In my role as Head of Security and Compliance at SciNote, I am responsible for ensuring the integrity, confidentiality, and availability of our electronic lab notebook platform. I lead the development and implementation of robust security policies and compliance frameworks that align with industry standards and regulatory requirements.Key responsibilities include:• Risk Management: Identifying, assessing, and mitigating security risks associated with our technology and data management practices. I conduct regular security audits and vulnerability assessments to proactively address potential threats.• Regulatory Compliance: Ensuring that SciNote adheres to relevant regulations, such as GDPR, HIPAA, and other applicable standards. I work closely with cross-functional teams to implement compliance measures and maintain documentation for audits.• Security Strategy: Developing and executing a comprehensive security strategy that encompasses data protection, incident response, and user access controls. I stay abreast of emerging security trends and technologies to continuously enhance our security posture.• Training and Awareness: Leading initiatives to educate employees and stakeholders about security best practices and compliance requirements. I foster a culture of security awareness within the organization.• Collaboration: Collaborating with product development teams to integrate security features into our electronic lab notebook, ensuring that user data is protected while maintaining a seamless user experience.Through my leadership, I aim to build trust with our users by safeguarding their sensitive data and ensuring that SciNote remains a secure and compliant platform for scientific research.

In essence, my commitment to the ISC2 chapter in Scotland is driven by a belief in the transformative power of education and community. It's about laying down the foundational stones for future experts who will continue to innovate, protect, and lead in the realm of cybersecurity. Together, we can inspire change, encourage diversity, and build a resilient cybersecurity ecosystem for generations to come.

Driving Cybersecurity Excellence and Compliance in a Transformative Healthcare LandscapeAs a Security GRC Lead at eMed UK, I was headhunted for my expertise and leadership skills to lead the 'Back to Health' program following the strategic acquisition of Babylon Health. My role is pivotal in navigating complex regulatory landscapes and driving the organization towards robust security compliance.• Spearheaded a comprehensive compliance program, effectively integrating standards such as ISO 27001, Cyber Essentials +, PCI DSS, and NHS DSP.• Leveraged expertise in IT strategy and cybersecurity to fortify our information security policy and assurance.• Engaged stakeholders effectively, managing third-party relationships and developing business cases pivotal to the ongoing IT transformation journey.• Demonstrated proficiency in risk frameworks and technology trends, ensuring the organization's adherence to industry standards and legal obligations.

Cybersecurity Advisor - Performing Gap Assessments & Advisory for FedRAMP EngagementsResponsible for information security, delivering secure technology solutions, and providing expert advisory services for an organization supporting multiple Fortune 500 clients. Oversee IT architecture, new technologies, processes, and procedures, identifying risks before and during deployment, and providing actionable insights to both technical and non-technical stakeholders.• Proven experience in aligning organizations with control frameworks such as NIST 800-53, ISO27001, and PCI-DSS• Expert in building teams that embrace defence in depth methodologies• In-depth knowledge in risk-based maturity approaches and conducting comprehensive security assessments.• Extensive experience in program/project management, strategic and tactical planning• Proficient with cloud-native technologies and a wide range of security tools.• Experienced in working in continuous delivery environments using agile methodologies.Strong ability to communicate complex technical information to non-technical audiences.

Developed and implemented a Digital Security Program (DSP) using Secure Controls Framework (SCF)• Scoped SCF controls to meet business objectives to meet ISO27K, AICPA TSC 2019 (SOC2), PCI DSS, NIST 800-53 rev5 (high) standards.• Wrote and maintained supporting procedures which dove-tailed to supporting technical SOPs• Built automation to manage procedures lifecycle; non-conformance review, request corrective action to address deficiencies found, documentation and communication of changes. • Built and operated Risk Management Program (RMF) based on NIST SP 800-37• Providing DR planning and business continuity assurance• Built OSINT feeds for operational teams to maintain visibility to known threats

Provided end to end program management and technical sign off for triple datacentre migration. • Developed, presented and gained executive sign-off on the project framework to include; Project Charter, Stakeholder/Team Identification, Project Plane Development, Success Criteria & Metrics, Risk Management, Project Logistics & Constructs, Management Toolset, Meeting Cadence and Acceptance • Chaired weekly “checkpoint” calls, Stakeholder Updates and Monthly Executive sponsor meetings.• Led the customers technical team with new design ideas, industry best practices for Compute, Storage and Networking architectures

• Defining and maintaining a global operating standard for data centre installation and decommission processes.• Initiating a strategic asset management process to optimise equipment life cycles as I controlled a $6M annual IT equipment budget.• Refining solution offerings to assure business continuity, reliability, and security for clients in tier-1 critical services and highly-regulated accounting industries.

I drove exponential growth for Artisan Infrastructure as I directed the company’s technology strategy and acted as the lead cloud infrastructure and consulting solutions architect. I promoted and facilitated the adoption of cutting-edge technology focused on increasing operational efficiency and productivity by improving communication. Some of my key contributions included:• Developing a people management strategy encouraging state-of-the-art innovation by initiating monthly internal code-based challenges.• Acting as an effective change agent while seamlessly identifying and integrating new technologies.• Cultivating relationships with notable clients and partners to foster long-term customer loyalty.

During a period of critical growth for Artisan Infrastructure, I supervised research and development activities and guided change management strategy. I facilitated the end-to-end implementation of leading-edge technology solutions as I collaborated with my team to successfully establish Artisan Infrastructure as a pioneering leader within the Infrastructure as a Service (IaaS) space.Notably, I played an integral role in the development of the world’s first Data Protection for NetApp solution, which enabled cutting-edge security and visibility enhancements for clients while simultaneously creating new cloud-based revenue streams.

Starting as a rollout engineer, I quickly climbed to a senior-level decision-maker after repeated success executing development and deployment strategies. In addition to leading implementations for key clients, I supervised training for engineering teams. Some of my notable project work included:• Large-scale installations of IBM EPOS systems for national retailers.• A major Cisco router and switch roll-out for a national retailer.• The development of Microsoft Server and Workstation migration plans.

I installed data and voice networks for enterprises and was a part in the construction of the first Intel flagship Datacenter in the UK. My role included:• Construction of cabling containment• Installing and testing of Category 5e & 6 Ethernet, 100 & 50 pair voice networks• Installing and testing of fibre backbone interconnect networks