Information Security, Risk & Privacy Professional

SIEM Impact

I am a proficient, down to earth Information Security Professional, focused on Governance, Risk & Compliance with an interest in Privacy & Data Protection. I have an established track record in improving and maintaining governance, risk and compliance best practices within the financial, legal, insurance, public sector and currently enjoying working in the health care industry.

With a backgound in IT, and working in both Information Security as well as Operational Risk Management roles over the last decade, gives a wealth of knowledge and the ability to bridge the gaps between the business, IT and Security where required.

I have implemented risk management and third party supplier assurance frameworks. I have a good working knowledge ISO 27001 ISMS, GDPR and the Data Protection Act, as well as having a good understanding of industry standards and frameworks such as NIST, CIS frameworks and CSA Cloud Controls.

2169AA72 B59A-49A8-867A-71D00B170E70.jpeg

ISACA’s Certified Information Security Manager (CISM) certification indicates expertise in information security governance, program development and management, incident management and risk management.

I certified as CISM in 2022

9C638B77 99CF-4FB7-8549-DB2E7C9784CE.jpeg

ISACA’s Certified Data Privacy Solutions Engineer (CDPSE) is an experience-based, technical certification assessing a technology professional’s ability to implement privacy by design that build trust and advance data privacy.

I certified as CDPSE in 2020

97263479 66AA-4288-BA35-166FCB7190A1.jpeg

ISACA's Certified in Risk and Information Systems Control (CRISC) certification indicates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls.

I certified as CRISC in 2018

CGEIT_logo_RGB

ISACA's Certified in Governance of Enterprise IT (CGEIT) professionals have the knowledge and experience to align IT with business goals, manage IT investment, and strive for excellence in IT operations and governance while minimizing risk.

Studying for CGEIT Exam in 2023

QA_Certified_GDPR_Foundation_and_Practitioner_2020_600px

The Certfied GDPR Practitioner certification is based on the GCHQ certified training and indicates an expertise in data protection and privacy legislation, risk management, information governance and security and data protection implementation.

Certified GDPR Practitioner in 2018

ISACA_CybersecurityAudit_badge_352x352

ISACA’s Cyber Security Audit Certificate Program provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits, and IT risk professionals with an understanding of cyber-related risk and mitigating controls

Certified CSAC in 2023

Risk_management

The Certificate in Cloud Auditing Knowledge (CCAK), by ISACA and Security Alliance (CSA), is a unique vendor-neutral, technical exam for IT audit, information security, and risk professionals to understand cloud terminology, challenges, and solutions.

Certified CCAK in 2023

Sophos%20MDR%20Badge

Sophos MDR Certified Admin holders are able to identify, classify and defend against the latest threats by leveraging technologies and services like Security Operations Center (SOC), 3rd party telemetry and advanced network monitoring using Network Detection and Response (NDR)

Foundations_of_MITRE_ATT_CK_Badge

Foundations of Operationalizing MITRE ATT&CK badge holders have demonstrated a foundational knowledge of the MITRE ATT&CK Framework and how to apply it operationally. They have also been exposed to tools such as MITRE ATT&CK Navigator and MITRE CAR that can assist in operationalizing the MITRE ATT&CK Framework. Additionally, earners have acquired foundational knowledge in finding, creating, and testing security analytics.

Foundations_of_BAS_Badge

Foundations of Breach & Attack Simulation badge holders have demonstrated a foundational knowledge of Breach & Attack Simulation tools. They have also demonstrated knowledge of the pros and cons of different approaches taken by BAS vendors. Additionally, earners have acquired the knowledge needed to compose basic security testing plans for use with a Breach & Attack Simulation tool.

Strategic_Cybersecurity_Management_Badge

Strategic Cybersecurity Management badge holders have demonstrated an understanding of the challenges facing cybersecurity leadership today. Additionally, they have developed an understanding of cybersecurity strategy and cyber resilience.

Foundations_of_Purple_Teaming_Badge

Foundations of Purple Teaming badge holders have demonstrated a foundational knowledge of Purple Teaming Methodology. They have also demonstrated knowledge of the core concepts, processes, and artifacts underpinning the practice of Purple Teaming. Additionally, earners have acquired the knowledge needed to plan and execute a basic Purple Team Exercise.

Risk_management

The OU Risk Management certificate is for those seeking to develop their risk management capabilities and for board members, who have ultimate responsibility for risks within their organisations. Additionally anyone seeking, a career in risk management will benefit from the understanding of risks and how to manage them

Gamified_Intelligent_Cyber_Aptitude_and_Skills_Training_%28GICAST%29

Gamified Intelligent Cyber Aptitude and Skills Training (GICAST) holders understand online security and are able to protect their digital life, whether at home or work. They are can recognise threats that cause harm online and the steps to take to reduce the likelihood of these happening

original

Member of ISACA Mentorship Program

I am proud to be registered as a Mentor in the ISACA Mentorship Program.  Whether you are a new professional, changing careers, seasoned in your field or somewhere in between, the member-exclusive ISACA Mentorship Program can help both mentors and mentees gain the knowledge, insights and skills they need to achieve sustained growth in their careers.

placeholder image

Skills Summary

o Identify and Access Management
o Performing risk assessments
o Promoting security best practice
o ISO 27001 Compliance
o GDPR / DPA Compliance
o Supplier & 3rd party due diligence
o Producing policies and standards
o Information Risk Management
o Identify mitigating controls
o Manage remediation of risks
o Respond to internal and client audits
o Implementation of awareness programme
o Knowledge of CSA controls
o Knowledge of NIST frameworks

Key Competencies

o I am an organised and dedicated team player with a pragmatic approach to Information Security Risk and Data Protection
o I combine my technical understanding with Information Security knowledge to provide advice and guidance at all levels
o I have enhanced communications skills which allows me to deliver information in a clear and concise manner to multiple audiences
o I can develop good working relationships to enable and ensure information security and risk is embedded throughout the business
o I easily separate facts from opinions enabling me to make informed and pragmatic judgements and risk assessments quickly
o I have developed a keen eye for identifying potential information security risks, flaws, or potential data protection or privacy issues
o I identify and highlight gaps in Policy, Standards, Processes and Procedures, and make changes as appropriate
o I mentor junior team members, raising awareness of Information Security, and act as escalation point for areas of risk
o I am involved in both internal and external audit work including evidence gathering, and management of findings and remediation
o I have a theoretical understanding of Networks, Firewalls, Intrusion Detection, SIEM Tools and Vulnerability Scanners