Co-Founder and Non-Executive advisor - guiding the team to provide high quality coaching and career advancement to students. Rehan started the concept of helping young students to navigate the complex process of starting their careers when we worked together at BP. I volunteered to help him with his passion and got involved in mentoring and training young graduates and building a strategic view of the future. This vision and the program and AI to support it has developed over time and is now a commercially viable venture with exciting growth potential. I look forward to continuing to provide support and guidance as the business grows. Working in the IT industry, I see the daily challenge of finding passionate engineers, security analysts, and others, people who bring diversity of thought and a desire to develop rather than those who just have the right qualifications. This is the problem that Metatalent is solving.

Large European AirlineObjective: Understand the risks and priorities and develop an IDAM Strategy:• Assessing risks, linking architecture strategy with projects delivering IDAM improvements and redefining the priorities and strategy• Restructuring the IDAM team, the IDAM project staffing & deliverables and driving a service level change with the key supplier• Upgrading the live Active Directory Services and providing world class IDAM services for the cloud migration• Regular interaction with the lT Leadership team & Group Council to reset the understanding of key risks and reprioritize delivery• Result: Reduction of identity related risk exposure by £100k

Reduced the impact and likelihood of a £250m Security breach at TUI by;• Restructuring the Security function, building core capability pillars and developing group priorities for Identity & Access Management, Network Security & Data Security• Implementing Multifactor Authentication for 30,000 employees and advanced End Point Protection across 50,000 devices - significantly reducing the likelihood of a major breach• Launching a Security Operations Function and major incident process with operational ticket automation - anticipating attacks, enabling faster isolation and response times and improving protection coverage • Developing a Security Pipeline and tooling, setting up a Security Engineering Capability from scratch and training over 800 developers on security basics• Setting up security services including a global vulnerability management identification and remediation process as well as protection for customer email domains• Restarting a security awareness program post the pandemic shut-downRecognised as one of the top 100 Global CISO's in 2022, member of the Governing body for Evanta and CISO alliances, active participant in industry CISO forums and regular speaker at industry events. Passionate about protecting global organisations and their staff and customers from cyber attacks

Working with teams from TUI’s global businesses to identify and protect critical assets. Defining policies, controls, compliance, assurance and enforcement mechanisms to manage risk.

Objective: Establish a consultancy in Dubai to help clients reduce operational & cyber security risk and improve regulatory complianceProject successes included implementing a:• Pre IPO corporate risk process for the world’s largest oil company; • Security operations centre for the leading telecommunications company; • Compliance obligations management process for the region’s largest bank; • Business continuity and disaster recovery solution for a ministry of finance; • Risk management solution for a stock exchange.Keynote speaker at the 1st cyber security conference in Pakistan - protecting critical national infrastructure; 10th Saudi Arabia compliance & anti money laundering summit; RSA conference in Abu Dhabi; & SC conference in LondonResult: Estimated client risk exposure reductions and savings £50m - £100m per annum

Objective: Reduce the cost of cyber security risk assuranceLed and delivered enterprise-wide restructuring and transformational change programmes that centralised risk, compliance and security teams, and consolidated policies, processes and practices to embed corporate cost-reduction objectivesResult: Decreased headcount by 33% (£1.5m cost reduction), streamlined ongoing risk assurance processes - 30% more efficient (£2m efficiency gain)Objective: Reduce the likelihood of a cyber security breachSignificant contribution to the group cyber security strategy - reported to the Group CISODeveloped a risk based cyber security framework based on NIST & ISO27001Completed a confidentiality, integrity & availability (CIA) assessment of over 8000 IT applications to determine the most critical assets for security assessment Result: Reduced the risk of operational disruption (£1bn per day) and the risk of personal data loss (over £1bn)

Objective: Reduce IT operational riskLed and delivered a holistic top-down and bottom-up operational risk management programme to change staff behaviours, organisational culture and risk visibility at executive level in light of the Gulf of Mexico Deepwater Horizon disasterEstablished a 20-strong global network of risk and compliance professionals, designed and executed education strategy, and oversaw training for over 5,000 operations staff and strategic outsourced partners. Ran workshops for Board and C-suite executives and successfully change managed behaviours and removed the silo-based cultureResult: Reduced the risk of operational disruption (£1bn per day) and the risk of personal data loss (over £1bn)Objective: Reduce IT operational risk Through consistent global risk process, qualified and quantified top 50 business risksDeployed an GRC platform & developed a consolidated risk matrix to automate the risk processCreated a governance risk & compliance forum to upskill the risk network, solve problems and share best practicesManaged the internal and external audit relationships and interface with the IT organization (Over 30,000 hours of IT audit activity per annum)Result: Reduced the risk of operational disruption (£1bn per day) and the risk of personal data loss (over £1bn)Objective: Reduce IT operational riskImproved board level assurance by initiating a Board and C-suite reporting structure for BP’s highest priority risks, including cybersecurity that raised awareness across the organisation and significantly influenced decisionsEducated the Group CIO on all aspects of IT operational & cyber security risk (40+ hours of briefings)Result: Reduced the risk of operational disruption (£1bn per day) and of personal data loss (over £1bn)

Objective: Reduce IT operational riskStrengthened cyber security by implementing enhanced controls through a PCI-DSS compliance program and achieved compliance in 10 level 1 credit card processesResult: Reduced the risk of personal data loss of over £1bnObjective: Speed up critical application post-disaster recovery timeWorked closely with and oversaw senior IT and process stakeholders to drive and deliver a strategic business continuity and disaster recovery BC / DR centralisation programme Defined and implemented solutions, directed a quality assurance review across 30 applications, remediated open actions, and validated solution efficacyResult: Reduced the risk of business disruption of £500m per dayObjective: Reduce the likelihood of a major compliance failure Successfully facilitated and achieved global IT application SOX complianceLed a $1.8M programme that identified, prioritised and assessed 36 critical applications, and successfully remediated 2,500 control gaps and 70,000 Segregation of Duties violationsResult: Reduced the risk of fines of over £100m and personal liability for directors

I was Business Assurance and Audit Manager with additional accountability for key account management for European Gases and Logistics Divisions and a team of three. I designed and introduced COSO SOX control templates across four major geographies, and introduced risk-based methods to create and develop global guidelines and audit programmes. I implemented a global transformation plan that expanded Group Audit from five to 55 people, and assessed internal division controls, as well as country controls in Japan, Korea, China, India and Mexico. In addition, I played a key leadership role within an integration team and coordinated due diligence on a major European acquisition, where my work directly contributed to a $1.7M reduction in purchase price. I was also heavily involved in the acquisition and merger of three UK company operations.

I was based in the UK from 1998 to 2001, where I held accountability for delivering auditing services, corporate governance, company restructuring, accounting practices and due diligence for clients across a wide range of industries, as well as researching and developing proposals and solutions to secure new business. Consultancy work included: Established a new holding company structure with 24 subsidiary organisations, and resolved equity accounting issues and complex executive share schemes. Advised on corporate governance and listing rules disclosure, and managed group reorganisation and property transactions for a 13-subsidiary group. Audited, consolidated and completed statutory activity for 70 leasing companies within a major banking structure. Settled year-end audit and tax issues across European operations for a German client during secondment in Germany.Between 1994 and 1998, I was based out of Harare where I audited premier listed manufacturing, retail, F&B, hotel and leisure, supermarkets, and transportation companies. I supervised and coordinated eight audit teams, supported Group tax returns, and conducted a detailed evaluation of structured finance instruments. I also handled consolidation issues for a large conglomerate restructuring, and designed and implemented stock costing model for a blue-chip timber plantation.