Experience

Sumitomo Mitsui Trust Bank, Limited (London Branch)

• United Kingdom
• Banking
• 1 - 100 Employee

• Information Security Officer

  • May 2022 - Present

  EMEA Head of Information Security. • Security policy development, Compliance Auditing and Risk Assessment (ISO/IEC 27001) • Security awareness development • Liaison with regulatory authorities (including FCA and PRA) • Incident Management - reviews and exercises • Security consultancy/assessment for new projects and services • Security architecture and design EMEA Head of Information Security. • Security policy development, Compliance Auditing and Risk Assessment (ISO/IEC 27001) • Security awareness development • Liaison with regulatory authorities (including FCA and PRA) • Incident Management - reviews and exercises • Security consultancy/assessment for new projects and services • Security architecture and design



Cobalt

• United Kingdom
• Financial Services
• 1 - 100 Employee

• Information Security Manager

  • Jan 2019 - Apr 2022

  Lead role for Information Security • ISMS development, Policies, Standards, Procedures, Risk Management and Compliance Auditing (ISO/IEC 27001) • Client/Customer assurance, responding to Client Assurance queries • Security awareness development • Incident Management, exercises and planning • Security consultancy/assessment for system developments and infrastructure standards • Business Continuity and Resilience Management Recent projects have included: • Development of the ISMS in preparation for ISO/IEC 27001 certification − Information Security Risk Management − Review and redevelopment of Policies, Standards and Procedures − Information Security Review/Audit • Third Party Review programme − Assessing and revising controls • Security awareness campaign − Classroom based and computer based awareness training Show less



Rathbone Brothers Plc

• Information Security Officer

  • 2006 - 2019

  Group lead for Information Security. • Security policy development, Compliance Auditing and Risk Assessment (ISO/IEC 27001) • Security awareness development • Liaison with regulatory authorities (including FCA, PRA and SEC) • Incident Management • Security consultancy/assessment for new projects and services • Fraud investigations, reviews and exercises Recent projects have included: • Leading a Security review − Convening a forum of expertise from across the business − Considering all aspects of security – IT, Physical, Financial Fraud and Personnel Security − Taking input from external standards, guidance and accepted practice (PCI DSS, CIS, NIST) − Developing policy and providing focus for remediation projects • Security remediation − Assessing and revising system build standards − Performing Vulnerability Analyses on current systems and advising on remediation effort − Auditing key processes (change management , new projects, new users, patching) • Security awareness campaign − Revised Acceptable Usage Policies − Classroom based awareness training − Poster and leaflet campaign • SOC/ISAE3402 standards and controls development − Liaison with external auditors − Guidance and assistance for IT in identifying and developing controls Show less



Suncor Energy

• India
• Solar Electric Power Generation
• 1 - 100 Employee

• Senior Advisor - IT Security and Service Continuity

  • 2002 - 2006

  Lead for IT Security Information Security and Business Continuity - Europe, North Africa, Near East and South America. • Security policy development (ISO17799, SOX) • Security awareness development • Data Protection Act (DPA) Guidance • Liaison with regulatory authorities and internal legal representatives (including Incident Management) • Business Continuity Planning and Disaster Recovery Planning • Security consultancy/assessment for new projects and services • Project Management, Outsource Management • Penetration Testing and Forensic Analysis Projects included: • Sarbanes Oxley 404 compliance • Leading planning initiatives for Disaster Recovery and Business Continuity • Security remediation project Show less



Interactive Investor International (Fintech, New Media)

• Network And Security Manager

  • 1999 - 2002

  • Responsible for design, development and maintenance of the Network and Security infrastructure • Security Auditing (BS7799), Business Continuity Planning and Disaster Recovery Planning • Liaison with regulatory authorities (FSA) and internal legal representatives • Contract negotiation, Purchasing (Network/Security equipment, Maintenance, Co-Location facilities, Internet connectivity) SLA development • Network Administration - Cisco Switches/Routers (6500,7200, 3600), HP Openview • Security Administration - Firewall (Cisco PIX, Checkpoint FW1) Intrusion Detection, Penetration Testing • Internet gateway support – DNS, Load Balancing (Cisco Local Director), Domain Registration Projects included: • Moving the company website infrastructure to dual Co-Location facilities with a complete redesign of the network and security infrastructure to support Disaster Recovery and improved scaling. • Implementing remote access via VPN (including authentication using RSA SecureID) • Relocating the company HQ (requiring a complete redesign of the internal network infrastructure) Show less



Global Telecommunication Equipment Manufacturer and Distributor

• Systems Manager

  • 1994 - 1999

  • Responsible for design, development and maintenance of the IT infrastructure • Team Management, Project Management, Outsourcing Management • Security Policy development and implementation, Software Auditing • Security Administration – Firewall (Checkpoint FW1) Anti-Virus (Norton), Remote Access (Shiva) • Internet Gateway Support – SMTP (Sendmail, Lotus Notes) DNS, Squid Proxy • System Administration (Unix/NT/BackOffice/Lotus Notes), Network Administration (LAN/WAN) • Responsible for design, development and maintenance of the IT infrastructure • Team Management, Project Management, Outsourcing Management • Security Policy development and implementation, Software Auditing • Security Administration – Firewall (Checkpoint FW1) Anti-Virus (Norton), Remote Access (Shiva) • Internet Gateway Support – SMTP (Sendmail, Lotus Notes) DNS, Squid Proxy • System Administration (Unix/NT/BackOffice/Lotus Notes), Network Administration (LAN/WAN)



UK Telecommunications Equipment Manufacturer

• Customer Services Engineer (Pre and Post Sales)

  • 1991 - 1994

  • Technical Sales of ATM Switches, X.25 PADs and Switches, TCP/IP Routers • Pre-Sales and Post-Sales support, Consultancy, Training • Liaison with European and US distributors (sales and support), Direct sales within the UK • Responding to RFP/RFI/ITT • Ad-hoc support for internal IT systems including Unix System and Network Administration (SCO, AIX, Netware), LAN(TCP/IP, CONS, Ethernet), WAN (X.25), PC(DOS, GEM, DesqView) • Technical Sales of ATM Switches, X.25 PADs and Switches, TCP/IP Routers • Pre-Sales and Post-Sales support, Consultancy, Training • Liaison with European and US distributors (sales and support), Direct sales within the UK • Responding to RFP/RFI/ITT • Ad-hoc support for internal IT systems including Unix System and Network Administration (SCO, AIX, Netware), LAN(TCP/IP, CONS, Ethernet), WAN (X.25), PC(DOS, GEM, DesqView)