As the Director of GRC - QLD, I am responsible for leading a team of security professionals that deliver governance, risk and compliance consulting expertise to CyberCX's broad customer base. Additional responsibilities also include providing subject matter expertise to the Sales, Account Management and Marketing teams to support their relevant activities and development of the GRC Brisbane practice.

As the QLD practice lead, I am responsible for leading a team of security professionals that deliver governance, risk and compliance consulting expertise to Shearwater's broad customer base. Additional responsibilities also include providing subject matter expertise to the Sales, Account Management and Marketing teams to support their relevant activities and development of the GRC Brisbane practice.

SvI Technology Services is a specialist Information Security and IT Governance, Risk and Compliance consultancy service delivering realistic, business focused solutions.SvI offers consulting, assurance and training services and we believe that the information security requirements and governance objectives vary for each and every organization. As such, we off solutions that will align with your organizational constraints whilst meeting the specific needs of your business.

As the Director of Systems and Information Security for a 12 month engagement for the Vingroup group of companies, I am accountable for the transformation of the cyber security landscape across the diverse sectors within which the group operates, including Healthcare, Education, e-Commerce, Retail, Agriculture, Property and Construction. This immensely challenging role is drawing upon the full breadth of my skills and experience in order to execute strategy, transform operations, manage threats, respond to incidents and mentor a team of security specialists.

Seconded from the Commonwealth Bank of Australia, in this role I was accountable for establishing, implementing and maintaining the information security, risk management and IT Service Continuity (DR) frameworks. Models and methods employed included ISO 27001/2, ISO 27005, COBIT 5, PCI DSS and ISO 27031. The security function consisted of the following three distinct units:Security Assurance Services:• Risk and vulnerability management;• Security architecture and design referencing NIST, PCI DSS, ISO 27002; • Audits and Control self-assessments against ISO 27001/2, PCI DSS and NIST SP 800-53;• Policy development;Security Operations Services• Operations and maintenance of security infrastructure and applications including firewalls, NAC, AV, IPS, content filtering, remote access;• Security incident response;Service Continuity (DR) and IT Business Continuity Planning• Service continuity and disaster recovery design;• Management and reporting of service continuity and DR testing, risks and operational acceptance.During this time, I was also accountable for phase 2 of the PCI DSS compliance program, as well as the ongoing Data Center and Disaster Recovery project.

Seconded from the Commonwealth Bank of Australia, in this role I was accountable for a broad range of functions including day-to-day operations, major project delivery and infrastructure architecture. Operational responsibilities included security, mid-range, databases, network and storage. Additionally, I was accountable to deliver the Data Centre and Disaster Recovery project, as well as Phase 1 of the PCI DSS compliance program.

Dual-disciplined role, the Security Operations focus of this role was to oversee and ensure the operational management of the information security applications, infrastructure, human resources and service providers that comprise the IT security environment. Additional accountability included layer 1 risk management and security incident response.The service continuity focus of this role was to oversee and ensure IT Service Continuity (SC) people and processes that sustain the SC capability.

Leveraging international standards and frameworks including ISO 27001 and PCI DSS, I was accountable for a comprehensive program of Internal Audit activities to determine the adequacy and effectiveness of ICT controls within Bankwest.

Accountable to provide subject matter expertise and compliance assessments in all areas of banking compliance such as APRA, VISA and MasterCard and Australian Payments Clearing Association.

Accountable for the design, implementation and review of systems and interfaces to ensure security controls are commensurate with BankWest's risk appetite.

Accountable for the delivery of security services and consultation within the Center for Information Warfare (C4IW) encompassing firewalls, audits and e-business security.

Accountable to architect, implement and support multi-tiered E-commerce security infrastructure.