Head Of Information Security
CurrentFollowing changes of operating models, ownership, acquisitions and restructures at Nucleus, I was tasked with forming a new team to manage all security activities across the company. Leveraging my knowledge of Nucleus and experience in building teams, I established this function to enhance our security posture and support growth. My efforts were focused on ensuring we maintained the trust of our advisers, clients, regulators, and investors, to use security as a differentiator, not just a cost centre. Key Achievements: • Centralised Security Operations: Consolidated logs for key systems into a central SIEM for data alerting and investigations. • Vulnerability Management Programme: Reduced backlog of issues by 88%. • Control Maturity Assessment: Utilised the NIST Cyber Security Framework, ensuring seamless integration of new businesses. • Security Training Programmes: Developed training programs, resulting in a 38% decrease in phishing simulation hook rates. Responsibilities: • Risk Management: Identify and manage security risks with data-driven performance monitoring. • Security Operations: Centralise data, reporting, and alerting for all security operations to improve response times. • Acquisition Integration: Ensure consistent security standards during acquisitions. • Staff Training: Enhance staff awareness and compliance through security training. • Board Reporting: Present regular security reports and training sessions to the board. • Policy Definition: Define and enforce security policies and risk appetites. • Risk Assessment: Conduct audits, threat modeling, and tabletop exercises. • Vendor Oversight: Ensure adherence to security standards for partners and vendors. • Project Support: Integrate security and resilience into project design and delivery. • Operational Resilience: Lead readiness project for Nucleus Wrap, enhancing Business Continuity and incident management plans before transitioning responsibility to a new group-wide function.