Following changes of operating models, ownership, acquisitions and restructures at Nucleus, I was tasked with forming a new team to manage all security activities across the company. Leveraging my knowledge of Nucleus and experience in building teams, I established this function to enhance our security posture and support growth. My efforts were focused on ensuring we maintained the trust of our advisers, clients, regulators, and investors, to use security as a differentiator, not just a cost centre. Key Achievements: • Centralised Security Operations: Consolidated logs for key systems into a central SIEM for data alerting and investigations. • Vulnerability Management Programme: Reduced backlog of issues by 88%. • Control Maturity Assessment: Utilised the NIST Cyber Security Framework, ensuring seamless integration of new businesses. • Security Training Programmes: Developed training programs, resulting in a 38% decrease in phishing simulation hook rates. Responsibilities: • Risk Management: Identify and manage security risks with data-driven performance monitoring. • Security Operations: Centralise data, reporting, and alerting for all security operations to improve response times. • Acquisition Integration: Ensure consistent security standards during acquisitions. • Staff Training: Enhance staff awareness and compliance through security training. • Board Reporting: Present regular security reports and training sessions to the board. • Policy Definition: Define and enforce security policies and risk appetites. • Risk Assessment: Conduct audits, threat modeling, and tabletop exercises. • Vendor Oversight: Ensure adherence to security standards for partners and vendors. • Project Support: Integrate security and resilience into project design and delivery. • Operational Resilience: Lead readiness project for Nucleus Wrap, enhancing Business Continuity and incident management plans before transitioning responsibility to a new group-wide function.

As the first hands-on technical person at Nucleus, I transformed the Technical Operations department from an entirely outsourced service to a robust internal team, directly contributing to our award-winning service. By delivering flexible solutions, I empowered our team to perform at their best.Key Achievements:• Grew the Technical Operations department from scratch, establishing multiple self-sufficient teams.• Developed and implemented Business Continuity Planning and Incident Management frameworks.• Managed the GDPR readiness project, ensuring compliance across Nucleus and its partners.• Revised and implemented IT Security and Business Continuity policies appropriate for our organisation's size and responsibilities.Responsibilities:• Internal Systems: Managed internal IT infrastructure and oversaw outsourced partners to ensure smooth operations and high standards of service.• Business Intelligence: Led the BI team to ensure the accuracy, consistency, and timeliness of Management Information (MI), uncovering insights to improve processes and products, and aligning with emerging GDPR requirements.• Application Development: Developed client-facing systems integrated with our outsourced platform, ensuring swift implementation of changes aligned with business needs, along with creating an API ecosystem for our customers• Web Development: Collaborated with Communication teams to engage with our adviser community through effective web solutions.Career Development:• Mentored technical SMEs to become respected senior management team members.• Facilitated career transitions into technology and resilience roles, fostering growth and development within the team.• Staff Engagement: Participated in staff groups to shape and maintain Nucleus’s positive culture.

Invited to join the Lean Agile Edinburgh team after contributing to the community through hosting events at Nucleus Financial's office, and giving a talk on Resilience. Working with the other organisers, we aimed to host monthly meetups for people in the local community who are interested in learning and sharing their experiences. A mixture of talks, workshops and lean coffee, we ensured that the content reflected the needs of the community, and provided opportunities for speakers of all experiences levels to practice and gain feedback.

Asked by SC Media to be a judge for the annual European security awards in 2020. Reviewed 33 award submissions across 4 categories, to a set deadline, using my experience to assess against the outlined requirements

Invited by the CEO of Scotland IS to join the supervisory board overseeing the setup and launch of Scotland's first digital skills academy, CodeClan. Our role was to supervise and challenge the team creating the operating model, and provide input to ensure that the academy was able to meet the needs of employers

An early recruit to this startup, operating as a data marketplace, broker, and lead generator for various financial services products. Extracting as much value as possible from data, and reacting quickly to emerging opportunities and risks, were critical to LeadX’s success. All the activities were performed with these company goals in mind.This broad role included:• Running the IT infrastructure for a 200 seat callcentre and back office teams• Ensuring the solutions could scale quickly to meet emerging opportunities in the market• Minimising the cost of disruptive events through disaster recovery planning and testing• Mentoring callcentre staff to take on technical roles within LeadX• Full stack development of lead generation websites and callcentre workflow systems • Integrating our systems with a cloud based dialler• Managing the relationship with outsourced support partners

An early recruit to this marketing and lending startup, this broad role included:• Full stack development of lead generation websites and callcentre workflow systems • Producing MI on callcentre performance• Design, implementation and maintenance of IT systems• Keeping costs low, getting value through open source software - self directed learning• Business continuity planningAfter acquiring a strategic partner, integrated the systems of their UK branch offices into the existing network, with no disruption to operations.