Reporting to the Chief Product & Technology Officer and CEO, with sole ownership for the development & execution of the Security & Enterprise IT strategy and approach to build up the respective functions, accountable for all aspects of PrimaryBid’s security, risk management, business continuity, Enterprise IT and legislative/regulatory compliance throughout all business lines and operations globally. Greenfield functions, with the remit to build and delivery an effective security function and… Show more Reporting to the Chief Product & Technology Officer and CEO, with sole ownership for the development & execution of the Security & Enterprise IT strategy and approach to build up the respective functions, accountable for all aspects of PrimaryBid’s security, risk management, business continuity, Enterprise IT and legislative/regulatory compliance throughout all business lines and operations globally. Greenfield functions, with the remit to build and delivery an effective security function and program to meet PrimaryBid’s complex regulatory and risk landscape.Role Highlights: • Successfully delivered ISO27001:2022, ISO27017 and ISO270018 certification within 9 months & fast followed with PCI, CSA STAR, Cyber Essentials Plus and SOC2 Type 1• Built and executed the Security strategy, delivering 2 full levels of maturity improvement in 15 months• Reduced system vulnerabilities by 75% in 9 months• Selected and implemented SIEM, SOC, CNAPP, Secure CI/CD, xDR and 1st/3rd Party and Infrastructure as Code Checks• Recruited a small team and built a ‘DevSecOps’ focused program to shift the focus of security into the forefront of engineers mind to ensure a ‘secure and compliant by design’ approach to development, as well as developing a wider cross business ‘security champions’ program to embed security thinking into all business functions• Developed and built PrimaryBid’s Enterprise Risk Management Framework• Transformed the delivery of Enterprise IT through a digital transformation and yielding over £400k year on year savings through negotiation, optimisation and clarity of strategic deliveryWith the accelerated delivery of the security program, I have helped pivot PrimaryBid from a pure-play regulated financial institution, to an entity that is now packaging the internal operations as a ‘SaaS’ Enterprise white label offering to Global Tier 1 banks & financial institutions, as well as UK Government. Show less

Executive Vice President Revenue Protection & Global CISO, appointed by the ExCo & reporting into the CEO, with full responsibility for the strategy and delivery of Anti Piracy, Anti Fraud, Data Privacy and Cyber Defence, including SecEng, AppSec, SSDLC in Agile delivery, Cloud Micro-Services Architecture, Fusion Operations, Governance, Information Security Certification, Risk Management, Compliance, Policy, Audit, Operational Resilience and Supply Chain security.Brownfield environment,… Show more Executive Vice President Revenue Protection & Global CISO, appointed by the ExCo & reporting into the CEO, with full responsibility for the strategy and delivery of Anti Piracy, Anti Fraud, Data Privacy and Cyber Defence, including SecEng, AppSec, SSDLC in Agile delivery, Cloud Micro-Services Architecture, Fusion Operations, Governance, Information Security Certification, Risk Management, Compliance, Policy, Audit, Operational Resilience and Supply Chain security.Brownfield environment, recruiting and leading a team to mature DAZNs security and compliance capability to protect our customers personal and financial data, reduce piracy and maintain systems availability. Role Highlights:• Successfully delivered ISO27001 and PCI certification• Built and executed a global Data Privacy compliance program delivering YoY maturity improvements• Transformed the approach to security to become DevSecOps and ‘fusion operations’• Secured the 600+ developer community tooling, operating 60+ Agile Scrum teams with CI/CD• Introduced data centric security thinking and enabled the transition to cloud• Defined the security strategy for multi-cloud offerings, delivering YoY maturity improvements• Introduced tooling to provide continuous scanning of code and systems for vulnerabilities• Introduced tooling for anomaly detection based on AI/ML• Introduced cloud based SOC and commenced build up of 24x7 ‘Fusion operations’In this role, I have focused on driving ‘fusion operations’ that has resulted in the identification and remediation of issues, that have either saved or directly generated in excess of $40m yoy through the detection of complex errors in the business transaction processes between microservices, as well as working across the industry to devise and execute new anti-piracy measures, yielding a further £5m yoy in revenue gain for DAZN. Show less

Senior Director, appointed by the ExCo as the Group CISO for OneWeb. Fully responsible for managing all aspects of Cyber Defence and Information Assurance, this includes Governance, Information Security Certification, Risk Management, Compliance, Policy, Audit, Operational Resilience and Supply Chain security.Role Highlights:• Authored and executed group level security & data privacy strategy and developed internal initiatives to drive improvement to the security… Show more Senior Director, appointed by the ExCo as the Group CISO for OneWeb. Fully responsible for managing all aspects of Cyber Defence and Information Assurance, this includes Governance, Information Security Certification, Risk Management, Compliance, Policy, Audit, Operational Resilience and Supply Chain security.Role Highlights:• Authored and executed group level security & data privacy strategy and developed internal initiatives to drive improvement to the security posture,• Creating a ‘DevSecOps’ approach to Agile delivery programmes including integration and orchestration of security into DevOps CI/CD pipelines/digital factories,• Developing and delivering IAM, PKI, SIEM, SOC Fusion Operations, End Point Protection, Cloud Security Controls, Continuous vulnerability management, advanced threat hunting and DLP,• Transitioning from on-prem workloads to digital micro-services workloads,• Transitioning from on-prem office automation tooling to Microsoft 365,• Developing SASE controls to enable secure C/BYOD, • Embedding ‘secure by design and privacy by design by default’ into the culture of the business and engineering teams• Thought leadership and delivery of innovative, agile and proportionate business focussed Security Services to our internal and external stakeholders,• Leveraging cutting edge preventative, detective and reactionary AI/machine learning technologies to provide advanced systems defence,• Cloud Networking Gateway (CNG) Manager for dynamic establishment of intra/inter cloud connectivity,• Software Defined Network (SDN) & Network Function Virtualisation (NFV),• Microsoft cloud management gateway (CMG) and AWS Transit Gateway enabling customers to connect numerous Amazon Virtual Private Clouds (VPCs) and their on-premises networks using a single gateway,• Defined and created information security policies and a governance framework that covered ISO27001, GDPR, NIST and country specific legislation. Show less

Reporting into the Global CISO and the UK&I CEO, accountable for all aspects of security, solution assurance, bid/deal assurance, risk management, business continuity, contractual delivery and legislative/regulatory compliance throughout all business lines and operations within UK&I. Leading the transformation of the security, compliance and resilience environment across Arvato both nationally and globally. Full ownership for the development of the security strategy and approach to… Show more Reporting into the Global CISO and the UK&I CEO, accountable for all aspects of security, solution assurance, bid/deal assurance, risk management, business continuity, contractual delivery and legislative/regulatory compliance throughout all business lines and operations within UK&I. Leading the transformation of the security, compliance and resilience environment across Arvato both nationally and globally. Full ownership for the development of the security strategy and approach to build up the function from scratch resulting in the company allocating a £10m budget directly to information security-related activities. Provided the necessary foundations including business justification, a mitigation plan for quantified operational, financial and compliance risks in excess of £350m and a detailed tactical plan for the CIO, the board and Bertelsmann (parent company).Role Highlights: • Authoring group level security and data privacy strategy – including digital transformation and cloud migration,• Defined and created information security policies and a governance framework that covered PCI DSS, NIS directive, GDPR and European country specific legislation • Leading the global programme to professionalise InfoSec across the business, including the creation of a career scheme and training programmes to support talent development,• Leading the solution assurance and accreditation of Independent Shared Service Centre (ISSC1), part of the Governments strategic move to Next Generation Shared Services and the first to be operational and fully accredited,• Leading the solution assurance for all systems• Developing internal initiatives to drive improvement to the security posture and standardise the approach to risk management/reporting and compliance,• Assessing the impacts of AI/Robots on business operations, in particular the impacts under GDPR,• Contributing and responsible for the rollout of ISO 27001:2013 across Arvato's global operations. Show less

Strategic CxO advisory role, embedded within the client organisation, specialising in building strong relations with leadership teams to ensure mutual understanding of business objectives and security strategy to ensure that InfoSec is a business enabler, aligned to the businesses objectives and delivering value for money, specialising in; - Developing and driving security strategy, - Architecting and delivering technical security projects and solutions, - Providing Solution… Show more Strategic CxO advisory role, embedded within the client organisation, specialising in building strong relations with leadership teams to ensure mutual understanding of business objectives and security strategy to ensure that InfoSec is a business enabler, aligned to the businesses objectives and delivering value for money, specialising in; - Developing and driving security strategy, - Architecting and delivering technical security projects and solutions, - Providing Solution Security Assurance, - Identifying and improving the visibility of and management of IS risks - Providing assurance to the business that the business is compliant with relevant legislation, - Providing security assurance oversight on projects - Managing Key Stakeholders, - Leading on security contractual matters (negotiations, deal assurance, service provider management etc.) - Establishing the security posture of the organisation.Key Responsibilities: - Responsible for the strategic InfoSec & Compliance governance model and operations within key CSCs accounts, providing a focal point for HMG/MOD policy compliance advice, Security Solutions, Risk Management and InfoSec Governance, as well as an oversight to various strategic compliance management programmes targeted at ensuring the business remains up to date with relevant external legislation and standards certifications, - Work with CTOs, Technical Architects and Security Architects to set technical direction, ensuring that security is built into the system/design from the outset and against a set of measureable requirements, within a defined Security Architecture Framework, - Provide assurance to the executive board that the business is compliant and that risks are either at an acceptable level or being managed by the Risk Owners / Risk Managers, through robust security and risk governance methodology, which is supported by appropriate ISMS Show less

A Senior CISO within HP Enterprise Security Services, providing security leadership to CxO of key clients in both the public and private sector.My primary duties included devising and delivering strategy that improves visibility and management of risk, leading a team of InfoSec professionals in the execution of InfoSec strategy, drive Information Assurance cultural adoption, develop effective security practices and provide assurance to the Executive Team that the business is compliant… Show more A Senior CISO within HP Enterprise Security Services, providing security leadership to CxO of key clients in both the public and private sector.My primary duties included devising and delivering strategy that improves visibility and management of risk, leading a team of InfoSec professionals in the execution of InfoSec strategy, drive Information Assurance cultural adoption, develop effective security practices and provide assurance to the Executive Team that the business is compliant with relevant legislation (e.g. DPA). In addition I undertook threat analysis, information risk management as the principal risk advisor, delivering technical security solutions and operating as the boards Security Subject Matter Expert. This role required significant strategic goal setting to ensure that InfoSec is a business enabler, supporting the businesses strategy, delivering value for money and maintaining core service delivery, against a defined risk framework and corresponding defined risk appetite. Show less

A pan QinetiQ position that reports directly into the CIO, primarily as the IT security authority for QinetiQ operations globally, as well as being an influencing design authority for the corporate infrastructure.- Set security strategy for QinetiQ- Work with Corporate Technical Architects to set technical infrastructure strategy - Develop and maintain Information security policy, standards and guidelines for ISMS and communicate IT security policy to all organisational… Show more A pan QinetiQ position that reports directly into the CIO, primarily as the IT security authority for QinetiQ operations globally, as well as being an influencing design authority for the corporate infrastructure.- Set security strategy for QinetiQ- Work with Corporate Technical Architects to set technical infrastructure strategy - Develop and maintain Information security policy, standards and guidelines for ISMS and communicate IT security policy to all organisational levels- Ensure that QinetiQ complies with JSP 440, JSP 480, MoPS, CeSG InfoSec Standards & Manuals- Monitor compliance - Identify, assess and manage risks relating to IT security - Coordinate investigations- Maintain awareness of security regulations and related legislation - Maintain, implement and review business continuity plans- Reviewing project proposals for compliance with the corporate policy and confirming value for money and technical security Show less

To work as a member of the Global IT Technical team, covering;IT standardisation Disaster RecoveryNetwork and Systems SecurityIdentify new technical areas of benefit to the companyProvide future road mapsDesign and manage technical projects on a global basis. The other function of this role was to assume a reporting responsibility for all technical IT related projects for 6 of the APW sites.