preparation for Sarbanes-Oxley.Application and general control reviews of the Bank’s.

Provided security consultancy to projects in Treasury and Lloyds TSB Group, including security requirements definitions as required, and building relationships to support this work. A recurring theme was ensuring compliance with the data protection act.Successful project implementation including the documentation of key operational and security aspects for.

Pre- and post- implementation reviews of implementation and application migration projects.General controls work (system development, change management, information security, business continuity) including third party controls.Prepared three year audit plan matching audit universe to workload and resources. Innovations: Coached the Treasury audit.

Responsible for preparing regulatory report of IT controls used as the basis for a big four report.Advised on the adoption of security measures to improve the branch’s security stance in the following areas: both mainframe and local operating system domains, database security and payment data integrity.

Working for a subsidiary of Lloyds TSB group. This included:Audit recommendations to prevent unauthorised changes to payment data.Review of life insurance core application and its integration with mainframe security.Reviews of business continuity processes, testing and planCore project review to ensure the security of the components automating the flow of.

All kinds of application (both pre and post imp) and SAS70 reviews including global and mission critical systems. General controls reviews as well as all kinds of data acquisition and reporting in support of audit teams delivering year end and interim audits.Innovations: Developing audit guidance notes for local area network security and running a course.

• Under a training contract I was exposed to many small and medium sized owner-managed businesses in the following sectors:
• Lloyd’s insurance
• Charities
• High streetInnovations: I became the office spreadsheet expert, and this knowledge was used to prepare client business projections.