Skill set
Andrew in a few words
As a CISO and cybersecurity expert, I am responsible for protecting company assets, ensuring compliance, and mitigating cyber risks. I develop and implement security strategies and frameworks, oversee incident response, and lead security teams to defend against evolving threats. Working closely with executives and IT teams, I align security initiatives with business goals while ensuring a strong cybersecurity culture. With expertise in risk management, threat intelligence, compliance and security architecture, I focus on maintaining resilience against cyberattacks and ensuring the confidentiality, integrity, and availability of critical information systems.
Experience
- AXA Group OperationsChief Information Security OfficerDIGITAL & ITMarch 2023 - Today (2 years and 2 months)Paris, FranceAchievements and responsibilities:• Have been accountable for cyber security governance across different business lines within AXA Group Operations (GO).• Activities include security compliance and governance, internal audit remediation, security assurance assessments, security governance for both Business as Usual (BAU) operations and any new projects / products or frameworks, including specialism in the Digital Operational Resilience Act (DORA) framework and integrating these controls into AXA GO project and BAU monitoring activities.• I am also leading a transformation of the AXA GO Security department, introducing a new TOM and structure to the organisation, including identification and implementation of a new end-to-end security assurance model, identifying efficiencies and improvements where possible to ensure synergy across all organisation departments.
- AB Security ConsultingFounder / CEODIGITAL & ITMarch 2023 - Today (2 years and 2 months)Paris, FranceAchievements and responsibilities:• Founder and CEO of company providing Cyber Security compliance and governance activities and trusted advice across all areas of security.• Bringing years of experience working with companies of all sizes to deliver security projects and assessments, to ensure compliance and security best practices are implemented within organisations.
- NCC GroupPrincipal Security ConsultantMarch 2013 - March 2023 (10 years)Manchester, UKConsultant, Senior Consultant)(March 2013 – March 2023)Achievements and responsibilities:• Ten years of engagement across information security within traditional and Cloud SaaS, IaaS and PaaS deployed environments.• As a senior member of the team, I was responsible for customer relationships around the world, including management of engagements, projects, stakeholders and teams of employees to analyse and address customer's business and security needs and to meet their legal and regulatory requirements.• I was heavily involved in business development and full end-to-end customer engagement lifecycle management. I was responsible for scoping engagements, writing proposals, completion of PO's, engagement reviews and overall delivery to clients.• I was a qualified PCI DSS QSA, PCI 3DS Lead Assessor, ISO 27001 Lead Auditor, ISMS Lead Auditor, GSMA SAS-SM Lead Assessor and CAS(T) Lead Auditor, with further experience in PA-DSS, P2PE and PCI PTS / PIN.• I managed and supported a number of consultants in their day-to-day activities, focusing on their development and ensuring customer engagements were delivered properly. This includes running of training sessions both online and in person.• As a thought leader and accomplished communicator I presented to both colleagues and external customers, as well as potential customers and other industry peers, on various information security and compliance topics.
Recommendations
Education
- Bsc (Hons) Computer ScienceUniversity of West of England2007Bsc (Hons) Computer Science
- A-LevelsCoopers Company & Coborn School2003A-Levels