Cybersecurity Services
Areas of Expertise
My professional focus is on the core pillars of Governance, Risk, and Compliance (GRC). My approach is grounded in real-world experience, combining deep technical knowledge with a proven ability to manage people and processes. I focus on delivering practical, business-aligned solutions across the GRC landscape.
End-to-End Security Awareness & Training Programs
A strong security posture starts with your people. I specialise in creating and managing training programs that go beyond simple compliance box-ticking to genuinely change user behaviour and build a resilient security culture. My expertise includes designing bespoke curriculum, administering Learning Management Systems (LMS), and creating metrics to demonstrate program effectiveness.
ISO 27001 Readiness & Audit Support
I help organisations prepare for ISO 27001 certification and other audits. This includes reviewing controls against frameworks like Annex A, gathering and organising evidence, identifying gaps in the Information Security Management System (ISMS), and preparing staff for the scrutiny of the audit process.
IT Policy & Governance Framework Development
I author and review the clear, concise information security policies and procedures that form the bedrock of good governance. My experience covers the full policy lifecycle, from initial drafting and stakeholder consultation to implementation and regular reviews, ensuring documentation is robust, compliant, and fit for purpose.
Information Security Risk Management
I conduct practical risk assessments to identify, analyse, and evaluate information security risks in line with business objectives. This process helps organisations make informed, defensible decisions about where to invest their security resources for the greatest impact.
Familiar Frameworks & Standards
I have practical knowledge and experience working with a wide range of key cybersecurity and data protection requirements, including:
- ISO 27001 & ISO 27701 (Privacy)
- Cyber Essentials & Cyber Essentials Plus
- GDPR & Data Protection Act 2018
- NIST Cybersecurity Framework (CSF)
- KCSIE (Keeping Children Safe in Education)
- PCI DSS (Payment Card Industry Data Security Standard)
Let’s Connect
If my background and expertise align with the needs of your team, I would welcome the opportunity to connect and discuss further.
