John Fitzgerald
Information Security Officer at Sumitomo Mitsui Trust Bank, Limited (London Branch)- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
0
/5.0 / Based on 0 ratingsFilter reviews by:
Experience
-
Sumitomo Mitsui Trust Bank, Limited (London Branch)
-
United Kingdom
-
Banking
-
1 - 100 Employee
-
Information Security Officer
-
May 2022 - Present
EMEA Head of Information Security. • Security policy development, Compliance Auditing and Risk Assessment (ISO/IEC 27001) • Security awareness development • Liaison with regulatory authorities (including FCA and PRA) • Incident Management - reviews and exercises • Security consultancy/assessment for new projects and services • Security architecture and design EMEA Head of Information Security. • Security policy development, Compliance Auditing and Risk Assessment (ISO/IEC 27001) • Security awareness development • Liaison with regulatory authorities (including FCA and PRA) • Incident Management - reviews and exercises • Security consultancy/assessment for new projects and services • Security architecture and design
-
-
-
Cobalt
-
United Kingdom
-
Financial Services
-
1 - 100 Employee
-
Information Security Manager
-
Jan 2019 - Apr 2022
Lead role for Information Security • ISMS development, Policies, Standards, Procedures, Risk Management and Compliance Auditing (ISO/IEC 27001) • Client/Customer assurance, responding to Client Assurance queries • Security awareness development • Incident Management, exercises and planning • Security consultancy/assessment for system developments and infrastructure standards • Business Continuity and Resilience Management Recent projects have included: • Development of the ISMS in preparation for ISO/IEC 27001 certification − Information Security Risk Management − Review and redevelopment of Policies, Standards and Procedures − Information Security Review/Audit • Third Party Review programme − Assessing and revising controls • Security awareness campaign − Classroom based and computer based awareness training Show less
-
-
-
-
Information Security Officer
-
2006 - 2019
Group lead for Information Security. • Security policy development, Compliance Auditing and Risk Assessment (ISO/IEC 27001) • Security awareness development • Liaison with regulatory authorities (including FCA, PRA and SEC) • Incident Management • Security consultancy/assessment for new projects and services • Fraud investigations, reviews and exercises Recent projects have included: • Leading a Security review − Convening a forum of expertise from across the business − Considering all aspects of security – IT, Physical, Financial Fraud and Personnel Security − Taking input from external standards, guidance and accepted practice (PCI DSS, CIS, NIST) − Developing policy and providing focus for remediation projects • Security remediation − Assessing and revising system build standards − Performing Vulnerability Analyses on current systems and advising on remediation effort − Auditing key processes (change management , new projects, new users, patching) • Security awareness campaign − Revised Acceptable Usage Policies − Classroom based awareness training − Poster and leaflet campaign • SOC/ISAE3402 standards and controls development − Liaison with external auditors − Guidance and assistance for IT in identifying and developing controls Show less
-
-
-
Suncor Energy
-
India
-
Solar Electric Power Generation
-
1 - 100 Employee
-
Senior Advisor - IT Security and Service Continuity
-
2002 - 2006
Lead for IT Security Information Security and Business Continuity - Europe, North Africa, Near East and South America. • Security policy development (ISO17799, SOX) • Security awareness development • Data Protection Act (DPA) Guidance • Liaison with regulatory authorities and internal legal representatives (including Incident Management) • Business Continuity Planning and Disaster Recovery Planning • Security consultancy/assessment for new projects and services • Project Management, Outsource Management • Penetration Testing and Forensic Analysis Projects included: • Sarbanes Oxley 404 compliance • Leading planning initiatives for Disaster Recovery and Business Continuity • Security remediation project Show less
-
-
-
-
Network And Security Manager
-
1999 - 2002
• Responsible for design, development and maintenance of the Network and Security infrastructure • Security Auditing (BS7799), Business Continuity Planning and Disaster Recovery Planning • Liaison with regulatory authorities (FSA) and internal legal representatives • Contract negotiation, Purchasing (Network/Security equipment, Maintenance, Co-Location facilities, Internet connectivity) SLA development • Network Administration - Cisco Switches/Routers (6500,7200, 3600), HP Openview • Security Administration - Firewall (Cisco PIX, Checkpoint FW1) Intrusion Detection, Penetration Testing • Internet gateway support – DNS, Load Balancing (Cisco Local Director), Domain Registration Projects included: • Moving the company website infrastructure to dual Co-Location facilities with a complete redesign of the network and security infrastructure to support Disaster Recovery and improved scaling. • Implementing remote access via VPN (including authentication using RSA SecureID) • Relocating the company HQ (requiring a complete redesign of the internal network infrastructure) Show less
-
-
-
-
Systems Manager
-
1994 - 1999
• Responsible for design, development and maintenance of the IT infrastructure • Team Management, Project Management, Outsourcing Management • Security Policy development and implementation, Software Auditing • Security Administration – Firewall (Checkpoint FW1) Anti-Virus (Norton), Remote Access (Shiva) • Internet Gateway Support – SMTP (Sendmail, Lotus Notes) DNS, Squid Proxy • System Administration (Unix/NT/BackOffice/Lotus Notes), Network Administration (LAN/WAN) • Responsible for design, development and maintenance of the IT infrastructure • Team Management, Project Management, Outsourcing Management • Security Policy development and implementation, Software Auditing • Security Administration – Firewall (Checkpoint FW1) Anti-Virus (Norton), Remote Access (Shiva) • Internet Gateway Support – SMTP (Sendmail, Lotus Notes) DNS, Squid Proxy • System Administration (Unix/NT/BackOffice/Lotus Notes), Network Administration (LAN/WAN)
-
-
-
-
Customer Services Engineer (Pre and Post Sales)
-
1991 - 1994
• Technical Sales of ATM Switches, X.25 PADs and Switches, TCP/IP Routers • Pre-Sales and Post-Sales support, Consultancy, Training • Liaison with European and US distributors (sales and support), Direct sales within the UK • Responding to RFP/RFI/ITT • Ad-hoc support for internal IT systems including Unix System and Network Administration (SCO, AIX, Netware), LAN(TCP/IP, CONS, Ethernet), WAN (X.25), PC(DOS, GEM, DesqView) • Technical Sales of ATM Switches, X.25 PADs and Switches, TCP/IP Routers • Pre-Sales and Post-Sales support, Consultancy, Training • Liaison with European and US distributors (sales and support), Direct sales within the UK • Responding to RFP/RFI/ITT • Ad-hoc support for internal IT systems including Unix System and Network Administration (SCO, AIX, Netware), LAN(TCP/IP, CONS, Ethernet), WAN (X.25), PC(DOS, GEM, DesqView)
-
-