Responsible for equipping the Group's retail brands with the frameworks, processes, and techniques to safeguard their digital information assets.Group-wide establishment, management and delivery of a continuous information security strategic framework and policy.Partnered with IT, Digital, Legal, Marketing and other teams to mature the organisation's cybersecurity practices and embed cyber risk management as an ongoing consideration.Delivered cybersecurity initiatives across the Group, including a strategic data protection and compliance framework approach; security awareness training; the Group-wide PCI DSS assessment; the Group’s cyber insurance renewal program; and third-party data security due diligence processes.Collaborated with the Group’s largest retail business to define a cybersecurity strategy, plan and initiatives roadmap to support its security function. Performed detailed technology and cyber risk assessments and developed an IT controls library.As part of the Group's Australian divestment strategy: (i) Undertook the lead program management role in executing a complex IT de-coupling program across four business units; and (ii) Undertook the lead program coordination role in distributing the Group’s logistics capability across all the retail business units.

Line 1 team management across Risk & Controls Enablement and Risk in Change- Cyber Security.Worked across the Bank’s regulated entities to deliver a controls testing strategy aligned to CPS234.Planned, led and executed activities across functional areas of the Bank’s Operational Risk Management Framework.Contributed to the Bank’s response to APRA’s recommendation to focus on non-financial risk.

Member of the IT leadership team responsible for developing, implementing and maintaining a good information security practice within the Serco Asia Pacific region.Managed and executed the implementation of an information security framework, aligned to frameworks including ISO 27001, PCIDSS and the Federal Government Information Security Manual (ISM). Developed and implemented IT risk and security checkpoints across the IT project and bid life cycles.Managed the outsourced functions of IT security operations. Managed the response to critical security incidents and oversaw corrective actions.Accountable for putting in place the local footprint of the global security operations centre.Worked with Sales and Bid teams to develop security responses and solutions to RFP and EOI requests.

Managed or contributed to the integration of risk support and governance frameworks to enable the organisation to manage material risk down to an acceptable level.Completed the biannual risk and control assessment activities for the Technology division.Managed the Sarbanes-Oxley and compliance plan attestations for the Technology division.

Responsible for delivery of the global and regional IT Risk program of work for the Custody business in Australia. Delivered the technology-related compliance effort for the new industry standard, GS007.Managed the risk-related due diligence work across projects, third parties, acquisitions and controls.Prepared and executed requirements for local and regional regulatory reviews conducted by APRA, HKMA, MAS and the OCC. Defined and implemented a proactive continuous testing controls assurance regime across IT.Conducted risk reviews in business units in APAC. Worked with the regional teams to help address issues and implement other global initiatives.

Responsible for leading and executing security consulting engagements for a diverse client base.Significant contribution to building the IBM security consulting capability within Australia. Defined the functional security architecture for a major NZ FMCG company.Completed ISO 27001/2 compliance activities, IT risk assessments, resiliency and recovery capability reviews for clients.Completed a security assessment for an Application Service Provider in Hong Kong. Completed an ISO 17799 compliance review for a web portal for a large bank in Thailand. Managed technical activities across the application and network infrastructure life-cycle, for a large client in the sports administration industry.