Jul 2025 – Present · 8 mos

• Deliver regular executive-level briefings to different C-suite and SLT’s on cyber security maturity, risk posture, and strategic priorities.
• Contribute to ISO/IEC 27001 audits, coordinating control evidence with external auditors and internal stakeholders to maintain continuous compliance and strengthen the organisation’s security posture.
• Oversee IT risk management, contributing to the Cyber Risk Committee and driving risk treatment through stakeholder alignment and coordinated remediation across business units and system owners.
• Design and implement DLP controls to safeguard confidential data from exposure through generative AI platforms (ChatGPT, Claude, Copilot), significantly reducing data exfiltration risk.
• Lead, manage, and mentor a security team, driving operational excellence and capability uplift.
• Lead major incident response efforts as the primary escalation point for Level 3 investigations, ensuring swift resolution and minimised business impact.

Mar 2023 – Jul 2025 · 2 yrs 4 mos

• Serving as a Cybersecurity Consultant for top-tier clientele, tasked with:
• Advising on cybersecurity strategies, processes, and technologies to align with client's strategic objectives.
• Tailored consultation on the business impact of emerging zero-day threats to client organisations.
• Optimizing cybersecurity expenditure by recommending priority investments that deliver greatest risk mitigation.
• Leading initiatives to establish and uphold a resilient cybersecurity foundation spanning our company's network, systems, hardware, software, and cloud computing operations, fortifying defenses against emerging cyber threats.
• Implement internal compliance in-line with ISO 27001, ISM, Essential 8, NIST & CIS Benchmarks

Jan 2021 – Feb 2023 · 2 yrs 1 mo

• Championed enterprise-wide governance and risk alignment by implementing compliance programs in line with ISO 27001, ISM, Essential 8, NIST, and CIS Benchmarks, culminating in the organisation achieving ISO 27001 certification and strengthening executive and board-level assurance.
• Established and directed both the organisation’s internal Security Operations Centre and the customer-facing Managed SOC service, including Breach Support; designed and operationalised SOC & SIEM capabilities that safeguarded the enterprise and over 20 client organisations.
• Coordinated major incident response efforts, serving as escalation point and strategic lead for Level 3 investigations.

Oct 2019 – Dec 2020 · 1 yr 2 mos

• Delivered risk remediation consultation directly to client C-Suite and senior technical leadership, translating complex technical findings into business-aligned recommendations.
• Led a high-performing Penetration Testing team, providing executive-level consultation on the implications of bypassed controls and layered attack paths.
• Maintained profitability and scalability of cybersecurity services while ensuring delivery quality met client board and regulator expectations.
• Establishing the foundational architecture, processes and personnel requirements an efficient and scalable Security Operations Centre business unit

Oct 2018 – Sep 2019 · 11 mos

• Initiated the organisation’s ISO 27001 alignment journey by developing core security policies and leading the first wave of technical control implementations, establishing the foundation for future certification.
• Served as the organisation’s primary Cybersecurity Lead, acting as the central point of contact for all security matters; strengthened both operational defences and governance practices to enhance overall resilience.
• Led offensive security exercises across both client environments and the organisation’s own infrastructure, uncovering systemic risks and strengthening resilience, those including:
• Internal Network & External Perimeter Penetration Testing
• Physical Onsite Breach Simulations to assess physical security posture
• Social Engineering campaigns (Vishing, Phishing simulations) to evaluate human risk factors