About
Highly accomplished Cyber Security Professional with over a decade of experience in Governance, Risk, and Compliance (GRC) and Security Operations across government, finance, and telecommunications sectors. Proven expertise in developing and implementing robust security frameworks (ISO27001, NIST, GDPR, SOC2), leading incident response, and driving regulatory compliance. Adept at leveraging advanced security tools and strategic guidance to enhance organizational resilience and mitigate complex cyber threats.
Work
London, England, UK
→
Summary
Led information security policy development and compliance initiatives for a government department, driving strategic security posture and regulatory adherence.
Highlights
Developed and implemented a comprehensive Information Security Policy roadmap, significantly enhancing the strategic security posture.
Conducted in-depth gap analyses on government department security policies, identifying critical areas for improvement and compliance.
Defined a high-level policy suite and approval workflows, streamlining governance processes and improving efficiency.
Provided strategic security guidance to diverse stakeholders, fostering a proactive security culture.
Executed thorough risk assessments and ensured stringent compliance with industry standards, mitigating potential vulnerabilities.
London, England, UK
→
Summary
Provided expert GRC consultancy to the Cabinet Office, developing robust security frameworks and ensuring regulatory compliance.
Highlights
Developed and documented a comprehensive Digital Security Risk Management Framework, enhancing organizational resilience and risk visibility.
Conducted detailed risk assessments and gap analyses, identifying and addressing critical security vulnerabilities.
Updated and refined security policies, ensuring alignment with evolving regulatory landscapes and best practices.
Led workshops to define security processes, aligning them with ISO27001 and CAF frameworks to improve operational efficiency.
Enhanced SOC processes and governance frameworks, strengthening threat detection and response capabilities.
Created precise risk registers and security documentation, ensuring full regulatory compliance and audit readiness.
London, England, UK
→
Summary
Spearheaded security architecture and threat intelligence initiatives for the Financial Conduct Authority, enhancing regulatory oversight and incident response.
Highlights
Led Threat Intelligence process re-engineering, aligning operations with MITRE ATT&CK for enhanced threat detection capabilities.
Developed comprehensive security policies, frameworks, and use cases, strengthening the overall security posture.
Managed Public Key Infrastructure (PKI) transition to cloud-based PKIaaS, improving scalability and security.
Engaged key stakeholders and vendors to integrate advanced security tools (MISP, Sentinel SIEM), optimizing security operations.
Delivered critical security risk assessments and implemented incident response improvements, significantly reducing organizational risk.
London, England, UK
→
Summary
Managed vulnerability and patch management governance, enhancing security posture and streamlining operations for Computacenter.
Highlights
Managed vulnerability and patch management governance, ensuring timely remediation and system hardening.
Facilitated server migration into standard patch cycles, improving system stability and security compliance.
Developed essential governance artifacts and security documentation, standardizing security processes.
Led Access Management process during a merger, ensuring seamless and secure integration of user access.
Created impactful security awareness materials and training guides, enhancing organizational security posture and reducing human error.
Assisted in patch cycle migration and governance framework implementation, contributing to improved operational efficiency.
Edinburgh, Scotland, UK
→
Summary
Developed and reviewed security policies and procedures for ISO27001 and DEA accreditation, ensuring compliance and audit readiness.
Highlights
Developed and reviewed security policies and procedures for ISO27001 and DEA accreditation, ensuring compliance.
Ensured security accreditation compliance and coordinated audit preparations, achieving successful outcomes.
Conducted comprehensive compliance gap analyses and risk assessments, identifying and mitigating vulnerabilities.
Led ISMS security awareness and training initiatives, improving organizational security posture by 15%.
Managed compliance documentation and regulatory reporting, ensuring adherence to standards and timely submissions.
Welwyn Garden City, England, UK
→
Summary
Managed GDPR remediation and risk assessments, ensuring compliance across multiple business units for Tesco.
Highlights
Led GDPR remediation and compliance projects, ensuring adherence to data protection regulations across diverse business units.
Managed risk assessments and ensured compliance across multiple business units, mitigating potential data breaches.
Engaged key stakeholders to drive secure data governance, fostering a culture of data protection and accountability.
London, England, UK
→
Summary
Developed and managed IT security control frameworks and conducted risk assessments for Maersk.
Highlights
Developed and managed robust IT security control frameworks, enhancing the organization's security posture.
Conducted comprehensive risk assessments and implemented security best practices, reducing potential vulnerabilities by 20%.
Provided critical governance and compliance support for information security initiatives, ensuring regulatory adherence.
Windsor, England, UK
→
Summary
Designed SIEM automation workflows and SOAR processes, improving incident response capabilities for Centrica.
Highlights
Designed SIEM automation workflows and response processes, enhancing threat detection efficiency by 15%.
Developed Security Orchestration, Automation & Response (SOAR) processes, streamlining incident handling and reducing response times.
Designed incident response workflows aligned with NIST framework, improving response consistency and effectiveness.
Managed third-party security compliance and governance, ensuring vendor adherence to security standards.
Assisted in improving cyber threat detection processes, enhancing overall security operations.
London, England, UK
→
Summary
Led SOC operations and incident management workflows, enhancing security posture and compliance for the Home Office.
Highlights
Led SOC operations, defining security incident management workflows that improved resolution efficiency by 25%.
Conducted War-Game Exercises and Tech Bridge calls, enhancing team readiness and incident response capabilities.
Enhanced compliance with GDPR, NIST, and SIEM onboarding, ensuring regulatory adherence and reducing risk.
Managed intelligence feeds and security awareness programmes, improving threat intelligence and user vigilance.
Designed playbooks and response plans for security incidents, standardizing and accelerating incident resolution.
Organised and managed training and inductions for 10+ SOC analysts, significantly improving team proficiency and readiness.
Salford, England, UK
→
Summary
Managed security risk assessments and compliance tracking, developing governance frameworks for IT security policies at TalkTalk Group.
Highlights
Managed security risk assessments and compliance tracking, identifying and mitigating potential vulnerabilities.
Assisted in vulnerability scanning and penetration testing initiatives, strengthening system defenses.
Developed governance frameworks for IT security policies, ensuring robust security controls.
Manchester, England, UK
→
Summary
Led cyber security risk remediation and compliance projects, developing security frameworks for COOP Bank.
Highlights
Led cyber security risk remediation and compliance projects, significantly reducing organizational risk by 30%.
Developed robust security frameworks and conducted comprehensive risk assessments, enhancing overall security posture.
Assisted in IT finance business assets architectural management, ensuring secure infrastructure design and data integrity.
Awards
Industry Conference Speaker
Awarded By
Various Industry Bodies
Recognized for speaking at industry conferences on governance, risk, and compliance, sharing expertise and thought leadership.
Publications
Skills
Stakeholder Engagement & Training
Security Awareness & Training Programmes, Stakeholder Management, Cross-functional Collaboration, Training & Inductions.
Governance, Risk & Compliance (GRC)
OWASP Top 10, ISO27001, NIST, GDPR, SOC2, Security Frameworks, Risk Assessment & Mitigation, Regulatory Compliance, Policy Development & Implementation, Security Audit & Certification.
Security Operations & Threat Intelligence
Cloud Security, DLP, Vulnerability Management, IAM, SIEM, Network Security, 3rd Party Management, Incident Response & Disaster Recovery, Cyber Threat Detection, SOAR (Security Orchestration, Automation & Response).
Security Tools & Artefacts
ServiceNow, JIRA, PowerBI, Visio, Remedy, EA-Sparx, Excel, PowerPoint, Microsoft Word, Roadmaps, Target Operating Models, Requirements Catalogues, Use Cases, BPMN, Process Maps, Policies, Standards, Runbooks, Playbooks, Work Instructions, RACI Matrices, Capability Matrices, Document Maps, Statements of Work, MISP, Sentinel SIEM.
Technical & Process Management
Vulnerability Management & Patching, Access Management, Server Migration, Public Key Infrastructure (PKI), IT Security Control Frameworks, Architectural Management.