I oversee key service lines for our business risk department. 25 years in IT risk and controls, spread across many sectors and organisations, enables me to drive real value into engagements.
I initially trained as a financial auditor and then ran a software reselling business before moving into technology audit. I've worked extensively in the UK and abroad, which has exposed me to diverse cultures and working practices.
My current focus centres around two services:
Special attestation reporting
Effectively a one-to-many report for companies and organisations who provide services to many customers to demonstrate independent assurance over a defined set of business and IT controls. They're more commonly known as ISAE3402 / SOC 1 / SOC 2 and ISAE3000 reports.
Internal audit services
Supporting clients through the co-source or outsource internal audit requirements to navigate current and future risk landscape. This includes supporting organisations to interpret Department for Business and Trade’s audit and corporate governance reforms – maintaining a focus on security and privacy by design to help respond to the ever-changing world of cyber security and evolving IT requirements.
I really enjoy meeting clients and understanding their challenges to figure out how we can help. I'm passionate about making changes to organisations for the better, identifying the risk, and working on pragmatic and proportionate solutions.
Outsides of work, my wife and I enjoy seeing live shows and bands, as well as travelling and walking.