<First Name> <Last Name>

INSERT
PICTURE
HERE

Consulting Experience
Information Assurance and Compliance, January 2014 March 2014 UK Internal Role

<First Name>
<Last Name>

<Title as in the role

description>

Defining the security requirements for a new cloud platform

Compiling/producing operational procedures for a new cloud platform.
Identifying areas to enhance security.
Configuring parameters to comply with security standards during the installation or upgrade of new/existing
software.

Security Consultant/Risk Assessor, August 2013 December 2013 UK Government Department

Background:
<First Name> is an Information Security professional with experience
in a variety of security disciplines. Building on an early career in IT
Infrastructure, he now specialises in security risk assessment, audit
and governance activities, and has strong analytical and report writing
skills to effectively identify, communicate and manage security risks in
large, complex or sensitive systems and services.
He has a working knowledge of security and business standards,,
including HMG Information Security Standards 1 and 2, ISO/IEC:
27001, experienced in public and private sector risk assessment
methodologies.
<First Name> has a proven track record in delivering high quality risk
assessments, training and mentoring of other staff, inception and
implementation of improved working practices and in the provision of
sound procedural and technical advice to the wider organisation.

Creation of evidence based Risk Management and Accreditation Document Sets (RMADS), based on IS1 / IS2
risk assessment methodology to provide an independent statement of residual risks to senior business owners
and accreditors.
Assignment of Business Impact Levels for Confidentiality, Integrity and Availability of the system or service
being assessed through discussion with Business Owners and stakeholders
Completion of Threat Assessment worksheets, based on the perceived threat sources, threat actors, business
impact levels and protective marking of the system or service being assessed
Where required, to present these findings to senior business owners and stakeholders
Identifying areas to enhance security.
Compiling/producing operational procedures.

Vulnerability Assessment & Reporting related role, May 2013 August 2013, Global
Pharmaceutical Organisation, Switzerland

Populating raw data through various vulnerability assessment tools

Applying logic to make raw data meaningful
Producing global and individual site vulnerability reports
Gathered and analysed requirements the As-is state
Documented requirements for the To-be state.

Security consultantISO 27001 Assessor, July 2011 March 2013 Large UK Central Government
Department/Global Postal Services Provider, UK
Maintained and improved the ISMS Statement of Applicability tracking mechanism for all the ISO control
delivery mechanisms that need to be created.
Established and implemented missing policies, processes, procedures and work instructions.
Used the ISMS Asset Register construct all missing handling instructions.
Acted in the role of audit guide for any internal audit of the client project and any external audit by the employing
Group, client or other agency.

Technical Experience

Specialties:
Security

Compliance/Governance

Windows Infrastructure Specialist, 2006-2007, Nationwide Building Society, Swindon, UK

Delivery
and
Management

Project

Certifications: SSCP, SECURITY+, ISEB Requirements Engineering, ISEB

Systems Development, ISEB Business Analysis, and ISEB Commercial Awareness

Built and server platforms, trouble-shot server related problems.

Interacted with senior management on service reliability issues and producing weekly and monthly management
reports.
Defined and built custom server infrastructure for specific regulatory requirements such as BASELII and Faster
Payment Infrastructure projects.
Test new systems and system enhancements to ensure that they meet the defined security requirements via the
use of protection and penetration techniques..