I bring independent, board-level insight, expertise and regulatory compliance in cyber and operational resilience, governance and data protection to a variety of commercial and non-profit organisations, delivering:Cyber resilience programmes providing:• Assessment of potential business impact from cyber compromise • Third-party due diligence• Regulatory requirements• Compliance with professional standards and audits (e.g. ICAEW – SRA – FCA/PRA)• Contingency planning… Show more I bring independent, board-level insight, expertise and regulatory compliance in cyber and operational resilience, governance and data protection to a variety of commercial and non-profit organisations, delivering:Cyber resilience programmes providing:• Assessment of potential business impact from cyber compromise • Third-party due diligence• Regulatory requirements• Compliance with professional standards and audits (e.g. ICAEW – SRA – FCA/PRA)• Contingency planning & testingData Protection projects providing:• Ongoing Data Protection (GDPR) compliance• Compliance with professional standards and audits (e.g. ICAEW – SRA – FCA/PRA)I also provide consultancy services to the charity sector, enhancing compliance with risk controls within the Charity Governance Code, focussing on:• Data Protection (GDPR) policies and practices• Operational resilience to data or systems compromise Show less

As an external associate to this leading cybersecurity and compliance consultancy, I support the delivery of cyber risk and GDPR projects to a variety of their clients. Projects typically involve cyber risk assessments and the design of risk control frameworks or the execution of data protection impact assessments.

Representing this leading consultancy firm, I acted as the interim ISO for a start-up retail bank as it moved towards PRA approval and business launch. Consolidating previous strands of cyber security activities into a coherent project plan, and implementing a cyber ‘risk control framework’ based on NIST, I was able to hand over a mature security posture.

The Brooke Consultancy provides 'Business Advice in the Round' by working collaboratively with a wide range of legal and business experts, so clients don’t need to search out expert opinion from different groups of specialists.As a Collaboration Partner within the 'non-legal advice' practice, I assist their clients develop their resilience to cyber-attacks, and to build compliant GDPR policies and procedures.

Providing non-executive oversight to the board of O2e, a limited company managing a national charity. • Oversight of the board’s activities and their compliance with the 2018 Corporate Governance Code• Monitoring the board’s management of the charity and its compliance with the Charity Governance Code• Review of the board’s strategic direction and its efficacy in achieving its goals

Fish Financial specialise in high net worth wealth management and the creation and protection of wealth for individual and corporate clients. As an advisor to the management board of the company, I am maturing their resilience to cyber incidents and loss of IT systems, to reach a standard commensurate with the impact tolerance and risk appetite of the business. Under a NIST framework, I am delivering:• Criticality assessments of business processes.• Review of technical and… Show more Fish Financial specialise in high net worth wealth management and the creation and protection of wealth for individual and corporate clients. As an advisor to the management board of the company, I am maturing their resilience to cyber incidents and loss of IT systems, to reach a standard commensurate with the impact tolerance and risk appetite of the business. Under a NIST framework, I am delivering:• Criticality assessments of business processes.• Review of technical and organisational security standards around key IT systems• Contingency planning for compromise to systems and data, including the foundation of an incident response procedure.• Scenario-based desktop exercises to maintain a cycle of improvement Show less

Regional CISO for London and mainland (ex-Germany) Europe. Reporting to London management board and Operational Risk committee. Member of Operations and Regulatory committees. FCA Certified role under SMF24 (operational risk).Delivered projects to achieve compliance with legal and regulatory standards for:• Operational resilience (within FCA / PRA guidelines on impact tolerances)• Cyber contingency planning – business focussed scenario tests• Post-Brexit data flows across… Show more Regional CISO for London and mainland (ex-Germany) Europe. Reporting to London management board and Operational Risk committee. Member of Operations and Regulatory committees. FCA Certified role under SMF24 (operational risk).Delivered projects to achieve compliance with legal and regulatory standards for:• Operational resilience (within FCA / PRA guidelines on impact tolerances)• Cyber contingency planning – business focussed scenario tests• Post-Brexit data flows across the group• Data protection / GDPR (Information Commissioner)• Business continuity / disaster recovery planningAdditional responsibilities included:• Forensic support of legal and regulatory conduct investigations• Information security training and awareness• PSD2 – monitoring and reporting of security standards and incidents• Outsourcing of business continuity as a managed service Show less

As part of the global IT security team, my functions included:• Lead for internal investigations: forensic examinations, litigation and regulatory discovery management.• Deputy to the global Data Protection manager, with UK responsibility• Delivery of the ‘CSIRT” security incident procedure

► Worked as a consultant, providing forensic computing services to this specialist investigations organisation.

► Managed the forensic computing service within PwC’s London ‘Forensic Services’ Division and growing its business model from internal to a direct client service. ► Established sound evidence based procedures, secured internal investment and activelymarketed the service, ► Achieved external revenue growth of 125% in two years - particularly by identifying, and accessing, growing markets in commercial litigation.► In response to business growth I recruited two junior… Show more ► Managed the forensic computing service within PwC’s London ‘Forensic Services’ Division and growing its business model from internal to a direct client service. ► Established sound evidence based procedures, secured internal investment and activelymarketed the service, ► Achieved external revenue growth of 125% in two years - particularly by identifying, and accessing, growing markets in commercial litigation.► In response to business growth I recruited two junior staff as investigators. ► Established a sound business case for recruitment, advertising, interviewing and selection. Thereafter I managed the team including their training, objective setting, appraisal and discipline. Show less

► After 15 years of general police duties - including divisional CID and Special Branch - I spent five years with the Company Fraud Squad. Experience there included:► Complex international fraud enquiries► Seconded to Serious Fraud Office► AML investigations► 2 years on Computer Crime Unit. Undertook investigations into a range of computer-related crimes such as network intrusion, cyber-squatting and virus writing.