Information Security Consultant
Royal Dutch Shell Plc
مجموع سنوات الخبرة :14 years, 11 أشهر
Parabis Management Ltd required an overhaul of information security and data protection functions. As Information Security Manager, oversaw development and implementation of policies, procedures and practices. Worked with stakeholders to develop information security strategy; led delivery of information security projects; liaised with 3rd parties to ensure minimum information security standards were met; drove change as member of CAB; and led vulnerability audits and assessments. Succeeded in delivering best practice Information Security Policy Framework resulting in the group securing new business.
•Slater & Gordon Group were required to undertake an ISO 27001 audit in line with regulatory obligations. Engaged as Information Security Consultant / Head of Information Security to perform audit gap analysis and agree remediation activities for ISO 27001 certification. Responded to due diligence questionnaires from 3rd parties; liaised with stakeholders to implement processes; managed security threats and incidents; recruited team to support Security Operations Centre (SOC); led ISMS team to ensure documentation was prepared. Succeeded in passing audit to gain ISO 27001 certification.
•Morgan Stanley needed to update existing information security policies and procedures in line with regulatory requirements. Engaged as Information Security Consultant to develop new existing policies and procedures. Researched regulatory obligations and standards; scoped new policy and standards requests; worked with program leads and SMEs; led drafting of policies and standards; facilitated workshops to finalise policy content; presented recommendations to senior managers. Succeeded in developing and implementing new practices ensuring alignment with GDPR and UK Data Protection requirements.
Engaged as Information Security Consultant / Head of Information Security to perform ISO 27001 audit gap analysis and agree remediation activities for certification as part of the ISO 27001 implementation.
•Responded to due diligence questionnaires from 3rd parties including BGL for Health.
•Reported directly to the CEO of the UK and liaised with key stakeholders to implement agreed processes for managing security threats and incidents.
•Responsible for recruiting a team to support the Security Operations Centre (SOC) and led the ISMS team to ensure mandatory documentation was delivered to the business.
•Developed, agreed and executed a detailed project plan for an Information Security Management System (ISMS) implementation based on ISO 27001:2013.
Key Achievements:
•Appointed to the role of Head of Information Security whilst a permanent role holder was appointed, with ownership for ensuring that an appropriate Target Operating Model for the Security Operations Centre (SOC) was defined and implemented including incident management processes.
Feb 2015 to Apr 2016: Parabis Management Ltd: Head of Information Security
•Employed as the Head of Information Security, with ownership for overseeing and coordinating all aspects of information security and data protection across all Parabis Group Law companies.
•Reported directly to the Parabis Law Ltd group IT Director.
•Identified, planned, managed, implemented and monitored policies, procedures and practices ensuring alignment with regulatory obligations to ensure the protection and safety of information.
•Liaised with key internal and external stakeholders to develop and deliver a robust information security strategy focused on protecting the information and data of the company and its customers.
•Played a pivotal role in support the project and programme management teams with the end to end delivery of information security related projects and initiatives.
•Worked closely with 3rd party service providers and suppliers to ensure minimum standards for information security were consistently met.
•Appointed as a key member of the IT Change Advisory Board (CAB) with ownership for ensuring all changes and initiatives received in-depth security risk assessments.
•Responsible for leading delivery of vulnerability audits and assessments, managing the information security risk register and risk treatment plans, and ensuring that incidents were successfully resolved.
Key Achievements:
•Worked in close collaboration with the training team to create and deliver an Information Security awareness training program which was instrumental in ensuring business and central support teams were able to embed security principles and practices into their departments.
•Spearheaded the successful development and delivery of a people focused ‘best practice’ Information Security Policy Framework and supporting standards and procedures aligned to ISO 27001 which was instrumental in assisting the Group tender for new business whilst retaining existing clients.
Engaged as Security Risk Consultant to perform technology security risk reviews on existing critical operating systems including Wintel and Linux/Unix platforms as well as on infrastructure such as firewalls and switches as a key member of the Cyber Risk team.
•Worked in close collaboration with NCC - 3rd party consultancy to conduct and review penetration testing on agreed standard security builds and configurations.
•Used MS Excel (Pivot Tables and VLOOKUP functionality) to produce management information reports.
Key Achievements:
•Ensured all systems were compliant with Centre for Internet Security and SANS best practices, regulatory requirements, vendor recommendations and IT security standards.
•Identified and documented security risks in RSAM - a governance, risk and compliance database to ensure prompt and successful resolution by agreed vulnerability owners and business representatives.
Financial Instruments & Markets: Derivatives, Equities, Bonds &