Head of GRC & Data Privacy | Cybersecurity I lead the GRC and data privacy practice at Silverse, a forward-thinking cybersecurity startup. My role encompasses a wide range of responsibilities, including overseeing sales, pre-sales, and practice capability development, along with organisation accreditations. I work closely with our clients to understand their needs, develop tailored service offerings, and respond to RFPs with precision.As the practice lead, I manage operations and delivery from end to end. This involves coordinating cross-functional teams, conducting pre-assessment questionnaires, and ensuring that our services meet the highest industry standards. My focus is on providing robust cybersecurity solutions that help our clients navigate complex compliance landscapes and mitigate risks effectively.With a background in cybersecurity and a passion for data privacy, I aim to drive innovation and ensure excellence in every aspect of our practice. I believe in fostering strong client relationships and delivering results that make a tangible impact on their security posture.

Responsible areas -Internal Control – Design and maintenance of the internal control.IT AuditIT ControlsRisk ManagementPolicy & Procedures• Offices and projects reviews – -Verify how local management manages local risks and adherence to control best practices.-Verify investment intensive projects are properly structed in responsibilities, proper monitoring of deliverables and periodic reporting. - Verify that system implementations follow the planned schedule, deliver the expected benefits and executed within budget.- Ad-hoc reviews as required by the Internal Control Plan.

Security Consultant – GRCResponsibilities:ISO 27001 Implementation: Drafted and presented a full suite of information security policies, procedures, and Statements of Applicability (SOA). Guided the client through the development and implementation of their information security management system.IT General Controls (ITGC): Designed and implemented controls as per the SOA, conducted control testing, and reported findings. Addressed non-conformities (NCs) and provided recommendations for compliance. Third-Party Risk Management (TPRM): Designed control questionnaires, managed the response process, reviewed SOC 2 Type 2 reports, and presented summary reports to upper management.Business Continuity Planning/Disaster Recovery (BCP/DR): Assisted in completing Business Impact Analysis (BIA), documented and implemented Disaster Recovery (DR) plans for critical services, and coordinated with the crisis management team to ensure readiness in case of emergencies.

Project 1: First Line of Defense (FLOD)- Issues and Actions Management: Collaborated with issues and action owners to conduct risk assessments. Produced monthly summary reports, coordinated updates, ensured ongoing follow-ups, and managed timely closures of identified issues.Third-Party Risk Management (TPRM): Worked with Engagement Managers to oversee TPRM tasks.IT Assets and Inventory Management (ITAM): Monitored and guided teams to complete reviews of overdue/pending Business Impact Analyses (BIAs), Disaster Recovery (DR), Backup & Recovery, Evergreening, Patch Management, Service Reviews, Application Reviews, and Service Model Exceptions with corresponding Information Technology Security Officers (ITSOs).Control Assessment: Coordinated with control owners to review controls for Data Backup and Recovery, Patch Management, Scheduling, and Work Automation. Provided evidence to the Second Line of Defense (2LOD) for review.Meetings and Coordination: Led weekly meetings with risk contacts to discuss issues, actions, ITAM exceptions, and other relevant topics.Project 2: Data Privacy Consultant- Data Privacy Risk Management: Supported business process owners, application owners, and key stakeholders in end-to-end data privacy risk management. This involved reviewing applicable laws, data privacy regulations, and information security policies.Gap Analysis: Conducted gap analysis based on applicable regulations, creating data inventory, data classification, data mapping, and data flow diagrams. Developed Privacy Impact Assessment (PIA) checklists, conducted PIAs, and provided recommendations to address identified risks.Application Assessment: Performed thorough assessments across the organization to understand data collection, processing, and storage by respective applications. Documented findings and proposed solutions to ensure compliance with data privacy standards.

OPC IT Team LeadAs part of the Operational Risk and Permanent Control (OPC) team, I work closely with the Group IT Permanent & Operational Risks and Corporate Institutional Banking OPC IT teams to manage and oversee operational risks.Responsibilities Second Line of Defence (SLOD)- IT General Controls: Designed, defined, monitored, and tested business unit-specific operational controls to ensure compliance and minimize risk.- Risk and Control Self-Assessment (RCSA): Conducted RCSAs for various IT processes to identify inherent risks and evaluate the effectiveness of existing controls.- IT Historical Incidents/Internal Events: Analyzed past incidents and internal events, established corrective actions, and ensured proper validation and approval processes.- Steering Committee Meetings: Prepared comprehensive presentations for steering committees and management analysis.Disaster Recovery (DR) Service Manager- DR Plan: Maintained up-to-date disaster recovery plans for specific applications and services.- Runbook: Ensured the creation and regular updating of runbooks for key applications and services.- TT Exercise & Simulation Test: Conducted periodic walkthroughs and simulation tests according to the annual plan to ensure readiness.- Dashboard & Reporting: Created dashboards, KPIs, and reports to communicate results and progress to management.Risk Consultant- Scope of RAD: Oversaw Risk Acceptance Documentation (RAD) for IT, Telecommunications, ICFR, and Enterprise across the organization (Corporate & Circle).- Risk Acceptance Document (RAD): Led the end-to-end delivery of RADs. Evaluated risk acceptance requests in alignment with organizational security policies.- RAD Tracker: Maintained a tracker to monitor RADs, provided regular reports to management, and coordinated with action owners for timely closure of risk acceptance tasks.

Process Management and Compliance (PMC) TeamThe PMC team is responsible for defining processes, reviewing procedures, and suggesting changes according to organizational decisions. We provide end-to-end support on IT Service Management (ITSM) tools, monitor changes in SOX and non-SOX applications, share KPI reports with upper management, and periodically review application production services. We also drive access reviews and ensure segregation of duties for users in compliance with the Financial Conduct Authority (FCA) guidelines.ResponsibilitiesQuality Analyst- Performance Management: Analyzed and reported on the performance of IT assets based on MIPS and Java Severity Issues, ensuring optimal functionality and compliance.- FTP Security Audit: Conducted quarterly security audits on FTP, reporting findings to application owners and following up on exceptions and non-conformities (NCs) to ensure timely resolution.- Chronic and Repetitive Problems: Identified chronic and repetitive problems, escalated them to the respective application owners for root cause analysis and resolution, and monitored progress to prevent recurrence.- Training and Development: Provided training sessions to the Service Delivery Team to ensure high-quality services and strict process adherence, fostering a culture of continuous improvement.