Technical and Information Assurance Security Consultant (2007-2010 )
Based in London and elsewhere, I was the technical security authority for this organisation and ran the technical security management programs for the department with their private sector partners. I was proactive in getting the organisation and its private sector partner organisations thinking about accreditation under the SPF requirements of Mandatory Requirement 36 including delivery of Accreditation across Public/Private sector partnerships for previously unaccredited BIL 5 infrastructures. This involved
- Site visits
- Regular presentations to monthly security working group on new issues for the organisation which was attended by partners/users of the service.
- Acting as ‘proxy’ for the senior accreditor ( and on behalf of the SIRO and Information Asset Owner ).
- Developing Security Assurance Strategy for the organisation.
- Managing the ownership of enterprise risk.
- Production of risk assessments for new enterprises and technologies.
- Managing special evaluations with CESG ( now NCSC ) for new technologies as well as systems already in use.
- Initiating and assisting with Security Policy Framework compliance program across the business.