Cyber Security Consulting with a Business MindsetAt Cybershore, we want to improve the security posture of New Zealand by providing practical and actionable cyber security advice to New Zealand organisations and their people.Cybershore provides the following business and cyber security consulting services:Business EnablementSecurity AssuranceSecurity CultureConsultancyRencore Governance - Automate Microsoft 365 governanceStandardFusion GRC Platform - Making GRC approachablePhriendly Phishing - Educate and empower your organisation and your peopleBlacklock - On demand penetration testing as a serviceWe consistently provide the highest quality cyber security consulting services to our clients. Our attention to detail and desire to consistently go the extra mile is what helps us deliver the best outcomes and strike the right balance between risk and business benefits when helping clients on their security journey.

• Leading Governance, Risk and Compliance (GRC) activities associated with cyber security.• Developing security policies and standards for enterprise and operational technologies.• Establishing, promoting, and maintaining an information security awareness program and training.• Performing phishing simulations and reporting of results to executive leadership.• Regular threat landscape reporting to the executive leadership team and board.• Supporting the development and implementation of the cyber security strategy and roadmap.• Establishing and maintaining processes for vetting third-party cloud providers and assessing the security posture of enterprise systems to ensure organisational security requirements are achieved.• Developing and managing the external assurance program, including responding to external audit requests.• Collaborating with internal and external stakeholders at various levels; being the trusted advisor for cyber security governance, risk and compliance across the business.

• Helping clients comply with industry best practice IT security standards such as the New Zealand Information Security Manual (NZISM), NIST, ISO/IEC 27000 and the Payment Card Industry Data Security Standard (PCI DSS).• Delivering and supporting Certification and Accreditation (C&A) activities and artefacts such as scope endorsement, risk assessments, controls validation plans and audits, audit reports, system security certificates and audit risk reports, security risk management plans, and remediation reviews) for government IT systems and government-approved services such as Telecommunications as a Service (TaaS) and Infrastructure as a Service (IaaS).• Conducting annual assurance reviews for TaaS government service providers.• Providing advisory services supporting clients building IT security into information systems and business processes.• Demonstrating impeccable business judgment and negotiation skills, diplomatically achieving win-win situations.• Managing various projects and staff simultaneously, delivering work to the highest standard, both on time and budget.• Building trusted relationships with staff, influencing and supporting their development and empowering them to realise their potential.• Gaining a strong knowledge and understanding of clients’ business processes and service offerings to identify sales opportunities.• Actively managing client relationships, becoming the trusted advisor for commercial and government sector clients.

• Conducted activities (risk assessments, controls validation, audit reporting, system security certificates) across the phases of the Certification and Accreditation (C&A) process to ensure IT systems comply with the NZISM.• Scoped and performed ISO/IEC 27000 gap analyses to assess clients’ current information security management systems against industry best practice, identified weaknesses and reported on findings. • Contributed to the design and improvement of internal processes to advance the company’s maturity.

• Analysed regulatory requirements such as MiFID II and implemented measures to achieve regulatory compliance and drive risk acceptance processes.• Oversaw and analysed business requirements and various processes, employing document analysis, interviews, workshops and workflow analysis.• Enabled streamlined decision-making in a continually changing environment by translating complex business issues into clear, concise language.• Addressed and troubleshooted issues and problems, determined cause and potential impact to deliver sustainable solutions.• Collaborated as a member of a cross-functional team to achieve project success and establish strong, trusted business relationships to enhance utilisation of network to win engagements.• Effectively communicated with senior management and executives, reporting on project status and recommend strategic actions.• Cultivated technology partnerships to contribute to continued business growth.• Developed expertise in applicable regulations (e.g. MiFID II, GDPR), technologies (e.g. FIX protocol), and methodologies (e.g. Scrum) to stay up-to-date and competitive in the consulting market.

• Coordinated risk-based audits across the bank’s IT landscape, enhanced internal control efficiency and reduced risk by presenting valuable audit findings.• Demonstrated impeccable business judgment and negotiation skills, diplomatically achieving win-win situations.• Promoted use of newly implemented audit management tool, increased adoption and audit efficiency.• Devised and improved audit work programs to address emerging risks, strengthen the internal control framework and support the bank to achieve its objectives.

• Orchestrated management of various projects simultaneously, delivered work that adhered to highest standard, both on time and budget.• Served as key contributor to the assessment of information security controls for a major cloud service provider, making them the first New Zealand-based ICT provider to be awarded the ISAE3402 assurance standard.• Fostered strong business relationships in the Auckland business community, promoted the EY brand and contributed to winning engagements.• Participated in internal initiatives and projects such as being a Yammer Champion, developing the SharePoint Community and designing an SAP Training Program, contributing to EY’s purpose, building a better working world.• Established trusted relationships with peers, influencing and supporting their development and empowering them to realize their potential.• Surpassed expectations of clients and managers, achieved highest performance rating.