Business Information Security Officer

• Jun 2022 - Present

As part of my professional role, I - Provide cyber advisory at the business level as well as at enginnering/development level to a growing digital business arm of the Qantas Group. - Proactively collaborate with a range of business units across Qantas Group. - Assess information security risks in business activities, initiatives, and projects. Work with business owners to manage and mitigate those risks in an effective way. My professional knowledge and business/technical support areas include (but are not limited to): - Technology and Cyber risk/control advisory - Security architecture and advisory - Stake holder management - Digital / Agile development: Understanding of Security practices within modern SDLC frameworks (DevOps/DevSecOps & CI/CD) to help enable a Secure by Design model and approach across the organisation - Cloud security architecture: Experience architecting and/or securing applications and workloads in Public Cloud (AWS, Azure, GCP), IaaS, PaaS and SaaS.

Security Architect

• Jun 2021 - May 2022

- Translate the business vision and strategy into effective enterprise change by creating, communicating and improving the key security principles, standards and models that describe the enterprise future state. - Work with other internal and/or external teams (such as vendors, third party service providers, regulators) to provide security advice and to define logical and physical security architectures/designs for their initiatives and projects - Develop security-related integration architectures/designs for applications and infrastructure (including public cloud such as AWS, Azure, GCP, vendor SaaS solutions. - Develop reusable security architecture patterns, both logical (DESIGNER and physical (CONSTRUCTOR) - Thread modelling (e.g.: STRIDE, LINDDUN), SABSA, NIST, Open FAIR, MITRE ATT&CK and related methodologies and frameworks - Provide security engineering expertise if needed

Senior Security Architect

• Apr 2017 - May 2021

• Establish and maintain effective business relationships with business partners, providing guidance and ensuring productive and consistent service delivery;• Advise senior management on emerging security issues, threats and trends, including impacts of changes to legislation and adopting security technologies to provide visibility and assurance to senior stakeholders about the information security state of the Group;• Influence and identify information security requirements for business processes, applications and other software products to ensure that Westpac continues to be protected against current and emerging threats;• Consistently develop, drive and recommend potential areas for improvements by maintaining a good working knowledge of information security and emerging trends, to promote continuous improvement and consistent quality delivery of service;• Support and co-operate in the development of information security strategies and ensure implementation of work plans to ensure the long term benefit of shareholders, customers, employees and community stakeholders;• Mentor a team of Information Security professionals to deliver a security function, ensuring all aspects of Information Security align with Westpac's policies, processes, business and requlatory requirements and target risk position for information security;• Manage the Architecture development and governance processes for programs/projects to promote effective governance and solution quality within Architecture;• Provide technology advice and guidance to Business Unit Heads and Technology General Managers within a single domain to assist the business in the formulation of business strategy and technology investment decisions;International and national security standards and frameworks: NIST, TOGAF, SABSA, ISO 27001, PCI DSS, APRA's Prudential Standards, Protective Security Policy Framework, etc. Industry certificates ( CISM, CISA, CRISC, CISSP, CISSP, CCSP, TOGAF, ITIL, Prince2 ).

Security Architect

• Nov 2014 - Apr 2017

Business Security Consultant / Security Team Lead

• Apr 2014 - Oct 2014

• Managed and mentored a team of cyber security professionals • Developed information security standards, policies, procedures and guidelines • Provided information security optimization consultation and advice to ensure effective and safe business processes • Wrote business proposals and developed information security service portfolio • Integrated cyber-security practices into the corporate Information Security Standards, Strategies and Procedures of enterprise customers; • Carried out various security reviews/audit of ISMS, information security standards, policies based on industry standards (such as ISO 27001, NZISM, PCI DSS, NIST) and regulatory requirements • Developed Cyber Security Capability Strategy for an enterprise customer • Conducted current state assessment of technologies for IT security capabilities and delivered a technology security strategic initiative roadmap.

IT Security Specialist

• Dec 2010 - Apr 2014

Senior Technical Consultant/Security/Network

• Jan 2010 - Nov 2010

Systems and Security Specialist

• Jan 2009 - Aug 2009

Infrastructure Security Team Lead/IT Security Consultant

• 2007 - 2009

Technical Lead

• 2005 - 2007

IT Security Consultant

• Feb 2000 - Sep 2005