Documente Academic
Documente Profesional
Documente Cultură
INSERT
PICTURE
HERE
Consulting Experience
Information Assurance and Compliance, January 2014 March 2014 UK Internal Role
<First Name>
<Last Name>
Background:
<First Name> is an Information Security professional with experience
in a variety of security disciplines. Building on an early career in IT
Infrastructure, he now specialises in security risk assessment, audit
and governance activities, and has strong analytical and report writing
skills to effectively identify, communicate and manage security risks in
large, complex or sensitive systems and services.
He has a working knowledge of security and business standards,,
including HMG Information Security Standards 1 and 2, ISO/IEC:
27001, experienced in public and private sector risk assessment
methodologies.
<First Name> has a proven track record in delivering high quality risk
assessments, training and mentoring of other staff, inception and
implementation of improved working practices and in the provision of
sound procedural and technical advice to the wider organisation.
Creation of evidence based Risk Management and Accreditation Document Sets (RMADS), based on IS1 / IS2
risk assessment methodology to provide an independent statement of residual risks to senior business owners
and accreditors.
Assignment of Business Impact Levels for Confidentiality, Integrity and Availability of the system or service
being assessed through discussion with Business Owners and stakeholders
Completion of Threat Assessment worksheets, based on the perceived threat sources, threat actors, business
impact levels and protective marking of the system or service being assessed
Where required, to present these findings to senior business owners and stakeholders
Identifying areas to enhance security.
Compiling/producing operational procedures.
Vulnerability Assessment & Reporting related role, May 2013 August 2013, Global
Pharmaceutical Organisation, Switzerland
Security consultantISO 27001 Assessor, July 2011 March 2013 Large UK Central Government
Department/Global Postal Services Provider, UK
Maintained and improved the ISMS Statement of Applicability tracking mechanism for all the ISO control
delivery mechanisms that need to be created.
Established and implemented missing policies, processes, procedures and work instructions.
Used the ISMS Asset Register construct all missing handling instructions.
Acted in the role of audit guide for any internal audit of the client project and any external audit by the employing
Group, client or other agency.
Technical Experience
Specialties:
Security
Compliance/Governance
Project