Business Engagements:CISO for major Insurance UnderwritersLloyds Market Association advisory board memberLIMOSS advisory architecture memberAssurance programme for the gambling industry, providing end-to-end assessment including RNGThird party assurance programmesQSA PCI scoping, architecture, assurance and AoC certification

Business Engagements:QSA PCI scoping, architecture, assurance and AoC certificationSecurity solution architecture reviews (Azure, AWS)

Business Engagements:QSA PCI scoping, architecture, assurance and AoC certification

Managing a dedicated compliance team that support global complex assignments, solutions and certifications within PCI, ISO and DP/GDPR standards using industry standards and frameworks providing security in depth.Comprehensive experience providing strategic direction and advice within most sectors including Financial, Gambling, Energy, Water, Media, Health, IT, Telecommunications and Retail.In depth Information Security assessments providing remedial advice based on the Security threat landscape of the business requirements including vendor compliance assessments.Virtual CISO engagements encompassing technologist, guardian, advisor, and strategist:• Information Security strategy and enterprise protection• Develop enterprise security and operational compliance programs, protecting digital assets without impeding the business• Security awareness and threat landscape training programs• Identify, report and control incidents• Threat monitoring, providing preventative measures

Managing a dedicated compliance team that support global complex assignments, solutions and certifications within PCI, ISO and DP/GDPR standards using industry standards and frameworks providing security in depth.Comprehensive experience providing strategic direction and advice within most sectors including Financial, Gambling, Energy, Water, Media, Health, IT, Telecommunications and Retail.In depth Information Security assessments providing remedial advice based on the Security threat landscape of the business requirements including vendor compliance assessments.Virtual CISO engagements encompassing technologist, guardian, advisor, and strategist: • Information Security strategy and enterprise protection • Develop enterprise security and operational compliance programs, protecting digital assets without impeding the business • Security awareness and threat landscape training programs • Identify, report and control incidents • Threat monitoring, providing preventative measures

Management• Support and guide junior information security consultantExperience• Comprehensive experience with industry standards providing advice and support for- Stakeholder management- Vulnerability management- Sensitive data discovery- Enterprise solutions- Third party solutions• Conduct and provide- Internal audit assessments for ISO- Detailed areas of non-compliance- Detailed remediation advice- Security and risk assessments- Policies and procedure creation or re-development support- Security and awareness training developmentSpecialisations• Strategic IT Planning and Governance• Project Implementation• Enterprise Architecture• Enterprise AnalysisStandards• ISO 27001/2 (Information Security Management)• ISO 27005 (Risk Management)• PCI DSS (Payment Card Industry Data Security Standard)• SEC (Smart Energy Code)• SCF (Security Controls Framework)

• Comprehensive experience with industry standards PCI DSS, ISO/IEC 27001/2 and CESG• Excellent communication skills liaising with clients and stakeholders whilst developing a rapport at all levels and across a broad range of industries• Technical and non-technical advice providing client solutions with attention to detail• Conduct detailed data security assessments in order to identify areas of non-compliance• Produce gap-analysis/reports, SAQ’s, RoC’s and AOC’s• Policy and procedures development

• Supporting security team and training new analysts• Supporting users via RDC, phone and email for security issues and incidents• Maintaining & enforcing IS security & audit policies• Support and maintain security and compliance using industry standard appliances and tools including SIEM and VA scanning• Head SOX Oracle meetings and BskyB Business Owners/Technical Owners for HP UNIX, Oracle/SUN and 3rd party patches• PCI data flow for PCI compliance by gathering and mapping test, development and production environments from domain name through to application and database servers this included switches, load balancers, firewalls, virtualisation and appliances• Audit Data Centre’s in England, Scotland and Amsterdam for major server/services migration• Liaise with business and technical owners to create work packages and run books• Create workshops with key contacts per service and migrations/re-platforms for multiple services across 1000’s of virtual and physical servers, Unix, Linux and Wintel including firewalls, switches, load balancers• Update risks and issues logs, work packages, run books and questionnaires