Reading, United Kingdom
NOVEMBER 2004 – DECEMBER 2008
- Responsible for the management and supervision of security measures to protect customer and company data.
- Working with the business to ensure that information assets are protected at levels appropriate to its value and criticality.
- Designed and implemented an Information Risk and Technology Risk framework within the bank – Information Security / Technology Risk Policy creation, Guidelines and policy implementation support.
- Creation and maintenance of User Class Matrices for applications to map user roles [RBAC] to application and system functionality.
- Created and defined a process to allow the encryption (PGP) of ad-hoc files being transferred to external parties.
- Customer awareness – Designed and managed the structure and content of the customer security awareness area of the commercial website.
- Cybercrime – Customer authentication – anti-malware prevention – design and implementation of Mouse based keypad using random image positions and server side digit identification in order to mask PIN digits from client side.
- Implementation of real time fraud detection and prevention system within the bank.
- Design and implementation of Joiners, Movers and Leavers [JML] user access process to ensure correct levels of access provided and revoked as employees change role.
- Design and implementation of a User Access Review process to report to line managers the access [Roles] assigned to their staff to allow them to review and approve or change currently assigned roles and permissions.
- Setup the Ethical Hacking framework and process in order to Detect, Assess and correct security vulnerabilities via Penetration Testing, Application Assessment and Code Reviews.
- Part of project team implementing Mortgage services to the bank. Focusing on ensuring that the services are robust and comply with Information Risk requirements.
- Implementation of Card services inline with PCI DSS, ensuring that anti-fraud and Card security rules are in place to match the card security strategy.