Vulnerability Management, including conducting regular assessments, prioritising remediation based on risk impact, & coordinating patching efforts.Pen Testing activities, overseeing security assessments, risk evaluations, & collaborating with all stakeholders to ensure systems meet security standards, while delivering actionable insights for improving security & mitigating potential threats.Management of Security Incidents, from detection & analysis to resolution & recovery, ensuring swift containment & minimising operational disruption.Managed security-focused Change Management processes, incl evaluating & approving security patches, updates, & config changes to mitigate vulnerabilities. Worked closely with IT & risk teams to ensure changes were implemented securely, minimising operational impact.Physical Security assessments, identifying vulnerabilities in access controls, surveillance systems, & facility infrastructure. Provided recommendations for improvement to enhance overall security posture, reduce risks, & ensure compliance with safety standards and regs.Supplier security reviews, evaluating 3rd party risk, compliance with security policies, & alignment with contractual obligations. Collaborating with procurement & legal teams to ensure vendors met security standards, mitigating potential risks to data & ops.Ensured infosec was maintained throughout project lifecycle, from planning to delivery, by identifying risks and implementing necessary controls to protect data and ensure compliance.Generated & presented regular reports to management, highlighting key risks, incidents, & compliance status. Providing actionable insights & recommendations.Analysing reports generated by the SOC & monitoring systems to identify trends that might indicate future risk & ensuring appropriate responses.Maintained & updated infosec documentation in alignment with ISO27001. Facilitating audits & continuous improvement of the ISMS.Clearance for SC & VPPV2

• Proactive monitoring and enhancement of the local IT compliance framework.• Responsible for all documentation relating to the ISMS (Information Security Management System) and GDPR compliance. This includes procedures, policies, and processes.• Implementation and maintenance of best practices for IT security (ISO 27001 & Cyber Essentials).• Ownership of ISO 27001 framework, including continual improvements, implementation of change, monitoring / internal audits against the standard.• Security patch compliance governance for IT hardware estate.• Custodian of IT equipment standards, congruent with corporate standards.• Custodian of the Configuration Management Database of IT assets.• Custodian of EOL hardware governance.• Ownership of Joiner, Mover, Leaver process.• Ownership of Risk Register and Incident Management.• Responsible for promoting Information Security awareness throughout the business.• Lead the Information Security Management meetings.• Responsible for auditing and performing security reviews for third party vendors and suppliers.• Setting annual Information Security objectives and KPI’s.• Maintaining compliance and best practices with regular Access Reviews.• Coordinating regular penetration testing and managing identified vulnerabilities.• Root cause analysis after internal and external audits for any non-compliances.• Trend analysis and capacity planning.• Promoting GDPR / data protection compliance throughout the business, including records of processing, data retention and privacy.Accomplishments:• Gaining ISO 27001 certification first time round with no major non-conformities.• Established the Joiner / Mover / Leaver process.• Implemented the Risk Register.• Setup Change Management process.• Championed Business Continuity practices within the business.

POSITION SCOPE – Castellan is a cloud-based Business Continuity software vendor. My main responsibilities are to:• Reviews various sources of information and compiles feedback from tools into actionable intelligence when necessary. • Assists in the identification and remediation of misconfigurations and system weaknesses. • Participates in the vendor management program facilitating the tracking, completion, and delivery of external and internal security assessments. • Assists in general IT and SaaS software requests when appropriate. • Deploy web applications and perform data migrations tasks as needed. • Assists in the review and testing of Castellan Solutions Applications, both SaaS and mobile. • Participate in annual audits such as internal audits, ISO 27001, Soc2 Type II. • Develop refine and automate where appropriate security controls and technologies. • Be an active participant in incident response and information security event remediation. • Manage physical technology security deployments and tasks at UK locations.ACCOMPLISHMENTS:• Building out the Security Packets and the Security and Architecture guides for all solutions, including the Mobile Application Security and Technology Guide.• Created and mange the security dashboard – (Monitoring, tracking, reporting from various security tools and vulnerabilities)• Participate in annual audits such as ISO 27001, Soc2 Type II• GDPR Statement and DPIA documentations for all vendors.

POSITION SCOPE – Castellan are a cloud-based Business Continuity software vendor. My main responsibility is to build, deploy and configure new tenancies for our customers. The position includes support and administration of the solution and its infrastructure, which is hosted on Azure and utilises virtual Microsoft servers and MS SQL databases. This requires me to understand, support and configure supporting services such as Azure AD, IIS and DNS. Alongside my main role, I perform a number of other duties such as supporting audit and accreditation processes for standards such as ISO27001, ISO22301 and SOC2, type 2. Another has been designing and deploying company supporting tools such as O365 and SharePoint. Finally, respond to customer RFPs on information security compliance of the solution to their company standards.ACCOMPLISHMENTS:• O365 deployment – A project I managed and executed to deploy O365 internally for all employees• SharePoint tenant to tenant migration – Another project I managed and executed to migrate all documentation to a new company SharePoint tenancy • IAM - Created and implemented an internal joiner and leaver process• Audit - Supported the process of attaining the accreditation for ISO27001, ISO22301 and SOC2, type 2

POSITION SCOPE – Based full time at client site in Paris working on a Nuclear project for EDF. Primary function of the role was to build relationships with the French team and learn and assist with the administration of the PDMS system and provide UK context to the project. Liaising closely with the engineers and all stakeholders to ensure the project meets business needs. As the only English person in the team I was responsible for producing technical documentation and also translating French documents to English. Performing PDMS installations, upgrades, and testing application in different environments.ACCOMPLISHMENTS• Built a framework of supporting technical documentation for the UK operators• Translated technical documentation and software applications from French to English (and vis versa)• Support the management of the project phases

POSITION SCOPE – Managing and maintaining the IT systems on a high security network setup across various sites in the UK and France. Working closely with the CAD lead and CAD Systems Development Engineer to provide support for the smooth running of PDMS. Responsible for maintaining accurate and detailed project expense reports. Management of AD, Group Policies, WSUS, Servers, Firewalls, switches, VMware, TSM Backup solution.ACCOMPLISHMENTS• Operated as a junior project manager to move all domains to one central global domain.• Configured system to achieve IT Security Accreditation from the OCNS (Office of Civil Nuclear Security).• Assisted senior project manager with office move.

POSITION SCOPE – 3rd line support to clients remotely and on-site of overall IT systems. This included MS Exchange, AD, Terminal Services, Citrix, Windows Servers, Routers, Switches, Backup Solutions, and general network maintenance. Also supported several phone systems, including Avaya, Mitel, Cisco.ACCOMPLISHMENTS• Worked on several project to move offices to setting up new premises.• Under the guidance of technical lead completed project to virtualize servers to use VMware and Hyper-V.• Responsible for training new staff members.