$$$$
{{ $t($store.state.user.experience_value_in_dollars) }}
Expert
{{ $t($store.state.user.experience_search_name) }}
0
jobs
Startup Security Evangelist | vCISO | Security Strategist | Privacy Champion | Cloud Security Leader | Mapper | Veteran
Tony Richards
,
Bedford, United Kingdom
Experience
Other titles
Skills
I'm offering
An experienced security strategist, yet hands-on Consultant and former Group Chief Information Security Officer (GCISO) with over 17 years of technical experience in government, commercial and digital data security. I provide subject matter expertise on Cloud, Cyber Security and Continuous Risk Management. During my career, I have had a variety of challenging roles, from building C4iSTAR systems for the US DoD, to being responsible for the information security of the UK Supreme Court, and even assessing and advising Global Cloud Providers. As both CISO and Head of Consulting for a number of organisations, I have led a range of engagements both internally and with a wide portfolio of clients. I have spoken at various industry events, ranging from expert panel discussions and keynote speeches through to whole day workshops, covering such topics as: Wardley Mapping, Cloud Security, GDPR, G-Cloud security assurance and Continuous Information Risk Management for government.
Markets
United Kingdom
Links for more
Once you have created a company account and a job, you can access the profiles links.
Language
English
Fluently
Ready for
Larger project
Ongoing relation / part-time
Full time contractor
Available
My experience
2019 - ?
freelance
Cyber Security and Data Protection Consultant
TYR Industries Ltd.
Providing a range of services to clients, including problem solving, providing advice on cyber security issues, conducting security assessments and architectural reviews, including:
Security application development and Knack security reviews.
Open Security Summit 2019: Ran the Wardley Mapping track, including delivering an Introduction to Wardley Mapping, a guided Wardley Map creation session, and assisting Simon Wardley on the Boot Camp session.
Security application development and Knack security reviews.
Open Security Summit 2019: Ran the Wardley Mapping track, including delivering an Introduction to Wardley Mapping, a guided Wardley Map creation session, and assisting Simon Wardley on the Boot Camp session.
Security, Cyber Security, Information Security, Security Assessment, Governance Risk and Compliance, Risk analysis, Risk Management, Risk management and assessment, GDpr, Certified DPO, Data protection officer, Wardley Mapping, Certified Lead Auditor, Supply chain management, Security architecture, Informmation Security Management, IT consultant, Agile security
2018 - 2019
job
Group Chief Information Security Officer and Head of Consulting
Falanx Group Ltd.
Turnover of £3M and over 65 staff
1) The Group CISO of Falanx Group; responsible across the whole group and subsidiary businesses, ensuring cyber security, data protection and compliance with regulatory and legal requirements, reporting to the Group Board. Managed 3 direct reports for Compliance, IT Security and Data Protection.
In first quarter, conducted a full security and architecture review across the Group and subsidiaries, including four offices and a Cyber Security Operations Centre (CSOC), this fed into a cyber security strategy, and recommendations for changes to corporate infrastructure and services.
Rolled out a cyber security and GDPR awareness platform, with phishing simulator, across the group to ensure compliance with the DPA2018 and ISO27001:2013 requirements. This, along with a risk assessment of each of the business, a security assessment program of suppliers/vendors, the development of risk treatment plans, then supported a successful ISO27001 audit and re-certification.
Instigated a GDPR and DPA18 compliance programme, including mapping the personal data journeys of the various group divisions business functions and processes, conducting Data Protection Impact Assessment (DPIA) threshold tests and where required conducted full DPIAs, as well as implementing processes for responding to Personal Data Breaches and DSAR requests.
2) Head of Cyber Security Consulting at Falanx Cyber, responsible for delivery, business development and client relations, specifically across UK government organisations, but also with private sector clients. This client facing role includes delivering directly to clients as a vCISO and subject matter expert, managing and leading dispersed teams of consultants and security staff across multiple locations, projects and clients, developing new channels and market opportunities, and gaining and maintaining Falanx's NCSC Certified Cyber Security Consultancy membership. Also responsible for continued professionalism and technical capability of the consultants within the business, actively engaging in mentoring and development programmes to ensure a pipeline of talent and maintaining certifications (IISP membership, NCSC Certified Cyber Security Consultancy Scheme and Professional qualifications).
Major Consulting Clients:
Youth Justice Board (YJB)
Civica
Salesforce
AWS
Supreme Court of the United Kingdom
Karhoo
1) The Group CISO of Falanx Group; responsible across the whole group and subsidiary businesses, ensuring cyber security, data protection and compliance with regulatory and legal requirements, reporting to the Group Board. Managed 3 direct reports for Compliance, IT Security and Data Protection.
In first quarter, conducted a full security and architecture review across the Group and subsidiaries, including four offices and a Cyber Security Operations Centre (CSOC), this fed into a cyber security strategy, and recommendations for changes to corporate infrastructure and services.
Rolled out a cyber security and GDPR awareness platform, with phishing simulator, across the group to ensure compliance with the DPA2018 and ISO27001:2013 requirements. This, along with a risk assessment of each of the business, a security assessment program of suppliers/vendors, the development of risk treatment plans, then supported a successful ISO27001 audit and re-certification.
Instigated a GDPR and DPA18 compliance programme, including mapping the personal data journeys of the various group divisions business functions and processes, conducting Data Protection Impact Assessment (DPIA) threshold tests and where required conducted full DPIAs, as well as implementing processes for responding to Personal Data Breaches and DSAR requests.
2) Head of Cyber Security Consulting at Falanx Cyber, responsible for delivery, business development and client relations, specifically across UK government organisations, but also with private sector clients. This client facing role includes delivering directly to clients as a vCISO and subject matter expert, managing and leading dispersed teams of consultants and security staff across multiple locations, projects and clients, developing new channels and market opportunities, and gaining and maintaining Falanx's NCSC Certified Cyber Security Consultancy membership. Also responsible for continued professionalism and technical capability of the consultants within the business, actively engaging in mentoring and development programmes to ensure a pipeline of talent and maintaining certifications (IISP membership, NCSC Certified Cyber Security Consultancy Scheme and Professional qualifications).
Major Consulting Clients:
Youth Justice Board (YJB)
Civica
Salesforce
AWS
Supreme Court of the United Kingdom
Karhoo
Regulatory, Assessment, Audit, Infrastructure, ISO27001, Development, Business development, Architecture, Security, Compliance, Mentoring, Consulting, GDpr, GDPR Compliance, Governance Risk and Compliance, Cyber Security, Security Assessment, Information Security, Certified DPO, Data protection officer, Privacy Regulation
2018 - 2019
project
Data Protection Officer
Flit Technologies.
Falanx Group Ltd.
Advised the Board on GDPR and Data Protection, providing Quarterly Compliance Reports.
Conducted audits of GDPR compliance, provided advice on Data Protection Impact Assessments and supported the business in identifying and documenting personal data flows.
Developed and implemented processes for responding to Data Breaches, DSARs and Erasure requests.
Conducted audits of GDPR compliance, provided advice on Data Protection Impact Assessments and supported the business in identifying and documenting personal data flows.
Developed and implemented processes for responding to Data Breaches, DSARs and Erasure requests.
GDpr, GDPR Compliance, Compliance, Processes, Certified DPO
2009 - 2018
job
Chief Technical Officer, CISO and Founder
Securestorm Ltd.
£1M Turnover and 8 staff
The CTO and CISO of Securestorm, a cyber and cloud security consultancy; responsible for delivery, business development and client relations, specifically across UK government organisations, but also with private sector clients. This client facing role includes: delivering directly to clients as a CISO and subject matter expert, managing and leading dispersed teams of consultants and security staff across multiple locations, projects and clients, developing new channels and market opportunities, and gaining and maintaining Securestorm's entry to a range of UK government procurement frameworks, such as G-Cloud, Cyber Security Services, and Digital Outcomes and Specialists 2 (DOS2). In 2016 Securestorm was a finalist in the Infosec Awards, category for Security Consultancy Practice of the year and I was inducted into the Digital Leaders 100.
Internally responsible for continued professionalism and technical capability of the consultants within the company, actively engaging in mentoring and development programmes to ensure a pipeline of talent and maintaining company certifications (IISP membership, NCSC Certified Cyber Security Consultancy Scheme and Professional qualifications, CSA UK Chapter Board Membership, TechUK membership and Cyber Essentials certification). This includes the running of internal training and certification courses for staff, such as ISO27001 Lead Auditor and Certified Cloud Security Professional (CCSP).
As CTO, was responsible for technical and security management of the company IT. This included the successful and secure implemented a range of cloud-based technologies including: Office 365, Box.com, Slack, Hubspot, Knack, Formstack, Trello, Edgescan and several other services.
Developed the Securestorm continuous risk management dashboard (Nol-ij) for managing and tracking information risks in real time, providing instantaneous risk status reporting to clients and stakeholders, while forecasting risk treatments and remediation to enable road mapping and advanced risk planning.
Also, responsible for innovation and thought leadership regarding the wider industry, specifically Cloud, Cyber and Digital Information Risk Management. In 2016 was invited to become an expert contributor by (ISC)2 and to provide content and advice the Cloud Security syllabus and exams for the (ISC)2 Certified Cloud Security Professional (CCSP) qualification.
Securestorm was one of two companies certified by National Cyber Security Centre (NCSC) to provide Cyber Security Consultancy in: Risk Assessment, Risk Management and, IA Audit and Review. As such, I, as the Head of Cyber Security Consulting Services, had to qualify at the highest levels of UK Government Information Assurance and demonstrate through assessment and interviews, significant thought leadership and experience in those fields.
Major Consulting Clients:
The CTO and CISO of Securestorm, a cyber and cloud security consultancy; responsible for delivery, business development and client relations, specifically across UK government organisations, but also with private sector clients. This client facing role includes: delivering directly to clients as a CISO and subject matter expert, managing and leading dispersed teams of consultants and security staff across multiple locations, projects and clients, developing new channels and market opportunities, and gaining and maintaining Securestorm's entry to a range of UK government procurement frameworks, such as G-Cloud, Cyber Security Services, and Digital Outcomes and Specialists 2 (DOS2). In 2016 Securestorm was a finalist in the Infosec Awards, category for Security Consultancy Practice of the year and I was inducted into the Digital Leaders 100.
Internally responsible for continued professionalism and technical capability of the consultants within the company, actively engaging in mentoring and development programmes to ensure a pipeline of talent and maintaining company certifications (IISP membership, NCSC Certified Cyber Security Consultancy Scheme and Professional qualifications, CSA UK Chapter Board Membership, TechUK membership and Cyber Essentials certification). This includes the running of internal training and certification courses for staff, such as ISO27001 Lead Auditor and Certified Cloud Security Professional (CCSP).
As CTO, was responsible for technical and security management of the company IT. This included the successful and secure implemented a range of cloud-based technologies including: Office 365, Box.com, Slack, Hubspot, Knack, Formstack, Trello, Edgescan and several other services.
Developed the Securestorm continuous risk management dashboard (Nol-ij) for managing and tracking information risks in real time, providing instantaneous risk status reporting to clients and stakeholders, while forecasting risk treatments and remediation to enable road mapping and advanced risk planning.
Also, responsible for innovation and thought leadership regarding the wider industry, specifically Cloud, Cyber and Digital Information Risk Management. In 2016 was invited to become an expert contributor by (ISC)2 and to provide content and advice the Cloud Security syllabus and exams for the (ISC)2 Certified Cloud Security Professional (CCSP) qualification.
Securestorm was one of two companies certified by National Cyber Security Centre (NCSC) to provide Cyber Security Consultancy in: Risk Assessment, Risk Management and, IA Audit and Review. As such, I, as the Head of Cyber Security Consulting Services, had to qualify at the highest levels of UK Government Information Assurance and demonstrate through assessment and interviews, significant thought leadership and experience in those fields.
Major Consulting Clients:
It, Founder, Knack, Planning, Assessment, Audit, Trello, Office, ISO27001, Development, Cto, Hubspot, Security, Business development, Forecasting, Mentoring, Leadership, Procurement, Risk Management, Management, Content, Training, Consulting, Cloud, Office 365, Innovation, Cyber Security, Certified DPO, Data protection officer, Governance Risk and Compliance, GDPR Specialist
2017 - 2018
project
Security and GDPR Advisor
Photobox Group.
Securestorm Ltd.
Advised the Group CISO on the technical and organisational security measures required for GDPR.
Developed and implemented an internal process and assessment of security controls across the Group and subsidiaries.
Developed and implemented an internal process and assessment of security controls across the Group and subsidiaries.
GDpr, Security, Assessment, GDPR Compliance
2011 - 2013
project
Information Assurance Lead
Ministry of Justice (MoJ).
Securestorm Ltd.
MoJ £8Bn Annual Budget and over 60,000 staff
Supported and advised the Head of MoJ ICT Cyber Security and Information Assurance.
Security Lead for several Major MoJ procurement projects. Evaluated major IT integration suppliers, through drafting requirements, assessing Pre-qualification questionnaires, evaluating supplier, Invitation-to-Tender returns and conducting Competitive Dialogue with suppliers (QUANTUM/NICTS - £350M and Private Prisons 2/3 - £2.5Bn.
Cloud Security Lead and subject matter expert on all Cloud related projects at the MoJ, specifically around assurance and Accreditation of Public Cloud services and G-Cloud suppliers. Responsible for 40 different projects over an 18-month period. Significant projects included:
◦ Developing the "MoJ and Justice Approach to Accrediting G-Cloud services";
◦ Assuring Microsoft CRM Dynamics in the Microsoft Public Cloud - Azure
◦ Architected an internet facing citizen digital application with a backend Restricted (IL3) database in a Hybrid Cloud architecture
Developed a composite accreditation approach to enable proportional security assurance and accreditation of MoJ cloud-based services and projects. Represented the MoJ on a cross government working group for cloud security
Supported and advised the Head of MoJ ICT Cyber Security and Information Assurance.
Security Lead for several Major MoJ procurement projects. Evaluated major IT integration suppliers, through drafting requirements, assessing Pre-qualification questionnaires, evaluating supplier, Invitation-to-Tender returns and conducting Competitive Dialogue with suppliers (QUANTUM/NICTS - £350M and Private Prisons 2/3 - £2.5Bn.
Cloud Security Lead and subject matter expert on all Cloud related projects at the MoJ, specifically around assurance and Accreditation of Public Cloud services and G-Cloud suppliers. Responsible for 40 different projects over an 18-month period. Significant projects included:
◦ Developing the "MoJ and Justice Approach to Accrediting G-Cloud services";
◦ Assuring Microsoft CRM Dynamics in the Microsoft Public Cloud - Azure
◦ Architected an internet facing citizen digital application with a backend Restricted (IL3) database in a Hybrid Cloud architecture
Developed a composite accreditation approach to enable proportional security assurance and accreditation of MoJ cloud-based services and projects. Represented the MoJ on a cross government working group for cloud security
Database, Cloud, Integration, Procurement, It, Security, Cloud services, Budget, Architecture, IT integration, Internet, Backend, Hybrid, Cyber Security, Information Security, Security Assessment, Governance Risk and Compliance, Risk analysis
Tony's reviews
Tony has not received any reviews on Worksome.
Contact Tony Richards
Worksome removes the expensive intermediaries and gives you direct contact with relevant talent.
Create a login and get the opportunity to write to Tony directly in Worksome.
are ready to help you
and get specific bids from skilled talent in Denmark