Curriculum Vitae

Results driven Leader of Information Security with over 25 years of progressive experience delivering complex security programs and solutions for government and blue chip organisations. Demonstrated ability to lead cybersecurity transformations, manage high-stakes risk environments, and ensure compliance with regulatory frameworks while driving business growth. Adept at aligning security strategies with organisational goals, reducing risk, and enhancing resilience in multi cloud environments. Known for delivering security initiatives that secure critical national infrastructure and achieve significant reductions in security incidents.

Professional Experience

Leadership

• Partnered with C-suite leaders to align global security strategies with business goals, driving value across EMEA, APAC, and North America.

• Designed and executed a security roadmap, cutting incidents by 50% and boosting security maturity by 25%.

• Managed diverse security teams, promoting accountability and a strong security culture through global training initiatives.

• Standardised security practices across business units, improving compliance and strengthening the organisation’s security posture.

• Implemented BIAs and recovery plans, ensuring minimal disruption during incidents with adaptive risk processes.

• Delivered clear updates on cybersecurity performance, risks, and mitigation strategies to senior stakeholders for informed decision-making.

Security/Cyber

• Embedded security controls into system designs and product development, enabling secure cloud transformations and protecting digital services.

• Delivered programs empowering staff to identify and respond to security risks effectively.

• Enhanced application security by advancing SDLC with SAST, DAST, iterative testing, and exemption management.

• Reduced cyber risks in acquisitions by implementing a standardised assessment and mitigation framework.

• Optimised costs and improved security capabilities through strategic vendor negotiations and procurement.

• Strengthened global cloud security and IAM solutions for secure authentication and data protection.

• Created a tailored vulnerability testing program for effective risk management and quick remediation.

• Directed incident response, forensic investigations, and crisis communication to mitigate cyber threats and improve resilience.

• Automated monitoring and detection using advanced SIEM tools and enhanced readiness through penetration testing and red-blue team exercises.

Risk & Governance

• Established a global GRC framework aligned with business goals and regulatory standards like GDPR, NIST, PCI-DSS, and Cyber Essentials.

• Led IT risk assessments, identified vulnerabilities, and implemented mitigation strategies while embedding risk awareness across operations.

• Oversaw audits for Cyber Essentials, ISO 27001, and SOC 2, ensuring alignment with industry standards and driving continuous improvement.

• Created and maintained policies, standards, and procedures, conducting internal assessments to ensure ongoing regulatory compliance.

• Chaired Risk and Information Security Committees, driving governance, optimising risk posture, and setting KPIs to guide cyber investments.

- Legal and Financial Technology Company, UK