Tim Harding Email and Phone Number

In my current role I have overall responsibility for IT security across Rightmove Group Ltd - covering all technology domains (including the website and also the systems supporting the organisation’s business operations).My main achievements during my time in this role have included:● Defining the security posture and standards for the whole organisation ● Building an IT Security Team in an environment that previously did not have one and building a ‘brand’ internally that stakeholders across the company have grown to value and trust.● Leading the response to cyber security incidents – including co-ordinating technical response activities across internal IT teams and our retained third-party Incident Response (IR) partners, as well as advising internal stakeholders and senior management on potential implications.● Building relationships, and collaborating closely, with Rightmove’s Legal, Compliance, Supplier Management and Risk teams on all matters relating to Information Security and Data Protection.● Advising on technical controls to protect the Rightmove website and corporate IT estates.● Selecting and onboarding managed service providers for 24*7 SIEM / SOC coverage (for both the website hosting and corporate estates), and managed Endpoint Detection and Response (EDR).● Defining security standards for the Software Development Lifecycle (SDLC) - as well as providing developer education on secure software development.● Defining security requirements for a major replatforming of the website to a cloud-based hosting platform.● Leading projects to attain Cyber Essentials Plus, PCI-DSS and FCA compliance.● Planning various third-party assurance activities (penetration test, maturity assessments, audits etc.)● Educating the Rightmove board and Audit Committee on various aspects of cyber security – from demystifying some of the technical aspects to explaining the controls we have in place and projects that are in progress.

Prior to my current role I ran technical operations for the Rightmove website - one of the most popular, and highly trafficked websites in the UK. I was responsible for overall service delivery, operational support and all of the infrastructure that underpins the website and its various supporting services. I also directly managed two teams. During my time in this position our availability target of 99.99% uptime (with no planned downtime permitted) was achieved in every year except one.There was no established security team in Rightmove when I joined – so having come from a background in financial services, where security was a key capability and consideration, I extended my role to include responsibility for the security of the site. I introduced a number of technical security controls to protect the website during this period (WAF, DDoS mitigation services etc), and also built relationships with other stakeholders across the company to promote good cyber security practices throughout the organisation.Outside of the security domain I led several large-scale projects including multiple software migrations (Operating Systems, Database providers etc.), major storage and network refresh projects, two Data Centre migrations and the onboarding of several key systems.I was also responsible for the logistical and financial side of running the site and worked closely with our external suppliers on all matters related to service delivery, and Rightmove’s Finance team to plan and monitor expenditure.

During my time at BJSS my main clients were an international energy distribution company and a global commodity trading organisation. I worked on several projects including:• Designing and building a new data warehouse and ETL system to monitor stock levels of liquid hydrocarbons at different temperatures, air pressure levels etc. This required investigating some very niche engineering software and integrating this with an Oracle DBMS system. • A major data migration project of ERP data following the acquisition of a multinational oil company.

Continued to work with customers of Chordiant's Decision Management software suite after the company's acquisition by Pegasystems.

Provided technical consultancy in a client facing delivery role providing onsite guidance and support for customer projects that utilised Chordiant’s ‘Decision Management’ product suite.My main engagements included a long-term assignment to a major UK retail bank (covering various projects across both their online marketing platform to increase customer engagement, and their credit risk systems to reduce lending risk), and also two major European Telecommunications providers which were using the product for customer retention.The actual duties performed depended on the client (and project) concerned but would generally include some of the following:● Working with the business and IT teams to establish initial requirements.● Driving the development of architecture and design on the technical side● Mentoring developers to provide guidance on how to implement the solution as designed and ensuring best practices are followed.● Hands on development of code where new or difficult tasks were encountered.● High level architectural consultancy provided around product usage, capabilities and best practices with enterprise architecture teams, CIOs etc.

Technical Authority / Team Leader for J2EE Frameworks Team Established and led a new team of developers spread across two countries to provide an internal centre of expertise for Java and J2EE usage within the Euroclear group (these were not well established technologies prior to this). The mandate of the team was to produce reusable `framework' components that would be used by the various project development teams that were using Java in order to ensure a consistent approach across the group - as well as to provide consultancy on best practices for these technologies.As well as responsibility for Java and J2EE this team also become the centre of expertise for web services and SOA within the group (SOAP, WSDL, WS-* standards etc.). My role as technical authority also oversaw the development of various internal services (e.g. for authentication, connectivity to backend platforms such as CICS and MQSeries and also defined and implemented the API interface for web service communication between Euroclear and external partners such as SWIFT. For this last project security was of paramount importance as the messages being exchanged could include instructions for millions of pounds of assets being transferred (and also the service was operating in a heavily regulated environment) so considerable effort was spent to ensure the security of the service was watertight and could meet all necessary requirements (including non-repudiation) - we made extensive use of the OASIS WS-Security standards to ensure this.

Worked in a technical lead capacity for a major strategic project designed to standardise the user interfaces used by the customers of all the different operating companies of the Euroclear group. I initially evaluated an existing (C and MQ based) system used by one of the group companies for its potential as a basis for the asynchronous messaging channel for the new system. I then went on to lead the development team working on refactoring this system to meet the new requirements. Subsequently I then progressed to defining the technical architecture for a layered client server systems to support the GUI (online) channel. This used Java based technologies (JWS, J2EE etc.) and used SOAP as a messaging protocol. I also provided consultancy on application security and PKI usage throughout the project and advised on the integration of security controls into the system.

Joined CREST initially as a technical lead working on Tandem systems responsible for a team of developers but moved over to work on C++ systems running on Windows and Solaris and then to Java and J2EE applications. * Worked as a technical architect on a major project to develop a browser based version of the established CREST GUI application (using DHTML, J2EE and IBM Websphere). * Established a position of expertise relating to the integration of cryptographic controls in applications (in conjunction with appropriate infrastructure - PKI etc.) and provided consultancy to a variety of projects in this capacity. * Led the development of several systems running on Solaris and Windows platforms using Java, J2EE, C++ and MQ Series * Oversaw the implementation of an existing Objective C message feed system. * Developed prototype applications using CORBA and MQ Series. * Extensive development of the core back-office CREST system (CoBOL on Tandem).

Worked as a consultant on Tandem development projects.

Worked a a developer on Tandem systems.