A highly qualified and experienced Information Security Engineer and Information Systems Auditor with extensive experience of protecting information and assessing compliance throughout the world. 

Key attributes include:

o        Qualified in information security with a Master of Science degree and several certifications.

o        Certified Information Systems Auditor.

o        Registered as an engineer in both the UK and Europe.

o        Knowledge of both the academic principles of information security and the practicalities of implementing those principles.

o        Many years of experience advising and auditing from world-class data centres to small sites with a minimum of support staff, in both the private and public sectors.

o        Balancing differing needs and risk profiles, from the primary installations of large blue chip companies to small sites in 3rd world countries with limited resources and those between the extremes.

Career Summary 

[snip] Public Sector Internal Audit Limited. 

[snip] Public Sector is a member firm of [snip], one of the “big four” international accountancy and professional services firms. 

Contract IT Audit Manager                                      December 2006 – April 2007 

Under a contract that was extended, responsible for providing information technology audit services to local authorities and the health service.

o       Led audits of: local authority business continuity planning, development of information security policy, information technology strategy, consolidation of computing services, payment systems and hospital projects prior to implementation.

o       At the start of each audit ensured that the terms of reference were realistic and at the end produced a report covering all points mentioned in the scope.

o       Ensuring that all audit work papers were timely, accurate and complete.

o       Drafted the audit report for client review.

[snip] 

[snip] is a wholly-owned [snip] affiliate and so part of the world's largest oil company. [snip] is based in the US, with representation in most parts of the world and the product of a merger between the [snip] Corporation and the [snip] Corporation in 1999. 

Global Security and Controls Advisor                  November 1997 – June 2006 

Responsible for providing security and control engineering support to the Global Information Systems Department. Particularly after the merger, responsible for advisory and site visits to heritage Mobil sites worldwide that had an information systems presence, to conduct security and control assessments. (44 countries).

o        Conducted in excess of 100 security and control reviews to meet specific business needs covering both internal sites and external parties. Written reports left with sponsoring management on departure from sites.

o        Defined the factors that make an access privileged for all mainstream computing platforms, the parameters for managing privileged accesses globally and assisting sites with the implementation of those requirements. With privileges often regional or global in reach, this project allowed for the elimination of any weak links.

o        Defined global "required practices" for critical information system infrastructure that elevated the most critical controls from discretionary to mandatory status. This was balancing risk against cost and need.

o        Participated in determining global network strategy as concerns mounted over the increased presence of multi-function devices, ease of connecting new hardware and the availability of high-capacity portable storage devices.

o        Visited sites immediately after an adverse audit opinion to provide a written assessment for senior executive information and to initiate remediation.

o        Endorser for risk assessments with a global reach.

o        Provided security and control training for Information Systems staff, particularly in risk management methodology.

o        Assigned to Internal Audit when specific expertise was needed.  

European Security and Controls Advisor           January 1994 - October 1997 

The primary security and controls engineer for the European region. Before being organized globally, information systems activities were consolidated in to regional departments.

o        Participated in data center consolidation activities and other regional projects.

o        Part of team that developed and delivered a new global approach to risk assessment. Initially trained European users in the methodology and then participated in European risk management activities until the process had bedded in.

o        After an adverse audit opinion, prepared the UK affiliate for a successful Information Systems audit in 1994. This then extended to similar reviews throughout Europe, ensuring successful audits throughout.

Internal Auditor                                                  January 1992 - December 1993 

Assigned to [snip] Company International as an internal auditor. As a traveling information systems auditor was assigned to specific audits for fixed periods. For each assignment, reported to the Audit manager for the audited department.

o        Conducted internal audits worldwide and for three months assigned to the main Houston office. Predominantly technical information systems audits, but also participated in business audits and joint venture audits.

o        Performed audits of third parties under the provisions of a contract's audit clause.

o        Provided information systems training for new auditors and technical training for information systems auditors.  

o        Part of a team that developed technologically neutral information systems security practices to replace prescriptive mainframe orientated practices. 

Information Systems Engineer                          August 1974 - December 1991 

Various systems engineering roles in Esso UK's Information Systems Department. Most affiliates were autonomous but collaboration increased with time. 

o        Performed all Esso UK's VM operating system, office software and security software upgrades. For most of that time, Esso was the UK’s largest VM site.

o        Supported Esso UK’s MVS operating system, the forerunner to z/OS.

o        Technical resource for projects and consulted to Esso affiliates worldwide.

o        Part of team that prepared corporate security and control practices for information systems.  

Education and Professional Development Summary 

MSc                Master of Science degree, with distinction, Information Security, Royal Holloway College, University of London.

CEng              Chartered Engineer

Eur Ing            European Engineer

MBCS                        Professional Member - British Computer Society

CITP               Chartered Information Technology Professional

CISSP            Certified Information Systems Security Professional

ISSAP                        Information Systems Security Architecture Professional

ISSMP            Information Systems Security Management Professional

CISA               Certified Information Systems Auditor

MIET               Professional Member - Institute of Engineering and Technology

A.Inst.ISP       Associate - Institute of Information Security Professionals 

Researching information security and cryptography towards a self-funded part-time PhD.

Attended many personal development and technical courses throughout career. Also both attended and presented at international conferences.