CV

Market Positioning & Revenue Enablement

‍

Key Challenge: Security due diligence slowed down enterprise sales and created friction in procurement. Needed more market visibility to unlock revenue.

I built out a security buyer persona for the product and created collateral targeted to shorten and simplify the sales cycle.

I developed and implemented strategy for products' security positioning in comparison to competitors and industry expectations and achieved this within 9 months. I participated in commercial calls with key clients to reduce friction during procurement and pre-sales due diligence processes, and continue to write thought leadership and technical pieces for marketing.

I built a brand as a security and startup GRC influencer with SSI ranking at top 2% in my industry. I used my personal brand to create opportunities for revenue - was a 2023 STEM award Runner Up, and have ongoing webinars, podcasts and external and internal publications as a Cybersecurity SME. I was a speaker at International Cyber Expo 2025 and Visions CIO+CISO Summit 2025.

‍

Outcome: Security became a visible strength in the sales process, reducing friction and improving buyer confidence.

Business Transformation, Innovation, & Growth

Key Challenge: The company was going through an acquisition that required security oversight and integration.

I led the security due diligence process, supported legal and commercial teams, and managed the secure integration of infrastructure, tooling and governance frameworks post-acquisition.

Outcome: The acquisition completed smoothly with no security or compliance blockers. I was promoted twice in 18 months, ultimately appointed VP with board approval.

‍

Compliance & Assurance

Key Challenge: Customers and partners required confidence that their data was managed securely and in compliance with international standards.

I maintained and matured the ISMS to remain compliant with SOC 2 Type II and ISO 27001: 2022 compliance certification and demonstrating security maturity for customers and prospects. I maintained compliance with global data privacy and whistleblowing regulations including EUBD, GDPR, CCPA. I championed understanding, translating, and supporting compliance with novel regulatory and industry requirements, such as ESG, and Accessibility requirements (VPAT) to meet customer expectations and market advantage, integrating these into the company's compliance roadmap.

Outcome: Maintained continuous audit readiness and strengthened customer assurance during procurement and renewal cycles.

‍Operational Security, DevSecOps, & Privacy‍

Key Challenges: Privacy requirements were handled separately from security operations, creating inefficiencies. Staff across the organization needed consistent security and privacy training. Security wasn't baked into product development from the start.

I integrated privacy within the ISMS, standardised DPIAs, PIAs and third-party reviews, and established a cloud-based Record of Processing Activities (RoPA). I also launched a comprehensive awareness programme including role-based training, phishing simulations and continuity exercises.

I built close partnership with Engineering and Product function to ensure security items are prioritised and implemented as part of the CI/CD and Product Development LifeCycle through Security and Privacy by Design practices.

Outcome: Privacy operations became embedded in business-as-usual processes, improving consistency and reducing operational gaps.

Senior Lead Consultant

Bridewell Ltd

Jan 2022 - Apr 2023

I advised clients across FinTech, government and legal sectors on building secure, compliant and resilient operations. My work combined audit, governance and risk transformation with hands-on implementation of ISO 27001, SOC 2, NIS 2, CAF, Cyber Essentials and other regulatory frameworks. I also developed and matured operating model for ISO 27001, SOC2 Type II as well as vCISO service offerings for clients, and led a team of high performing senior consultants.

Leadership & Delivery

Key Challenge: Consulting delivery required structure and resource development.

I provided recruitment, training, and leadership support for senior and junior security consultants, supported their professional development whilst ensuring delivery quality across multiple projects.

‍
Outcome: Maintained consistent delivery standards and high utilisation (80%+) while developing team capability and a culture of continual learning.

Security Governance & Audit

Challenge: Clients lacked structured and repeatable approaches to security assurance.

I delivered more than six ISO 27001 internal audits, helping clients identify weaknesses and strengthen compliance. I also designed templates Microsoft 365-based ISMS frameworks and Jira tools to manage evidence and workflow more efficiently. I matured ISO 27001 Compliance and ongoing management services to unlock ongoing revenue opportunities.

‍Outcome: Clients achieved faster audit readiness and reduced manual compliance effort.

SOC 2 &Assurance Delivery

Challenge: A FinTech client required SOC 2 Type II certification to meet partner and investor demands.

‍
I managed the entire project using an agile delivery model, aligning existing controls with SOC 2 criteria and guiding the team through evidence preparation and readiness assessments. I also created SOC 2 Type II service offering for clients, building out collaterals, templates and compliance frameworks for clients of varying maturity to increase profit margin for compliance services.

‍
Outcome: The client achieved SOC 2 Type II certification on schedule, strengthening credibility with enterprise customers.

Risk & Regulatory Alignment

Key Challenges: We needed to maintain multiple compliance certifications while demonstrating security maturity to customers. Public-sector clients struggled to align to national and sector-specific requirements.

I maintained and matured the internal ISMS to remain compliant with SOC 2 Type II, ISO 22301, Cyber Essentials, and ISO 27001: 2022 compliance certification, demonstrating security maturity for customers and prospects. I championed understanding, translating, and supporting compliance with novel regulatory and industry requirements, such as NIS 2, DORA. I supported a government organisation, and several organisation within the Energy Sector (CNI) with a risk management improvement strategy and the implementation of the NIS Regulations and NCSC Cyber Assessment Framework.

Outcome: Improved governance maturity and demonstrated compliance readiness for regulatory oversight.

Cloud & Technical Enablement

Key Challenge: Industry partnerships with local educational institutions required training including practical understanding of network and cloud security controls.

I led technical workshops for Cybersecurity College Cymru on network monitoring tools such as Snort, hosted in Azure environments. I also advised clients on AWS, GCP and Azure cloud security tooling.

‍Outcome: Enhanced learning for Cyber College Cymru participatns, and improved their operational capability and confidence managing cloud-based risks.

Head of Information Security

Perspectum Ltd

Jul 2019 - Jan 2022

I established and led the global information security function for a Software as a Medical Device (SaaMD) and Medical Technology company operating across the UK, US, EU and APAC. I built the security programme from the ground up, integrating regulatory compliance, clinical safety and operational security to support international growth in a highly regulated industry.

Security Strategy and Implementation

Challenge: The company wanted to expand their market presence globally whilst adhering to relevant legal, security, and safety requirements

I built the company’s global information security programme and team, developing policies, processes and governance aligned to business and regulatory requirements across five regions. I led a team of four to implement the security strategy and introduced scalable operating practices. This was implemented to offices across US, EMEA, and APAC to serve customers around the word.

‍Outcome: Security became a structured business function that supported growth and customer assurance across regions.rt.

Compliance and Security in Regulated Healthcare

Challenge: Operating in medical technology required alignment to complex, multi-region healthcare regulations and their own requirements for cybersecurity. Security requirements were not embedded in product development, increasing regulatory risk.

‍
I maintained compliance with CCPA, HIPAA and HITRUST as well as GDPR and PDPA. I assured compliance with ISO 13485, 27001, GxP systems, as well as NHS DSP Toolkit requirements, and Cyber Essentials Plus for medical devices development and clinical diagnostic services as well as academic research and clinical pharmaceutical trials.

I engaged with stakeholders to raise awareness, and implemented controls in product development lifecycle to comply with information security requirements for EU and US regulations (including CE marking, UKCA, MHRA approvals, and FDA approval/510k and 21 CFR 11).

‍
Outcome: The company was able to meet the security and compliance expectations of healthcare providers, clinical research partners and regulators in global markets. Products met security expectations for EU and US market approval.

Risk & Governance

Key Challenge: Risk wasn't cohesively managed across product, operations, technologies, and leadership.

Introduced a security risk management framework based on ISO 31000 and embedded ownership across departments. Delivered regular risk reporting to senior stakeholders including the executive team, SIRO and DPO, improving security decision-making and accountability including executive dashboard and leadership forum discussions to identify, escalate, and authorise risk management decisions.

Outcome: Improved governance maturity and enabled standardised approach to risk management decisions across procurement, product, legal, and commercial sectors with financial, commercial, and reputational impacts clearly defined.

Global Expansion and Technical Assurance

Key Challenges: Geographic expansion and new research as well as clinical facilities required secure foundations.

I developed and carried out security assessments for new offices in Singapore, US, and Portugal, and for a clinical laboratory facility in the UK. I introduced periodic penetration testing for internal and cloud infrastructure (alongside product) and worked with engineering teams on remediation plans.

‍Outcome: Enabled secure international expansion with appropriate safeguards in place.

Security Operations & Incident Management

Key Challenge: Security monitoring and incident response capabilities needed maturing.

I implemented AI-based managed security services (SOC) for detection and alerting. I introduced SSO and MFA across systems handling sensitive data and improved operational security processes. I introduced annual penetration testing for internal infrastructure, cloud environments and APIs and managed remediation with asset owners. I led incident management and business continuity planning, including real-world incident response and service recovery. I implemented automation in incident handling and established consistent processes across teams.

‍
Outcome: Enhanced security posture, and reduced operational risk through technical controls, iterative improvements, continual improvement

Senior Governance, Risk, and Compliance Officer

University of Oxford

Jul 2014 - Jul 2019

I supported the University through GDPR transformation, NHS data compliance, large-scale security enablement and governance improvement across research, IT, and academic operations in various roles 2014- 2019

Training, Change Management, and Stakeholder Relationships

Key Challenges: Fundraising and academic stakeholders required consistent training on enterprise systems. Mid-value donor engagement was underdeveloped and lacked data insight.

I delivered up to seven full-day training sessions per month, designed bespoke workshops, and supported CRM adoption across more than 30 University units. I used SQL reporting and data analysis to improve donor stewardship strategies and supported major donor prospecting aligned with academic research interests. These were templated and shared with the wider fundraising department to contribute to £120m+ annual fundraising targets.

‍Outcome: Improved system adoption, data integrity and operational efficiency across the fundraising function. Strengthened donor relationships and supported fundraising strategy in the Medical Sciences Division.

Security Governance & Service Delivery

Challenge: The Medical Sciences Division needed dedicated information governance capability to support secure research and data partnerships.

I led delivery of Information Governance Office-as-a-Service to the Medical Sciences Division, working with faculty, IT and research leadership to embed governance into operational processes.

‍Outcome: Established a structured governance service and improved compliance readiness across one of the University’s most complex divisions which is still in use 7+ years later.

Supply Chain & Data Security Assurance

Challenge: Research partnerships required security assurance to handle controlled and sensitive data.

I carried out third-party risk assessments, guided research teams through security reviews, and assured security for data-sharing applications with the NHS and other national data custodians. I represented and negotiated on behalf of the University with NHS Digital, MHRA, and HRA

‍Outcome: Enabled high-value research projects to proceed with appropriate controls in place, maintaining trust with national healthcare and research bodies.

NHS Data Security Compliance

Key Challenge: The University required formal evidence of data security compliance to qualify for NHS-linked research.

I authored and submitted the University’s first NHS Data Security and Protection Toolkit (DSPT) strategy and implemented a compliance framework for the Medical Sciences Division to internally align individual projects and units to the overarching framework.

‍Outcome: Established a repeatable compliance model for clinical and healthcare research involving NHS data.

GDPR and Fundraising Regulator Requirement Compliance

Key Challenge: The University needed to prepare enterprise systems and data handling for GDPR.

As Senior Process and Training Officer, I supported the GDPR audit and readiness project for fundraising and CRM systems. I developed surveys, communications and business impact assessments to improve consent collection and data handling processes.

‍Outcome: Increased organisational readiness for GDPR ahead of enforcement across CRM and stakeholder engagement functions.

Impact through Influence