Paul Norton Email and Phone Number

The British Council is the UK’s international organisation for cultural and educational opportunities working in over 100 countries to encourage cultural, scientific, technological and educational co-operation.Responsible for planning, implementing and managing organisation-wide systems for information risk management as part of Information Security Governance & Risk Management (IGRM) team. In the role, I consult and engage with stakeholders to ensure systems are compliant with the organisation’s policies and standards, and that risks are being managed within risk appetite. I encourage a business-wide understanding of information risk management accountabilities and responsibilities, as well as providing leadership and guidance to help colleagues understand the nature of information risk, how vulnerabilities can translate into risks to business, and steps required to mitigate them. I am also responsible for analysing assurance and audit reports and other information risk indicators, collating outputs into dashboards and executive summaries to support senior management decision making.Key Achievements:◾ Reviewed existing information risk management practices by auditing current risk reporting and through workshops with the IGRM leadership team◾ Led an assessment of the FAIR (Factor Analysis of Information Risk) methodology for risk assessment and worked with RiskLens (software provider) to support this, involving first-line teams◾ Implemented the first phase of a new risk management strategy to deliver more consistent risk reporting, clearer accountability and improved information risk maturity across the organisation, based on ISO 27001◾ Developed an ISO 27001 Information Security Management System for the organisation◾ Introduced the use of ISO 27001 to inform risk assessments and treatments

Appointed Enterprise Risk Advisor to improve the organisation’s risk maturity, managing communications regarding risk systems and processes and liaising with overseas offices to improve the organisation’s understanding and articulation of its enterprise risks. Supported the Senior Leadership Team in understanding and presenting their Principle Risks and provided analysis of risk reporting for the Risk Committee.Key Achievements:◾ Successfully led an initiative to improve management engagement in corporate risk management and production of more relevant and reliable reporting◾ Introduced a new thematic approach to risk reporting to support a more meaningful risk narrative for senior managers and the Risk Committee◾ Renegotiated contract with supplier of the risk information system, resulting in a major upgrade to the software and an overall cost saving

Promoted from Deputy Director to Director in 2007, based in Yaoundé, Cameroon. I was responsible for leading all aspects of the British Council’s operations in-country including ownership of strategies, business plans and budgets. Accountable for risk management, performance targets and developing strategic partnerships, as well as managing relationships with stakeholders with an interest in the British Council’s in-country operations. I developed new delivery models to increase the effectiveness of the British Council and ensured compliance with corporate standards for financial control, information management, risk, security, health and safety, child protection and brand. Between February and July 2021, I was based in Karachi, Pakistan, as a consultant, working on a number of security-related risks.Key Achievements:◾ In Karachi, I led analyses of procurement practices, the UK visa support process, and aspects of physical security, and presented recommendations to the country leadership team for designing risk treatments. ◾ In Yaoundé, I was responsible for restructuring and repositioning the Cameroon office to address a significant financial and reputational risk to Sub Saharan Africa operations and to the region's Exams business. I successfully repositioned the operation away from costly donor funding to become a sustainable Exams business with a cultural relations wrap-around involving web presence and local partnerships.

◾ 06/2005 to 07/2007: British Council, Almaty, Kazakhstan: Deputy Director ◾ 02/2001 to 06/2005: British Council, Moscow, Russia: Assistant Director◾ 11/1998 to 01/2001: British Council, Manchester: Senior Marketing Specialist◾ 04/1995 to 07/1998: British Council, Sogang University Seoul: English Teacher◾ 07/1987 to 11/1994: BT, London: Marketing Specialist & Public Relations Officer