Personal statement
Information Security professional with CISSP since 2018. I have over 20 years of experience in security, compliance, risk, privacy, governance, and people management roles. At Barclays I successfully delivered high profile programmes with a personal 'Outstanding' rating relating to GDPR (General Data Protection Regulation), and Technology Controls improvement. In my current role I am the Information Security Manager which is the de facto CISO position for the company. I am responsible for the Information and Cyber Security programme and am also the company's Deputy Data Protection Officer. I enjoy being active in my workplace community by contributing to social clubs and organising events, founding a board games club at Barclays which grew to over 200 members.
Career Experience
London
Information Security Manager and Deputy Data Protection Officer
2020 to current
Responsible for the Information and Cyber Security Programme managing a small team to implement the Information and Cyber Securit y strateg y for the compan y . In the Deput y DPO role, I provide governance to ensure the compan y complies with GDPR and Data Protection Act requirements.
- De facto CISO role
- Developed, implemented, and refined the Information and Cyber Security programme
- Designed and implemented the Education and Awareness programme
- Manage incident response
London
Information Risk Manager - CSO GDPR Programme Lead
2017 to 2020
Responsible for delivering GDPR readiness for the Chief Security Office {CSO) with vertical business line accountability and whole of business cyber security (horizontal accountability). Integrated with the compan y-wide programme providing security expertise to develop and implement policies and controls to meet regulatory requirements.
- Relationship managed senior stakeholders including multiple Managing Directors; scoped their requirements, facilitated strategy discussions, and provided guidance as a Subject Matter Expert (SME)
- Performed gap analysis and provided recommendations for compliance with new regulations such as GDPR, PSD2, and privacy laws in multiple jurisdictions
- Formulated Cyber Security, Information Security, Data, and Privacy compliance standards and policies for the risk management framework utilising my NIST, ISO 27001, GDPR, PSD2, and ePrivacy knowledge
- Analysed hundreds of internal applications, systems, and processes to create an auditable compliance library of documents for Regulators including DPIA, AML, and Risk Registers
- Led monthly stakeholder forums for Security, Risk, and Compliance responding to queries and challenges as the SME for Conducted security awareness training including social engineering exploits, KYC, supply chain management, internal monitoring, and anti-corruption measures
- Delivered the Group GDPR programme with all milestones met on time and issues being resolved
Information Risk Manager - CSO Service Management Lead
Responsible for delivering the Technology Controls improvement programme for CSO. Updated and modernised the controls, to ensure accuracy, consistency, and accountability across a global landscape.
- Managed Second Line of Defence Technology Controls for CSO, monitored and ensured continued compliance for ten technical standards (Configuration, Change, Incident, Problem, Hardware, Software, Service Level, Support, Data Backup and Recovery, and Resilience)
- Performed horizon scanning, searching for current and emerging IT risks and Provided reports to stakeholders on topics including loT, data infrastructure, predictive and diagnostic analytics, and Al
- Led twice-monthly Service Management forums, challenging managers where required, resolved issues with Identity Access Management (IAM), Sarbanes-Oxley (SOX), and Resilience compliance
- Delegated group authority at Standard Owner forums and Stakeholder meetings, represented the Managing Director, provided feedback and challenge to policy proposals and new controls
- Wrote closure packs for CSO Terminal Milestones, integral to formal risk issue closures
Team Leader
2013 to 2017
Responsible for leading several units of diverse employees in teams of 8 to 11. Functioned as a role model, coach, and
subject matter expert. Conducted performance and disciplinary investigations.
- SME for global transformation programme, assessed software from potential new suppliers, developed new processes, guidance, comparative indicators, and reference materials
- Coached and mentored application, policy, and service teams, encouraging positive workplace culture
- Organised work allocations, managed internal reporting, and conducted personnel investigations
- Improved productivity through operational planning analytics, 1:1coaching, and hosting training seminars
- Established and maintained risk registers for information, fraud detection, and conflicts of interest
London
2008 to 2012
Pricing Analyst
Responsible for pricing assets within tight deadlines for extremely high value funds . Needed to cond uct second line reviews, perform pricing investigations, and create variance reports for management and internal audit.
- Created detailed Excel spreadsheet formulas and macros, using SQL and dashboard reporting software for price formulation, variance analysis, and risk reporting
- Evaluated funds for high-wealth clients, responded to queries and price challenges from stakeholders
- Trained new and experienced colleagues and signed-off their work
- Produced financial reports for senior decision makers incorporating scenario planning
London
Expense Analyst
2011
Headhunted for a short-term contract to provide enhanced steering for a high profile, sensitive programme, covering
thousands of employees to identify hundreds of millions of dollars of savings.
- Managed a cost cutting project providing analytics, guidance, and materials to department heads
- Created presentation decks and coached messaging for senior management to deliver difficult news
- Successfully achieved savings goal with minimal impact on employees and business functions
Intelligence Analyst
2004 to 2007
Responsible for creating detailed risk and intelligence reports at strategic and tactical levels to brief senior management
and the Minister of Immigration .
- Wrote and executed the area's intelligence plan and created intelligence digests for stakeholders
- Established and strengthened relationships with foreign and domestic law enforcement agencies
- Led project presentations to the Chief Executive Group
- Managed records for regulatory compliance for the Group's information system in accordance with international standards, built an online knowledge base, and trained officers in information security
- Created detailed spreadsheets, using Excel macros and SQL to bulk analyse applicants, developed and implemented strict information security protocols to store and use the information
- Project managed the IT fit-out of new premises incorporating physical and cyber threat assessment, and was a software Key User providing support to senior colleagues for Microsoft and bespoke applications
Qualifications and Training
2018 Certified Information Systems Security Professional {CISSP) membership
2015 - 2016 Internal government and external private courses on coaching, leading, and facilitation
2004 - 2007 Internal government courses on information security, strategic and tactical risk assessments, project management, website development, advanced document fraud detection, and counter terrorism
University Qualifications
2002 Bachelor of Arts (Social Anthropology)
1999 Bachelor of Commerce (Accounting)