Summary

A dedicated, enthusiastic and motivated technology professional, who has acquired extensive business, technical and management experience (Over 25 years working in technology arena). Extremely adaptable and quick to familiarise himself with the very latest technologies and industry developments, whilst demonstrating a logical and analytical approach, to solving complex problems and issues.

Has held permanent positions in both the United Kingdom and Switzerland working in large multicultural organisations. Plus, I have a range of experience working on short term assignments in Belgium, Denmark, Finland, France, Germany, Holland, Spain, Sweden, United States and across various locations in the United Kingdom.

Roles held: Information Risk Management, Information Security, IT Disaster Recovery, Business Continuity, Network Administration, Network Security, Server Administration (Linux, UNIX, and Windows Server Administration), Internet Services Administration, Intranet Administration, Web Development, Telephony Administration, Application Administration, Solution Architecture, Quality Assurance, Software Testing, Development and IT Service Desk.

Skills / Expertise: Information Security, Information Risk Management, Disaster Recovery, Business Continuity, Firewalls, Network Security, Risk Management, Cyber Security, Anti-Phishing, Malware Analysis, Computer Security, Unix, IBM HTTP Server, Apache Web Server, Risk Assessment, Windows Server, Risk & Threat Assessment, Operational Risk Management, Sarbanes-Oxley 404, Information Security Management, Key risk identification and testing, security requirements, security architecture, security reviews,PCI DSS, Network Administration, Network Design, Cisco IOS, Ubiquiti Edgemax, Management, WebSphere Application Server, SharePoint, Microsoft Office, RSA SecurID, Vignette, Tomcat, Two-factor Authentication, Avaya PBX, Physical Security, Sendmail, DNS administration, HTML + CSS, Lean Six Sigma.

 

Information Security Risk Manager – March 2015 – Present

(Company not shown) – London, United Kingdom

 

Information Risk Manager (IRM) – March 2013 – December 2014

Barclays – Reading, United Kingdom

Perform gap analysis of control environment against Barclays Information Risk / Technology Risk policies and minimum standards. Where gaps are identified, put in place mitigation plans to bring control environment in line with Barclays control objectives.

Working on the migration project to identify requirements, risks and controls necessary to ensure a successful migration of customers from Barclays Direct into Barclays UK RBB.

Successfully planned, organised and carried out the annual Business Continuity Test covering all critical processes and services of the bank, this involved coordination of over 50 individuals across 30 areas of the bank to identify, define and carry out IT Disaster Recovery and Business testing of critical processes and systems at the recovery location.

Planning, Coordination and Testing of Sarbanes-Oxley (SOx) requirements, ensuring that General Computer Controls (GCC) are in place, designed and operating effectively.

Coordination of the Business Continuity Management (BCM) function within the bank, working in tandem with the various migration activities to ensure that the BCM scope and requirements correctly identify key processes, services and resources necessary to service customers in the event of a crisis situation.

Day to Day Information and Technology Risk Management – Working alongside the Business and IT to ensure that appropriate processes and controls are in place, where necessary helping to identify new approaches in mitigation and reporting requirements.  As part of the Risk and Control Assessment (RCA) process, partake in assessments to ensure that Risks, Issues, Key Controls, Key Indicators and mitigating actions are identified, assessed and correctly documented. Review of business Key Control testing plans to ensure that the plans correctly measure the performance and effectiveness of the Key Controls within the bank.

 

Information (Technology) Risk Manager (IRM) – January 2009 – March 2013

ING Direct – Reading, United Kingdom

Future threat assessments – Identification of e-Crime / Cybercrime, computer and human threats – assessment to establish the probability and impact of the threat in relation to the particular function of the service or business (Risk versus reward to identify key risks and controls).

Internal Information Risk Awareness – Designed and rolled out awareness messages to staff and contractors to ensure they understand the risks and the control requirements in place within the bank.

Definition, coordination and review of the Ethical Hacking process to ensure that services and systems are assessed via Penetration Testing, Web Application Assessment and Code Reviews to detect and mitigate security vulnerabilities.

Working on the separation project to identify requirements, risks and controls necessary to ensure a successful separation of ING Direct UK from ING Group, including removal of ING Proprietary information from the UK operation before the transfer to Barclays.

Customer security awareness – Designed and managed the structure and content of the customer security awareness section of the banks commercial website.

Day to Day Information and Technology Risk Management – Working alongside the Business and IT to ensure that appropriate processes and controls are in place, where necessary helping to identify new approaches in mitigation and reporting requirements.

Planning, Coordination and Testing of Sarbanes-Oxley (SOx) requirements, ensuring that General Computer Controls (GCC) are in place, designed and operating effectively.

As part of the Risk and Control Self Assessments (RCSA) process, partake in assessments to ensure that Risks, Issues, Key Controls, Key Indicators and mitigating actions are identified, assessed and correctly documented.

Review of business Key Control testing plans to ensure that the plans correctly measure the performance and effectiveness of the Key controls within the bank.

 

Cybercrime Technical Consultant – October 2011 – December 2011 (Short Term Assignment)

ING – Brussels, Belgium

Assessment of attack used against the bank in compromising the security of their transactional website, by the identification of the attack methods followed by a review of the vulnerabilities and weaknesses within the transactional website.

Identification and assessment of Anti-fraud prevention and detection solutions, ranging from off the shelf fraud detection solutions through to internal improvements to reduce the threat of compromise within their bespoke applications.

Process reviews and design of new processes (BPM) to ensure that the approach is Lean and any weaknesses (Gaps, Bottlenecks, Risks) at a process level are reduced.

Identification of organisational structure in regards to their ability to manage and react to cyber-criminal activities targeting them. This led to organisational changes and improvements in internal communications to reduce handoffs and delays in defending the customers’ accounts and the bank as a whole.

Acted as a Subject Matter Expert (SME) for the entire team, performed training on technologies and cybercrime tactics (Phishing, Malicious Software, Detection and prevention methods).

Information Security Officer (ISO) – November 2004 – December 2008       

ING Direct – Reading, United Kingdom 

Responsible for the management and supervision of security measures to protect customer and company data.

Working with the business to ensure that information assets are protected at levels appropriate to its value and criticality.

Designed and implemented an Information Risk and Technology Risk framework within the bank – Information Security / Technology Risk Policy creation, Guidelines and policy implementation support.

Creation and maintenance of User Class Matrices for applications to map user roles [RBAC] to application and system functionality.

Created and defined a process to allow the encryption (PGP) of ad-hoc files being transferred to external parties.

Customer awareness – Designed and managed the structure and content of the customer security awareness area of the commercial website.

Cybercrime – Customer authentication – anti-malware prevention – design and implementation of Mouse based keypad using random image positions and server side digit identification in order to mask PIN digits from client side.

Implementation of real time fraud detection and prevention system within the bank.

Design and implementation of Joiners, Movers and Leavers [JML] user access process to ensure correct levels of access provided and revoked as employees change role.

Design and implementation of a User Access Review process to report to line managers the access [Roles] assigned to their staff to allow them to review and approve or change currently assigned roles and permissions.

Setup the Ethical Hacking framework and process in order to Detect, Assess and correct security vulnerabilities via Penetration Testing, Application Assessment and Code Reviews.

Part of project team implementing Mortgage services to the bank.

Focusing on ensuring that the services are robust and comply with Information Risk requirements.

Implementation of Card services in line with PCI DSS, ensuring that anti-fraud and Card security rules are in place to match the card security strategy.

Senior Systems Engineer – July 2003 – October 2004

ING Direct – Reading, United Kingdom 

Incident and Vulnerability management – Designed and implemented an IT security incident and vulnerability management process and toolset to allow IT to identify and manage security incidents and vulnerabilities.

Acting as the Technical IT gateway for ISO 17799/BS7799 compliance.  Maintaining all External Connection Documentation (Change management of technical external connections).

Designed and implemented an employee Internet cafe in the Reading and Cardiff offices to allow safe Internet use without compromising on the security of our customers and corporate information.

Server Administration (Windows Server 2000/2003, Red Hat Enterprise Linux, AIX,Linux).

Design and implementation of Cisco Local Area Network [LAN], Wide Area Network [WAN].

Design, implementation and maintenance of Internet Services architecture (Cisco Internet Routers, Load Balancers, Checkpoint FW-1, Cisco PIX, DMZ services,ISS RealSecure Intrusion Detection solutions) and Proxy Services (Microsoft Proxy).

Performing penetration testing and IT system security assessments.

Design and implementation of Remote access services (IPSEC VPN, SSL VPN, Dial in backup) utilising Two Factor Authentication (RSA SecurID).

Email and Directory Services (Microsoft Exchange 2000/2003, DNS/Bind, SMTP Internet Mail Relay).

Design, Implementation of system and application monitoring solutions (Big Brother, Solar Winds, MRTG).

 

Systems Engineer – January 2003 – June 2003

ING Direct – Reading, United Kingdom

Launch – part of the initial project team implementing ING Direct into the UK market.

Implementation and support of End to End Transactional applications covering Front End Services (IBM HTTP Server [IHS],Microsoft Internet Information Service [IIS], Middleware Services (IBM Websphere application server [WAS], IBM Message Queue [MQ]) and Backend Services (Oracle Database Server, Profile Financial System).

Setup and implementation of the bank’s core Payment Services (Microgen Payment system [PCS], Bankers Automated Clearing System [BACS]).

Server Administration (Windows Server 2000/2003, AIX, Linux).  Design and implementation of Cisco Local Area Network [LAN], Wide Area Network [WAN].

Design, implementation and maintenance of Internet Services architecture (Cisco Internet Routers, Load Balancers, Checkpoint FW-1, Cisco PIX, DMZ services,ISS RealSecure Intrusion Detection solutions) and Proxy Services (Microsoft Proxy).

Email and Directory Services (Microsoft Exchange 2000/2003, DNS/Bind, SMTP Internet Mail Relay).

Design and implementation of Remote access services (IPSEC VPN, SSL VPN, Dial in backup) utilising Two Factor Authentication (RSA SecurID).

Design and Implementation of system and application monitoring solutions (Big Brother, Solar Winds, MRTG).

Setup and implementation of the banks customer and internal Telephony services (Interactive Voice Response [IVR], Avaya Definity Telephone System, VDN, ACD, Computer Telephony Integration [CTI]).

 

Systems Lead Engineer – August 2002 – November 2002

Bluewave – London, United Kingdom

Managed Services Monthly reports (Availability, Capacity and Performance Management, Patch Management, Server administration, security assessment and incident management).  Systems architecture design (Network Infrastructure, Server Infrastructure).

Re-design of Managed Services infrastructure to provide additional growth, redundancy and capacity.

Coordinating ISO 17799/BS7799 Security compliance.

 

Solutions Architect – May 2000 – August 2002

Vignette (Now part of Opentext) – Maidenhead, United Kingdom

Pre-sales: Providing expertise to support the sales team and our future customers in selecting and successfully implementing products within their organisation.

Implementation: Providing architecture / design, documentation and implementation services.

Post-Sales: Setup an on-site critical situation troubleshooting support practice to enable on-site support for enterprise customers experiencing critical issues affecting production use of our products, Proof of Concept (design and build), Architecture and Design (Requirements gathering and documentation of architectural design) and implementation (Architecture, Project Management, Systems Engineering).

Systems Implementation of Vignette solutions and systems configuration of :

Operating Systems: Solaris, AIX, Windows Server 2000

Application Services: Apache Web Server, IBM HTTP Server, Netscape Enterprise Server, Microsoft Internet Information Server, IBM Websphere, BEA Weblogic Server, Tomcat, iPlanet Application Server

Enterprise storage solutions: Network Appliance, Sun Network File System [NFS], IBM Distributed File System [DFS]

Database administration: Oracle, Microsoft SQL Server

Provided consultancy to the following organisations:

Financial Services: Barclays (UK), Lloyds (UK), Societe General (France), UBS Warburg (UK), ING Post Bank (Holland), Volkswagen Bank (Germany), WestLB Bank (Germany), AMB Generali (Germany), ABSA (South Africa), Banco Santander Central Hispano (Spain), Zurich Insurance (Spain)

Telecom: BT (UK), Nokia (Finland), Skanova (Sweden), Telia (Sweden),BskyB (UK)

Others: FIFA 2002 (UK), TF-1 (France), Sportal (UK), Diageo/Guinness UDV (UK), BMW (UK).  Technical mentoring of the architecture team, with a goal of imparting knowledge and understanding of the various services and infrastructure solutions that the company’s products and solutions integrate with.

 

Network Engineer – April 1999 – May 2000

Autodesk – Neuchatel, Switzerland

Designed, implemented and documented a VPN Solution within EMEA giving small offices and home office user’s access to the corporate network via secure Internet access. (Replace the existing infrastructure with cost effective alternative using Internet and Cisco IPSEC VPN).

Implementation of Packet shaper Bandwidth management appliances and Quality of Service on the Global WAN to ensure that critical applications (SAP, Proxy, Database, Replication) had lowest latency and enough bandwidth to operate effectively.

Maintained the Autodesk Internet Network Services comprising of Cisco PIX Firewalls, Cisco Routers, and Cisco Switches to ensure that the DMZ is sufficiently secure and available.

Managed the Autodesk Wide Area Network [WAN] comprised of a hub and spoke setup using Cisco Routers communicating via Leased Lines (Frame Relay) and Internet Connectivity (IPSEC VPN) covering 20 EMEA and 30 US sites.

Managed Autodesk Remote Access Service [RAS] using Ascend MAX Dialup and ISDN / Nortel Contivity VPN services.

Maintained the Autodesk Local Area Network [LAN] comprising of Cisco Routers and Catalyst 5500 Switches.

 

Internet Systems Architect – July 1997 – March 1999

Autodesk – Neuchatel, Switzerland

Managed all aspects of customer facing web services, intranet services and employee Internet access. (DNS/Bind, Netscape Enterprise Web Servers, Netscape Proxy Servers, Sendmail, Cisco Routers, Cisco PIX Firewalls, Vignette StoryServer, Web Servers)

Designed, Developed and implemented service availability tools to monitor Internet services (Perl, Sed, Awk, Ping, Traceroute, Telnet, Webget, Shell scripts) and alert Support teams when issues arise.

Performed Vulnerability assessments and security audits of Internet Security infrastructure and internet applications. (Solaris, Windows, Cisco, Netscape, Vignette)

 

Information Systems Technical Specialist – February 1996 – June 1997

Autodesk – Neuchatel, Switzerland

Working as part of a global team, implemented a worldwide Autodesk Domain across three data centres. (Windows NT Advanced Server Primary Domain Controller [PDC] in San Francisco and two Backup Domain Controllers [BDC] in Neuchatel and Tokyo). This included the migration from Novell Network 3 to Windows as our primary authentication directory and file services platform

Managed and Implemented an enterprise based backup system for our Sun Solaris Source Control systems (CVS running on Sun Solaris)

Managed all Sun Solaris, Microsoft Windows NT and Novell NetWare servers across Autodesk (EMEA).

 

Technical Services Specialist – March 1992 – January 1996

Autodesk – Neuchatel, Switzerland

Designed and Implemented a Media testing process and toolset to ensure that Physical media master disks were correct (Exact gold master by Hashing/Check Sum) and free of any malicious content (Antivirus Scanning via Norton, McAfee, Sophos and Dr Solomon products) then ensuring that version control in place to track exact build/hash before being sent to Sony DADC in Austria for production manufacturing.

Designed and implemented a Defect Tracking System for use with the Software Centre.

Message and GUI comparison tools to allow product separation from translated text and graphics. Allowing translators and testers to test and compare strings before end to end integration testing. Used QA Partner and built software libraries to perform image comparison with masking of areas to prevent false positive on translated text changes.

Setup and managed the Remote Access Bulletin Board Service (BBS) to allow sharing of files with Localisation contractors working from offsite worldwide locations. Used RA BBS Software and Haynes Modems (2400 and 9600 baud) to support facility.

Set-up and maintained the Autodesk Localisation ports lab for porting AutoCAD to the following platforms, Sun Solaris, IBM AIX, HP-UX, SGI IRIX, Apple Macintosh with operating systems and applications running in French, German, Italian and Spanish.

Systems Administration of the hardware, operating systems and AutoCAD builds.  Managed the Local Quality Assurance network and file server infrastructure to support Quality Team. File server infrastructure was Sun Solaris (Sun Sparc running SunOS 5) and Novell Netware 3 (HP Server running Netware 3.11).

Developed internal tools to aid the localisation of Autodesk products in C/C++.

 

Quality Control Assistant – January 1990 – February 1992

Autodesk – Guildford, United Kingdom

Managed production quality checks for media production facilities (Trace/Mountain Duplicators).

Software Quality Assurance of the AutoCAD AEC Architectural Product (AutoLISP).

Development of database to aid in calculating disk/media failure and sample rates (Clipper/dBase).

 

Analyst/Programmer and IT Support – April 1987 – December 1989

Insurance Courier Services (ICS) – Watford, United Kingdom

Development of database applications (Dbase/Clipper).to support the business (Customer, Delivery and Payments).

Supporting the business by providing IT Desktop Support (IS Help-desk).

IT Server support (Novell NetWare 2.x).

 

Analyst/Programmer and Client Support – January 1986 – March 1987

Samson Bond – London, United Kingdom

Development and maintenance of an accounting and stock control system written in PL/I.

Customer support (presales and post sales support).