Guiding the organisation through the ISO 27001:2022 certification process (Stage 1 complete) and maintaining robust information security management systems.Built out information security policy, processes and procedures sets that aligns with ISO 27001:2022.Cultivated a security-aware culture within teams, fostering engagement and awareness of information security principles.Knowledge and hands-on experience with SDLC (Software Development Life Cycle) tooling.Automation (PowerShell) of network asset register to expand visibility of the vulnerability management process. Achieved a 95% reduction in both internal and external High and Critical vulnerabilities using a range of ethical hacking tool sets.Architected, designed, and engineered solutions in Azure to enable easy management and governance and reduce technical debt in the technology environment. Developed and presented monthly information security key performance indicators to senior leadership and ExCo level. Scoped incident response tabletop exercises, fostering ‘muscle memory’ and resilience in the face of security incidents.Implemented and deployed MDR (Managed Detection and Response) solution, enhancing real-time monitoring and proactive threat detection.Point of escaltion for High and Critical SIEM alerts. Conducted daily threat intelligence to identify potential vulnerabilities relevant to the business, ensuring a proactive approach to cybersecurity.Managed risk through effective risk management and governance practices, ensuring robust information security practices.Led the design and implementation of CIS benchmarks for cloud and Windows systems, enhancin security postures.Completing security assurance on information systems, ensuring compliance with security standards.Deployed end-user training initiatives and cultivated a culture of information security awareness among end users.

● Daily monitoring and alerting of threat Intelligence feeds for group IT vulnerabilities and data breaches, and leading meetings for the remediation of identified alerts. ● Managing the monthly Nessus scanning of the corporate and retail networks and leading the Cyber task force for mitigation. Critical and High Vulnerabilities are down 70% since leading the project. ● Using ethical hacking tools (NMAP, Metasploit, Nessus, Dirbuster) to identify false positive vulnerabilities and thus removing/reducing the risk associated with the vulnerability. ● Leading the investigation of Priority 1 and 2 SIEM alerts using open source intelligence and security tooling. Providing computer forensic analysis for computers involved in live incidents for incident investigation. ● Writing penetration testing scopes, leading penetration testing engagements, and remediating identified vulnerabilities. ● Owning the phishing campaign project, deciding the phishing campaign solution (PSAT), working with ● ● Infrastructure to configure/allow email defence in depth for the campaign, and testing and deploying campaign to all Hammerson accounts. ● Working with the Cyber Manager to choose the managed service SIEM (Rapid7) solution and to actively deploy the agents and configuration to ensure full environment coverage SIEM (Security Information and Event Management). ● Providing updates and designing mitigation to cyber owned risks and registering new cyber risks within the risk register.● Analysing and agreeing CIS Security baseline scope with the technical team for deployment across Windows, Cloud and Cisco systems. ● Automating server assurance activities through Powershell to assess if the server meets Hammerson’s security baseline. ● Reviewing, updating, and publishing Hammerson’s ISO27001 policies and guidelines within the agreed control areas . ● Reviewing Hammerson against NCSC Cyber Essentials and deploying the necessary changes to become compliant.

● The development and presentation of HMG (Her Majesty's Government) security related documentation. Including risk assessments, technical reviews, vulnerability management on time, tothe expected quality.● Representing and leading interactions with the security authority and key stakeholders at working groups.● Leading the assurance of peripherals being migrated from the legacy classified governmentenvironment to the new cloud environment and defining technical controls to mitigate identified risks.● Managing the assurance for the core infrastructure changes that meets NCSC, JSP440, JSP604, ISO27001 requirements; change implementation.● Delivering and presenting risk documentation to the security authority regarding risks introduced from new system designs and endpoint security.● Developing penetration test scopes for classified servers, system changes, and peripherals on theestate against security foundations such as OWASP; reviewing the subsequent penetration test reports and making an approval decision.● Vulnerability monitoring and analysis for classified government gateway environments and articulating the risk to the security authority and key stakeholders.● Completing site audits of MoD bases on behalf of the Security Authority against JSP440 and ISO27001 and to work towards building a strong security culture.

● Working with Security and Design Architects to deliver solutions to resolve live operational issues and explain technical designs to non-technical senior Army and RAF ranks.● Leading customer interactions on the client site as a representative from CGI.● Writing technical documentation on how to implement, test and rollback secure solutions.● Writing SOPs (Standard Operating Procedure) on system maintenance, security enhancing software, and system/data backup and restore.● Working with penetration test teams to enable their testing of bespoke classified governmentenvironments; reviewing the subsequent penetration test reports and implementing the remediation to identified infrastructure vulnerabilities.● Deploying and configuring EndPoint Security to ensure confidentiality, integrity, and availability of bespoke classified government environments.● Configuring and maintaining the live SIEM solution to provide security audit event alerting to highlight potential security issues.● Maintaining secure gold images to meet client requirements and enable easier deployment of said images.

● Taking customer calls, documenting the issues being experienced, and creating service incidents.● Replicating issues experienced by customers.● Undertaking root cause analysis to identify the cause of the issue being experienced.● Developing, testing, and deploying the software fix.● Confirming with the customer ensuring that they are satisfied with the resolution.