25 years of consequential appointments

Founded a cybersecurity advisory firm supporting fintech, blockchain, and high-growth organisations to scale securely and meet regulatory demands. Acts as trusted advisor to boards, executives, and investors on cyber strategy, M&A, risk, and digital transformation, building long-term client relationships by translating cyber risk into clear, actionable business decisions.

Delivers enterprise security strategies and operating models aligned to business growth, investment objectives, and regulatory requirements. Has led implementation of frameworks including ISO 27001, NIST, and PCI-DSS, strengthening governance and audit readiness across regulated environments. Advises on cryptocurrency security, KYC/AML, and financial crime controls, improving compliance and operational resilience.

Enables secure adoption of emerging technologies — including AI, Agentic systems, and blockchain — while maintaining risk-aligned, cost-effective security controls. Advisory appointments include the FCA Cyber Coordination Group (ISCCG), NCSC Strategy Advisor, Lloyds of London Market Cyber Risk Committee, EC-Council Global Advisory Board, and InfoSecurity Europe Advisory Council.

Appointed by Advent International (Private Equity) to lead post-acquisition cybersecurity transformation across a complex, multi-entity global organisation. Conducted an enterprise-wide risk and maturity assessment, defining Group-wide priorities and a remediation strategy, then secured board approval for a multi-year cybersecurity transformation programme including target operating model, roadmap, and investment case.

Built the Group security function from greenfield, establishing governance, operating model, and global capability. Implemented a risk-based security strategy aligning investment with business growth and operational risk, and established core capabilities including SOC, IAM, vulnerability management, and third-party risk, significantly improving visibility and control across the organisation.

Delivered business continuity, crisis management, and incident response frameworks, strengthening organisational resilience. Led compliance across 16 global PCI programmes, improving regulatory alignment and audit readiness. Standardised security frameworks across acquired entities, reducing integration risk and operational fragmentation, and enabled secure scaling across multiple regions, platforms, and partner ecosystems.

Led development of an enterprise-wide cybersecurity and data protection strategy across global operations, partnering with the Group CISO and executive leadership. Conducted organisation-wide security and privacy maturity assessments, defining key risks, gaps, and investment priorities, then designed and delivered a global cybersecurity and privacy transformation programme including target operating model and execution roadmap.

Built a risk-based, cost-effective strategy aligning security investment with business objectives and regulatory requirements. Established governance structures and delivery frameworks to enable scalable, sustainable security capability across regions, embedded GDPR-aligned data protection practices, and improved global visibility, control, and consistency of security practices.

Provided strategic advisory to senior leadership, translating cyber risk into clear business and investment decisions across UK and European operations.

Led enterprise-wide cybersecurity, privacy, and GRC transformation for the national data platform underpinning the UK gas market. Accountable for security strategy and data protection as Cyber Security Lead and DPO, ensuring resilience, regulatory alignment, and operational integrity across a highly interconnected, multi-stakeholder ecosystem.

Defined and delivered a cybersecurity and privacy transformation programme, improving control, visibility, and governance across critical systems. Established and matured GRC and data protection frameworks, aligning to regulatory and industry standards, and embedded security across core services supporting suppliers, shippers, and transporters — strengthening protection of critical national data assets.

Enhanced cyber risk management and strengthened resilience across services critical to market stability and operational continuity. Acted as trusted advisor to executive leadership and industry stakeholders, translating cyber risk into clear business decisions.

Appointed CISO for a FTSE 100 organisation, leading cybersecurity across a 300+ site estate spanning corporate systems and smart building environments. Conducted an enterprise-wide cyber risk and security posture assessment, identifying critical gaps across IT, applications, and OT/IoT, then defined and delivered an enterprise security strategy and target operating model aligned to business risk, regulatory requirements, and digital transformation.

Developed a risk-based roadmap prioritising investment and remediation across corporate and smart infrastructure environments. Strengthened security across applications, architecture, infrastructure, and IoT ecosystems, improving visibility and control in a highly distributed environment. Secured smart building technologies, addressing the convergence of cyber and physical risk, and improved organisational resilience across interconnected property systems.

Provided strategic cyber risk insight to executive leadership, enabling informed business and investment decisions.

Advised a high-growth cybersecurity firm specialising in cyber deception and active threat defence, supporting enterprise and government clients. Shaped security strategy and product positioning, aligning advanced capabilities to client risk and market demand, and supported deployment of deception technologies within complex enterprise environments, enhancing real-time threat detection and response.

Advised on integration into SOC operations and security architecture, improving threat visibility and attacker intelligence. Contributed to go-to-market strategy and client engagement across Fortune 500 organisations, financial services, and public sector agencies.

Appointed as Group CISO and DPO, reporting to the Board and Risk Committees, providing enterprise-wide cyber risk oversight and governance across multiple legal entities. Built the global security function from inception, defining strategy, operating model, and governance frameworks. Delivered a group-wide cybersecurity and data protection strategy, embedding security across business and technology transformation programmes.

Established global capabilities including SOC, IAM, third-party risk, and incident response, significantly improving visibility and control. Led CBEST/STAR testing and advanced threat defence initiatives, strengthening resilience against sophisticated threats. Implemented enterprise-wide crisis management and cyber incident response, including executive-level simulations, and embedded GDPR and data protection frameworks, improving regulatory compliance and audit readiness.

Acted as a trusted advisor to the Board, translating cyber risk into clear business and investment decisions. Supported strategic initiatives including fraud, financial risk, and emerging technologies, and partnered with underwriting to launch a new cyber insurance capability for MS Amlin.

Led cybersecurity and data protection across global platforms supporting the Lloyd's of London market ecosystem — one of the most complex and regulated insurance environments. Operated at board and industry level, providing strategic cyber risk leadership across the London Market TOM and International Underwriting Association (IUA). Directed security for major transformation programmes (CSRP, IMR), enabling secure modernisation of critical insurance infrastructure.

Defined and delivered enterprise-wide security strategy, governance, and operating model aligned to regulatory and market requirements. Established a 24/7 global SOC with threat intelligence, significantly enhancing detection and response capability. Delivered IAM, vulnerability management, and secure architecture frameworks, and embedded security into development through secure coding standards and an in-house penetration testing capability.

Aligned global controls to ISO/IEC 27001 and led CBEST/CREST STAR assessments, improving audit readiness and control assurance. Influenced market-level risk decisions through board and industry committee engagement, and reduced systemic risk across platforms critical to global insurance operations.

Led global information security and data protection across UK, Europe, US, and Asia, securing enterprise systems and sensitive data in a distributed environment. Partnered with executive leadership to define and deliver enterprise security, risk, and data protection strategy aligned to business growth and regulatory requirements.

Designed and implemented a global ISMS aligned to ISO/IEC 27001, achieving BSI certification and establishing a scalable governance framework. Built and delivered enterprise-wide cybersecurity, risk, and data protection programmes, improving visibility, control, and compliance. Established application security architecture and secure development standards, embedding security into the SDLC, and strengthened penetration testing, vulnerability management, and incident response capabilities.

Appointed Group DPO, ensuring compliance with global regulations including GDPR. Enabled secure international expansion by aligning security and privacy with multi-jurisdictional regulatory requirements, and enhanced governance across IP, contractual, and regulatory obligations, reducing legal and operational risk.

Served as Global Operations Director at Noble International Exchange, a financial services business operating in international exchange markets. Held responsibility for global operations and information security across an environment where data integrity, system availability, and regulatory compliance are critical operational requirements.

Led the development and implementation of operational and information security frameworks appropriate for a regulated financial environment, addressing the specific threat landscape of financial infrastructure including market data security, trading system integrity, and the compliance obligations of a regulated financial firm.

Led global security integration following a multi-company merger, rebuilding enterprise security architecture and governance frameworks across the combined organisation. Improved risk visibility, monitoring, and business continuity capability, enabling successful integration and stabilisation of operations by reducing risk and aligning security practices globally.

Led UK-wide operations across IT infrastructure, applications, service delivery, and business change, supporting multiple business units. Accountable for technology strategy and operational performance, aligning IT capabilities with business growth and efficiency objectives. Led transformation initiatives to improve service delivery, operational efficiency, and organisational performance.

Delivered technology modernisation across infrastructure and platforms, enabling enhanced business capability and scalability. Strengthened collaboration across IT and business functions, driving alignment and execution across the organisation.