As the Chief Information Security Officer (CISO) of Capital Support, my role was created to deal with the growing demand for IT professionals specialising in IT security for the financial services sector. The key areas for Capital Support included: -• Achieve ISO 27001:2013 accreditation status within six months• Create and establish an Information Security Steering Group (ISSG) committee • Provide a training structure for all Capital Support employees and increase security awareness • Conduct an internal business process and gap analysis to identify areas that required improvements • Achieve the Cyber Essentials accreditation Since completing the above tasks, I now oversee: -• Management of Capital Support’s ISO 27001:2013 accreditation• Conduct business and gap analysis audits for clients to identify areas in need of security improvements• Provide outsourced and remote CISO services to global clients • Assist clients with achieving their own ISO 27001 accreditation or regulatory compliance (U.S. SEC/OCIE Examinations and FCA) • Technical pre-sales specialist providing information on cybersecurity solutions

Key objectives were to ensure that Lewisham Homes complied with the Data Protection Act, and to put an Information Management Framework in place. The role included presenting a project plan for using the ISO 27001 to the Board of Directors at Lewisham Homes. With approval from the Board of Directors, I set about implementing the information management project. Key areas of achievement: - • Carried out a gap analysis to ISO 27001 • Set up an Information Management Steering Group (as part of the ISMS) • Created an information asset register and record management • Carried out the business impact analysis (BIA) against the information assets • Created a risk treatment plan from the gap analysis and BIA • Created a number of policies: reporting information security breaches and events, acceptable use policy for all staff, mobile device policy, ICT operational policies, information labelling, classification and handling policy, third party coco, information sharing procedure • Reviewed privacy statement and made recommendations • Reviewed HR policies with regards to temporary and permanent staff • Implemented an e-learning package for all staff • Created a Statement of Applicability (SoA) against ISO 27001:2013 Day to day duties: - • Manage IT security incidents • Reviewing third party cocos and scope requirements for penetration tests • Reviewing Lewisham Homes’ risk management methodology including business impact, threat and vulnerability • Key adviser for FOI and SAR requests and information sharing agreements

As the Information Security Officer at Lambeth Council, Simon’s role was to ensure that staff wereaware of the Council’s security policies and the importance of them. One way he achieved this wasby carrying out a clear desk policy audit as part of the physical audit. The physical audit highlighted a number of recommendations, one of which was to appoint Security Champions to take ownership.Simon also worked with Business Support Managers across the Council to carry out a risk assessment on their priority systems.As part of the Council’s PSN coco submission, Simon had to work with CLAS consultants to scope the penetration test and put together a remediation IT health check plan. Simon was also the single point of contact with regards to information security and advice oninformation security in new web applications, outsourced services, disaster recovery projects andother projects.Key areas of achievement: - • Carried out physical internal audits • Carried out the risk assessment on all priority 1 systems and developed a risk treatment plan • Scoped the penetration test for PSN compliance • Implemented a process for remediation following the IT Health Check • Completed the PSN coco • Carried out a gap analysis to ISO 27001 Day to day duties: - • Managed IT security incidents • Reviewed third party cocos • Reviewed the Council’s risk management methodology including business impact, threat and vulnerability • Key adviser for information security and information sharing for the Council • Reviewed and updated the Council’s security policies

Having implemented BS7799 for the Rent Service (part of DWP), Simon was approached byWandsworth Council to implement ISO 17799/27001.As the IT Security Consultant, Simon had overall responsibility for information security in the Council. He reported to the Board of Directors and ensured that the Council maintained its certification to ISO 27001. He was also the Project Manager that rolled out ISO 27001 across the other departments (HR, Administration, Finance, Children Services, Adult Services, Leisure and Amenities, Planning and Housing) in the Council together with PCI DSS.Key areas of achievement: - • Security architect review with a budget of £1.5 million • Changed the security culture of the Council • Implemented a process for reporting security incidents • Reviewed and updated the Council’s security policies • Put together a security awareness training program • Developed a risk management methodology including business impact, threat and vulnerability • Achieved compliance and certification in the first attempt for the Council • Implemented an information security management system framework. Over half of the Council is ISO 27001 certified and the aim was for the whole Council to achieve ISO 27001 by a set date • Achieved certification to BS7799 • Recertification and scope expansion to ISO 27001 • Delivered a risk management process • Delivered a security awareness program Day to day duties: - • Developed and maintained the Council’s IT security • Reviewed and updated security policies • Carried out internal audits • Key adviser for DPA, FOI and information sharing Simon had to carry out internal audits as well as facilitate with external auditors. He coordinated other tests, from penetration testing to server hardening. The Council was predominately a Microsoft house, and Simon reviewed all the security patches and took the appropriate action with regard to security patches.