Matthew Lomas Email and Phone Number

Q: What company does Matthew Lomas work for?

Matthew Lomas works for AstraZeneca

Cyber Security Risk Director at AstraZeneca | MSc, CISSP, CISA, CCSK at @ AstraZeneca

Matthew Lomas's Location

Macclesfield, England, United Kingdom, United Kingdom

Matthew Lomas's Contact Details

Matthew Lomas work email

Matthew Lomas personal email

n/a

Matthew Lomas phone numbers

About Matthew Lomas

I have 18+ years experience in successfully delivering cybersecurity governance, risk management & compliance (GRC) capabilities in both a leadership and “hands-on" capacity within small and medium enterprises (SMEs) and global multinational companies, operating across the pharmaceutical, manufacturing (Defense / Aerospace / Automotive) and payment card industries.I possess a comprehensive understanding of global security standards and frameworks, including NIST CSF, NIST SP 800-53, NIST SP 800-171 (DFARS 252.204-7012), ISO 27001, PCI DSS and PCI Card Production, and have consistently attained and maintained certifications within heavily regulated industries. Academically, I hold a BSc in Business Information Systems and an MSc in E-Commerce and have pursued continuous professional development, securing industry security accreditations such as CISSP, CISA, Qualified Security Assessor (QSA), CCSK and Approved Security Assessor status for major payment brands such as MasterCard, Visa Europe, and Visa International (APAC).

Matthew Lomas's Current Company Details

Astrazeneca

View

Cyber Security Risk Director at AstraZeneca | MSc, CISSP, CISA, CCSK

Matthew Lomas Work Experience Details

Cyber Security Risk Director

Astrazeneca Nov 2022 - Present

Cambridge, Cambridgeshire, Gb

AstraZeneca PLC is a global science-led pharmaceutical and biotechnology company specialising in the discovery, development and commercialisation of prescription life changing medicines in Oncology and BioPharmaceuticals that are used by millions of patients worldwide. AstraZeneca employs circa 80,000 staff in 44 locations across 30 countries worldwide. AstraZeneca is listed on the London Stock Exchange and is a constituent of the FTSE 100 Index. As Director of Cyber Security Risk, I am responsible for the identification, management and reporting of cyber risk and risk reduction activities, both within Cyber and across the global Business Technology Groups and Enterprise Services, that help strengthen our cyber resilience by protecting the organisation's infrastructure, systems, applications and data assets.In my role I ensure that risk reduction initiatives are aligned and prioritised to the cyber security strategy and overarching organisational objectives and strategic direction, whilst maintaining transparent communication of KPIs and KRIs with key decision makers and stakeholders including Cyber Leadership, IT Leadership, Audit Committee, and Board of Directors.

View
Cyber Security Governance Manager

Astrazeneca Sep 2020 - Nov 2022

Cambridge, Cambridgeshire, Gb

View
Group Information Security Manager

Bodycote Plc Nov 2016 - Aug 2020

Macclesfield, Cheshire, Gb

Bodycote PLC is the global leader in heat treatment and specialist thermal processing services, providing a variety of techniques and specialist engineering processes which improve the properties of metals and alloys and extend the life of components. Bodycote operates within the automotive, energy, medical, aerospace and defence industries and employees circa 5000 staff in 180 locations across 23 countries worldwide. Bodycote is listed on the London Stock Exchange and is a constituent of the FTSE 250 Index.Key Responsibilities:- Development and maintenance of the information security management system (ISMS), ensuring a proportionate and consistent level of security is adopted for all data, applications, systems and network infrastructure across the Group;- Management of external and internal security audit frameworks, coordinating audit schedules and tracking and reporting of remediation activities;- Management of the third-party assurance framework and reporting of third-party risk to senior management;- Reporting of risk and control compliance through regular meetings with senior management and generation of presentations for the audit committee, executive committee and board of directors;- Supplier management for all security related solutions and services, from the creation of the initial RFP, through to supplier selection, engagement, and post implementation management of performance;- Management of all security testing, including external, internal and wireless network penetration testing and vulnerability scanning, including tracking and reporting of remediation activities to senior management;- Execution of logical and physical security assessments of Bodycote facilities to evaluate their current security posture and to recommend appropriate remediation activities;- Management of the user training platform and development of all information security awareness training content.

View
Head Of Security

Aps Group Secure Solutions Jun 2015 - Nov 2016

Stockport, Manchester, Gb

APS Group Secure Solutions (APS GSS) provides card personalisation (payment, loyalty and membership), transactional print, mailing, document scanning, data capture and archiving services from a high secure certified facility based in Chester. APS GSS is a MasterCard, Visa Europe and American Express approved card personalisation and PIN vendor and is a Tier1 PCI DSS certified Service Provider for its secure transactional print and inbound scanning and archive services.Key Responsibilities:- Responsible for the logical and physical security of the APS high secure facility encompassing card personalisation, PIN print, document scanning, transactional print and secure mailing operations;- Management of three separate teams and their respective service lines covering logical security, physical security (including outsourced guard monitoring service), and internal audit; - Management of external and internal audit frameworks, coordinating audit schedules and tracking and reporting of remediation activities;- Reporting of risk and control compliance through regular meetings with senior management and external stakeholders such as MBNA, Bank Of America and the Co-operative Bank;- Management of all certifications including PCI DSS, PCI Card Production, and ISO 27001:2013;- Management of the third-party assurance framework and reporting of third-party risk to senior management;- Management of all security testing and vulnerability scanning including tracking and reporting of remediation activities to senior management;- Supplier management for all security related solutions and services, from the creation of the initial RFP, through to supplier selection, engagement, and post implementation management of performance;- Development and maintenance of the information security management system (ISMS);- Management of the user training platform and development of all information security awareness training content.

View
Security Director (Founder)

Secaud Limited Sep 2010 - Jun 2015

Altrincham, Cheshire, Gb

Secaud was founded in September 2010 as an IT auditing and consultancy company operating within the payment card industry. Secaud achieved Approved Supplier status in 2011 with Visa Europe to perform logical security audits throughout Europe and then in 2012 with Visa International to perform logical and physical security audits within their AP & CEMEA regions. Secaud was also approved as a PCI QSA Company to perform PCI DSS assessments within Europe and achieved certification to ISO27001:2013 and Cyber Essentials PLUS. As Principal Consultant I was responsible for conducting security assessments against the latest Payment Card Industry (PCI) security standards for Payment Vendors that are either seeking to or that currently undertake the following payment card related activities:• Card and ICC manufacturing (including ICC embedding and pre-personalisation)• Card personalisation (including ICC personalisation and Magnetic-stripe encoding)• Card storing, shipping, mailing & fulfilment • PIN generation, PIN printing & distribution (including PIN electronic distribution)• Mobile/Secure Element component manufacturing, embedding and distribution• VMPA OTA provisioning and personalisation• Secure Element OTA lifecycle management• OTA transaction services (issuer updates)• Visa mobile gateway• 3-D Secure payment authentication (Enrolment Server and ACS)• Cloud-based payments

View
Senior Information Security Auditor

Ncc Group Jul 2007 - Sep 2010

Manchester, Greater Manchester, Gb

NCC Group (as part of their Cyber Security audit function) is accredited by MasterCard, Visa, American Express and China Union Pay to perform assessments of Payment Vendors against PCI Card Production logical and physical security requirements for the following card production and related payment services: • Card Production• Over-The-Air (OTA) Personalisation• Cloud-Based Payment Platform Security• 3-D Secure • PIN Security • GSMA Security AccreditationAs a Senior Information Security Auditor I was responsible for performing logical and physical security assessments of Payment Vendors on behalf of MasterCard International and VISA Europe.Meridian Services International Limited was acquired by NCC Group in March 2010

View
Information Security Auditor / Senior Information Security Auditor

Meridian Services International Limited (Acquired By Ncc Group) Jul 2007 - Oct 2009

Meridian Services International is an IT auditing and consultancy company that specialises in providing logical and physical security auditing and related advisory services to Payment Vendors globally that perform payment card manufacturing, Magnetic Stripe and EMV data preparation, card and ICC personalisation, PIN production and other payment related services of MasterCard and Visa branded payment cards on behalf of their card issuers.As a Senior Information Security Auditor I was responsible for performing logical and physical security assessments of Payment Vendors on behalf of MasterCard International and VISA Europe.
Professional Services Engineer

Alpha Business Computers (Part Of The Ans Group) Feb 2006 - Jul 2007

Alpha is a leading independent data management, data storage, data backup and data recovery solutions provider with 28 years experience delivering turnkey solutions to government departments, universities and schools, hospitals, local authorities, charities and companies.Alpha Business Computers was acquired by the ANS Group in November 2010.

Matthew Lomas Skills

Information Security Computer Security Security Cissp Network Security Information Security Management It Audit Security Audits Pci Dss Encryption Cryptography Key Management Physical Security Emv Pki Iso 27001 Payment Cards Payment Industry Penetration Testing Data Security Identity Management Cisa Application Security

Matthew Lomas Education Details

The Manchester Metropolitan University

Business Administration And Management
Leeds Beckett University

E-Commerce
Leeds Beckett University

Business Information Systems

Frequently Asked Questions about Matthew Lomas

What company does Matthew Lomas work for?

Matthew Lomas works for Astrazeneca

What is Matthew Lomas's role at the current company?

Matthew Lomas's current role is Cyber Security Risk Director at AstraZeneca | MSc, CISSP, CISA, CCSK.

What is Matthew Lomas's email address?

Matthew Lomas's email address is ma****@****oup.com

What is Matthew Lomas's direct phone number?

Matthew Lomas's direct phone number is +4416255*****

What schools did Matthew Lomas attend?

Matthew Lomas attended The Manchester Metropolitan University, Leeds Beckett University, Leeds Beckett University.

What skills is Matthew Lomas known for?

Matthew Lomas has skills like Information Security, Computer Security, Security, Cissp, Network Security, Information Security Management, It Audit, Security Audits, Pci Dss, Encryption, Cryptography, Key Management.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles

Get direct phone numbers & mobile contacts

Access company data & employee information

Works directly on LinkedIn - no copy/paste needed

Get Chrome Extension - Free

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.