I oversee key service lines for our business risk department. I have 26 years experience in IT risk and controls, spread across many sectors and organisations, enabling me to drive real value into engagements.
I initially trained as a financial auditor and then ran a software reselling business before moving into technology audit. I've worked extensively in the UK and abroad, which has exposed me to diverse cultures and working practices.
Effectively a one-to-many report for companies and organisations who provide services to many customers to demonstrate independent assurance over a defined set of business and IT controls. They're more commonly known as ISAE3402 / SOC 1 / SOC 2 and ISAE3000 reports.
Supporting clients through the co-source or outsource internal audit requirements to navigate current and future risk landscape. This includes supporting organisations to interpret Department for Business and Trade’s audit and corporate governance reforms – maintaining a focus on security and privacy by design to help respond to the ever-changing world of cyber security and evolving IT requirements.
I really enjoy meeting clients and understanding their challenges to figure out how we can help. I'm passionate about making changes to organisations for the better, identifying the risk, and working on pragmatic and proportionate solutions.
Outside of work, my wife and I enjoy seeing live shows and bands, as well as travelling and walking.
Overcoming the common missteps for a successful SAR engagement, that delivers real value to both service providers and their customers.
How bridge letters fill the gap in reporting cycles.
A global enterprise software provider needed to meet growing customer demand for assurance reporting while maintaining agility across a complex suite of applications.
