SlideShare a Scribd company logo

Establish Effective GRC Frameworks

Pedro Borracha
Pedro Borracha

Presentations & Public Speaking
1 of 16
About Me
Values / Soft Skills (NB: in no particular order) 1 LEADERSHIP - Risk Management - Business Acumen - Project Management - Servant Leadership 3 EMPATHY - Active Listening - Emotional Intelligence - Cultural Sensitivity - Customer/Stakeholder Focus 2 TEAMWORK - Collaboration - Communication - Adaptability - Conflict Resolution - Supportiveness 4 RELIABILITY - Accountability - Dependability - Attention to Detail - Time Management - Professionalism
CareerGoals - Help organisations establish a strong security posture, manage risks effectively, and maintain compliance with regulatory requirements. - Governance: Assist organisations in developing and implementing information security policies, procedures, and standards that align with industry best practices and regulatory requirements. This involves establishing governance structures, defining roles and responsibilities, and ensuring that security controls are in place to support the organisation's objectives. - Risk Management: Help organisations identify, assess, and mitigate information security risks. This includes conducting risk assessments, developing risk management strategies, and implementing risk mitigation measures, working closely with stakeholders to understand business objectives, evaluate risk tolerance, and develop risk treatment plans. - Compliance: Ensure that organisations comply with relevant laws, regulations, and industry standards pertaining to information security. This involves conducting compliance assessments, developing compliance programs, and providing guidance on adherence to frameworks such as GDPR, PCI DSS, ISO 27001, NIST, and others. This will help organisations understand their compliance obligations, implement necessary controls, and prepare for audits and certifications. - Contribute to the development and enhancement of GRC frameworks within organisations. This includes designing and implementing processes and tools for effective governance, risk assessment, risk tracking, compliance monitoring, and reporting. Collaborate with stakeholders to establish metrics, key performance indicators (KPIs), and reporting mechanisms to measure and communicate the organisation's GRC posture. High-Level: Help organisations establish and maintain effective governance, risk management, and compliance frameworks. 3
Continuous Learning
5 “Yes We Can” Information Security is not “easy”, but it is doable – a positive mindset is paramount. (and worthy of its own slide)
Objectives / End-Goal Focused I possess an objective and end-goal focused personality. With a clear perspective and unwavering commitment, I make decisions based on facts and rational analysis, free from personal biases. My strong sense of purpose keeps me focused on the bigger picture and determined to achieve desired outcomes. My ability to prioritize effectively and strategically plan steps sets me apart. Colleagues appreciate my unbiased perspectives and dedication to achieving results, while creating a productive work environment. 6
Milestones / Accomplishments (also known as “I’m very proud of...”) - Established the Infosec function at Depop from scratch – including processes, controls, recruitment (up to a team of 6), and led the successful Etsy Security Audit that allowed for the acquisition of the organisation. - Strengthened security infrastructure and technologies at Depop - oversaw the evaluation, selection, and implementation of security technologies, such as firewalls, intrusion detection/prevention systems, data loss prevention solutions, and security information and event management (SIEM) tools, enhancing the organisation's overall security posture. - Implemented robust Security Awareness Programs at Depop, TotallyMoney and Dnata Travel, part of the Emirates Group - designed and executed comprehensive security awareness and training initiatives to educate employees and stakeholders about information security risks, best practices, and their roles in safeguarding sensitive data. - Successfully implemented OS (RHEL) hardening at giffgaff and achieved PCI compliance using Ansible, resulting in a 40% increase in compliance with CIS benchmarks. - Established OpenBet’s “Tiger Team” of Security champions, while implementing Software Security Checklist in JIRA workflows for OWASP compliance. - Established and enhanced Incident Response capabilities at World of Books - built and led an effective incident response team, developing incident response plans, conducting regular drills, and coordinating responses to security incidents, minimizing the impact of breaches and ensuring timely resolution. - Proactively identified and mitigated emerging threats (continuous) - stayed abreast of the evolving cybersecurity landscape, proactively identifying emerging threats and vulnerabilities, and implementing appropriate controls and countermeasures to safeguard the organisation's assets. 7
Respected 8
Certifications 9
Skills INFOSEC COMPLIANCE STRATEGY RISK GOVERNANCE PROCESSES /CONTROLS RISK My expertise lies in risk management, where I have the ability to identify, assess, and prioritise information security risks. Through comprehensive risk assessments and analysis, I develop and implement risk mitigation strategies that protect the organisation's assets and minimise potential threats. GOVERNANCE I excel at establishing and implementing effective information security policies, procedures, and standards that align with industry best practices and regulatory requirements. By ensuring proper governance, I provide a framework that guides decision- making, risk management, and accountability throughout the organisation. COMPLIANCE I have a strong focus on compliance, ensuring adherence to relevant laws, regulations, and industry standards. With in-depth knowledge of frameworks such as GDPR, NIST, ISO 27001, I ensure that the organisation meets and exceeds compliance requirements, mitigating legal and regulatory risks. PROCESSES/CONTROLS I possess skills in designing and implementing robust processes and controls. By establishing efficient and effective security frameworks, I ensure the confidentiality, integrity, and availability of critical assets. Through the implementation of appropriate controls and continuous monitoring, I mitigate risks and enhance the overall security posture of the organisation. STRATEGY (Direction) In the realm of strategy, I have a proven track record of developing and executing comprehensive information security strategies. By aligning security initiatives with business objectives, I create roadmaps that drive continuous improvement, enhance security posture, and support the organisation's overall strategic goals. These skills collectively enable me to contribute to the organisation's information security objectives, ensuring the establishment of effective governance, managing risks, maintaining compliance, driving strategic initiatives, and implementing robust processes and controls. Diverse skillset in the following high-level topics:
Infosec Experience Across Multiple Industries Consulting Contino (2021-2022) NTT Data (2015-2016) Oil & Gas Norwegian Petroleum Academy (2005-2013) Aviation Dnata Travel (Emirates Group) (2018-2019) Insurance CompareTheMarket (2017-2018) Retail World of Books (2022-2023) Depop (2020-2021) Telecoms Giffgaff (2015-2016) Sky (2016-2017) Financial Services JPMorgan Chase (2023) TotallyMoney (2019-2020) Gaming OpenBet (2013-2014) 11
A map, of course 12 There’s been a lot of recent talk (maybe, just maybe, too muck hypothetic talk) about generative AI and ML models. How will the technology integrate and evolve with our current tools, frameworks and methods, and more importantly, will it be OSS? (MLOSS)
Publications The process to create a paperback book was completely alien to me – that didn’t deter me. Good reviews - some readers asked for a follow-up book.
Personal (1/2) Since 2009 2023 Allaboutdragons.com - Wiki and gallery about dragons, with all the information I could gather over the years. From 10k to 30k unique visitors a month. A site with statistics and graphs dedicated to the new Bluesky social media. (backend: Python and PostgreSQL)
Personal (2/2) - Active in the Infosec industry and community (LinkedIn, public forums, private forums) - Member of ClubCISO, CISO Club (not the same thing), member of ISACA London Chapter (attending all webinars and in-person events when I can) - Attending Infosec Europe since 2014 - Actively participate in relevant conferences and events as a panelist, sharing my expertise and insights - Audiophile - Considering CISA or CGEIT as the next certification (when time permits)
Thank You! 16 The end

Recommended

RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSChristina33713
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-BrochurePrahlad Reddy
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-BrochureTyler Carlson
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
Virtual Chief Information Security Officer | VCISO | Cyber Security
Virtual Chief Information Security Officer | VCISO | Cyber SecurityVirtual Chief Information Security Officer | VCISO | Cyber Security
Virtual Chief Information Security Officer | VCISO | Cyber SecurityCyber Security Experts
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!Heather Salmons Newswanger
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessSecurityOn-Demand
 

Recommended

RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSChristina33713
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-BrochurePrahlad Reddy
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-BrochureTyler Carlson
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
Virtual Chief Information Security Officer | VCISO | Cyber Security
Virtual Chief Information Security Officer | VCISO | Cyber SecurityVirtual Chief Information Security Officer | VCISO | Cyber Security
Virtual Chief Information Security Officer | VCISO | Cyber SecurityCyber Security Experts
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!Heather Salmons Newswanger
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessSecurityOn-Demand
 
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxinfosec train
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as cisoMarc Vael
 
MAPPING_ISO27001_TO_COBIT4.1
MAPPING_ISO27001_TO_COBIT4.1MAPPING_ISO27001_TO_COBIT4.1
MAPPING_ISO27001_TO_COBIT4.1Christopher OPARAUGO, MBA, CGEIT, CISM, CRISC
 
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTTHE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTIJNSA Journal
 
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTTHE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTIJNSA Journal
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Step Change Safety Culture Strategy.pdf
Step Change Safety Culture Strategy.pdfStep Change Safety Culture Strategy.pdf
Step Change Safety Culture Strategy.pdfPeter Geddes
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the FutureResolver Inc.
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
Targeted Solutions BMS Profile
Targeted Solutions BMS ProfileTargeted Solutions BMS Profile
Targeted Solutions BMS ProfileLeon Geldenhuys
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Grupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptxGrupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptxBernardinoMelgar1
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity BernardinoMelgar1
 
Brochure - About Rook
Brochure - About RookBrochure - About Rook
Brochure - About RookJulie Brown, CPMM
 
Information Security Manager
Information Security ManagerInformation Security Manager
Information Security ManagerSharon Smorenburg
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 

More Related Content

Similar to Establish Effective GRC Frameworks

Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxinfosec train
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as cisoMarc Vael
 
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTTHE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTIJNSA Journal
 
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTTHE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTIJNSA Journal
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Step Change Safety Culture Strategy.pdf
Step Change Safety Culture Strategy.pdfStep Change Safety Culture Strategy.pdf
Step Change Safety Culture Strategy.pdfPeter Geddes
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the FutureResolver Inc.
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
Targeted Solutions BMS Profile
Targeted Solutions BMS ProfileTargeted Solutions BMS Profile
Targeted Solutions BMS ProfileLeon Geldenhuys
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Information Security Manager
Information Security ManagerInformation Security Manager
Information Security ManagerSharon Smorenburg
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
 

Similar to Establish Effective GRC Frameworks (20)

Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptx
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as ciso
 
MAPPING_ISO27001_TO_COBIT4.1
MAPPING_ISO27001_TO_COBIT4.1MAPPING_ISO27001_TO_COBIT4.1
MAPPING_ISO27001_TO_COBIT4.1
 
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTTHE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
 
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENTTHE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
THE EFFECT OF INFORMATION TECHNOLOGY USING ENTERPRISE SECURITY RISK MANAGEMENT
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Step Change Safety Culture Strategy.pdf
Step Change Safety Culture Strategy.pdfStep Change Safety Culture Strategy.pdf
Step Change Safety Culture Strategy.pdf
 
The Security Practitioner of the Future
The Security Practitioner of the FutureThe Security Practitioner of the Future
The Security Practitioner of the Future
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Targeted Solutions BMS Profile
Targeted Solutions BMS ProfileTargeted Solutions BMS Profile
Targeted Solutions BMS Profile
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policy
 
Grupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptxGrupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptx
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
Brochure - About Rook
Brochure - About RookBrochure - About Rook
Brochure - About Rook
 
Information Security Manager
Information Security ManagerInformation Security Manager
Information Security Manager
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 

Recently uploaded

SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 

Recently uploaded (20)

SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 

Establish Effective GRC Frameworks

  • 2. Values / Soft Skills (NB: in no particular order) 1 LEADERSHIP - Risk Management - Business Acumen - Project Management - Servant Leadership 3 EMPATHY - Active Listening - Emotional Intelligence - Cultural Sensitivity - Customer/Stakeholder Focus 2 TEAMWORK - Collaboration - Communication - Adaptability - Conflict Resolution - Supportiveness 4 RELIABILITY - Accountability - Dependability - Attention to Detail - Time Management - Professionalism
  • 3. CareerGoals - Help organisations establish a strong security posture, manage risks effectively, and maintain compliance with regulatory requirements. - Governance: Assist organisations in developing and implementing information security policies, procedures, and standards that align with industry best practices and regulatory requirements. This involves establishing governance structures, defining roles and responsibilities, and ensuring that security controls are in place to support the organisation's objectives. - Risk Management: Help organisations identify, assess, and mitigate information security risks. This includes conducting risk assessments, developing risk management strategies, and implementing risk mitigation measures, working closely with stakeholders to understand business objectives, evaluate risk tolerance, and develop risk treatment plans. - Compliance: Ensure that organisations comply with relevant laws, regulations, and industry standards pertaining to information security. This involves conducting compliance assessments, developing compliance programs, and providing guidance on adherence to frameworks such as GDPR, PCI DSS, ISO 27001, NIST, and others. This will help organisations understand their compliance obligations, implement necessary controls, and prepare for audits and certifications. - Contribute to the development and enhancement of GRC frameworks within organisations. This includes designing and implementing processes and tools for effective governance, risk assessment, risk tracking, compliance monitoring, and reporting. Collaborate with stakeholders to establish metrics, key performance indicators (KPIs), and reporting mechanisms to measure and communicate the organisation's GRC posture. High-Level: Help organisations establish and maintain effective governance, risk management, and compliance frameworks. 3
  • 5. 5 “Yes We Can” Information Security is not “easy”, but it is doable – a positive mindset is paramount. (and worthy of its own slide)
  • 6. Objectives / End-Goal Focused I possess an objective and end-goal focused personality. With a clear perspective and unwavering commitment, I make decisions based on facts and rational analysis, free from personal biases. My strong sense of purpose keeps me focused on the bigger picture and determined to achieve desired outcomes. My ability to prioritize effectively and strategically plan steps sets me apart. Colleagues appreciate my unbiased perspectives and dedication to achieving results, while creating a productive work environment. 6
  • 7. Milestones / Accomplishments (also known as “I’m very proud of...”) - Established the Infosec function at Depop from scratch – including processes, controls, recruitment (up to a team of 6), and led the successful Etsy Security Audit that allowed for the acquisition of the organisation. - Strengthened security infrastructure and technologies at Depop - oversaw the evaluation, selection, and implementation of security technologies, such as firewalls, intrusion detection/prevention systems, data loss prevention solutions, and security information and event management (SIEM) tools, enhancing the organisation's overall security posture. - Implemented robust Security Awareness Programs at Depop, TotallyMoney and Dnata Travel, part of the Emirates Group - designed and executed comprehensive security awareness and training initiatives to educate employees and stakeholders about information security risks, best practices, and their roles in safeguarding sensitive data. - Successfully implemented OS (RHEL) hardening at giffgaff and achieved PCI compliance using Ansible, resulting in a 40% increase in compliance with CIS benchmarks. - Established OpenBet’s “Tiger Team” of Security champions, while implementing Software Security Checklist in JIRA workflows for OWASP compliance. - Established and enhanced Incident Response capabilities at World of Books - built and led an effective incident response team, developing incident response plans, conducting regular drills, and coordinating responses to security incidents, minimizing the impact of breaches and ensuring timely resolution. - Proactively identified and mitigated emerging threats (continuous) - stayed abreast of the evolving cybersecurity landscape, proactively identifying emerging threats and vulnerabilities, and implementing appropriate controls and countermeasures to safeguard the organisation's assets. 7
  • 10. Skills INFOSEC COMPLIANCE STRATEGY RISK GOVERNANCE PROCESSES /CONTROLS RISK My expertise lies in risk management, where I have the ability to identify, assess, and prioritise information security risks. Through comprehensive risk assessments and analysis, I develop and implement risk mitigation strategies that protect the organisation's assets and minimise potential threats. GOVERNANCE I excel at establishing and implementing effective information security policies, procedures, and standards that align with industry best practices and regulatory requirements. By ensuring proper governance, I provide a framework that guides decision- making, risk management, and accountability throughout the organisation. COMPLIANCE I have a strong focus on compliance, ensuring adherence to relevant laws, regulations, and industry standards. With in-depth knowledge of frameworks such as GDPR, NIST, ISO 27001, I ensure that the organisation meets and exceeds compliance requirements, mitigating legal and regulatory risks. PROCESSES/CONTROLS I possess skills in designing and implementing robust processes and controls. By establishing efficient and effective security frameworks, I ensure the confidentiality, integrity, and availability of critical assets. Through the implementation of appropriate controls and continuous monitoring, I mitigate risks and enhance the overall security posture of the organisation. STRATEGY (Direction) In the realm of strategy, I have a proven track record of developing and executing comprehensive information security strategies. By aligning security initiatives with business objectives, I create roadmaps that drive continuous improvement, enhance security posture, and support the organisation's overall strategic goals. These skills collectively enable me to contribute to the organisation's information security objectives, ensuring the establishment of effective governance, managing risks, maintaining compliance, driving strategic initiatives, and implementing robust processes and controls. Diverse skillset in the following high-level topics:
  • 11. Infosec Experience Across Multiple Industries Consulting Contino (2021-2022) NTT Data (2015-2016) Oil & Gas Norwegian Petroleum Academy (2005-2013) Aviation Dnata Travel (Emirates Group) (2018-2019) Insurance CompareTheMarket (2017-2018) Retail World of Books (2022-2023) Depop (2020-2021) Telecoms Giffgaff (2015-2016) Sky (2016-2017) Financial Services JPMorgan Chase (2023) TotallyMoney (2019-2020) Gaming OpenBet (2013-2014) 11
  • 12. A map, of course 12 There’s been a lot of recent talk (maybe, just maybe, too muck hypothetic talk) about generative AI and ML models. How will the technology integrate and evolve with our current tools, frameworks and methods, and more importantly, will it be OSS? (MLOSS)
  • 13. Publications The process to create a paperback book was completely alien to me – that didn’t deter me. Good reviews - some readers asked for a follow-up book.
  • 14. Personal (1/2) Since 2009 2023 Allaboutdragons.com - Wiki and gallery about dragons, with all the information I could gather over the years. From 10k to 30k unique visitors a month. A site with statistics and graphs dedicated to the new Bluesky social media. (backend: Python and PostgreSQL)
  • 15. Personal (2/2) - Active in the Infosec industry and community (LinkedIn, public forums, private forums) - Member of ClubCISO, CISO Club (not the same thing), member of ISACA London Chapter (attending all webinars and in-person events when I can) - Attending Infosec Europe since 2014 - Actively participate in relevant conferences and events as a panelist, sharing my expertise and insights - Audiophile - Considering CISA or CGEIT as the next certification (when time permits)

Editor's Notes

  1. © Copyright PresentationGO.com – The free PowerPoint and Google Slides template library
  2. © Copyright PresentationGO.com – The free PowerPoint and Google Slides template library
  3. © Copyright PresentationGO.com – The free PowerPoint and Google Slides template library
  4. © Copyright PresentationGO.com – The free PowerPoint and Google Slides template library