$$$$
{{ $t($store.state.user.experience_value_in_dollars) }}
Expert
{{ $t($store.state.user.experience_search_name) }}
0
jobs
Information Risk and Cyber Security CISM, CRISC, CGEIT
Andy Bebbington
,
London, United Kingdom
Experience
Other titles
Skills
I'm offering
A highly experienced, technically minded and accomplished Information Security & Risk Management Professional with a proven track record in information security leadership, management, risk assessments, analysis and implementation. Experienced in performing senior level roles within major organisations such as Goldman Sachs, Deutsche Bank and HSBC.
Demonstrates a business, technical and consultative approach, with strong communication and analytical skills to complete risk analysis, major security programmes and complex risk projects. A specialist in security policy implementations, information security risk, controls and improvement in addition to governance and risk compliance. Confident and extremely motivated with the ability to manage operational activities or projects from conception through to delivery and implementation.
Capable and adaptable in providing information security risk roles, transformation oversight, gap analysis, planning or implementation initiatives.
Proficient in risk management practices, business awareness, data protection, supplier security, security compliance and oversight for teams and initiatives.
Demonstrates a business, technical and consultative approach, with strong communication and analytical skills to complete risk analysis, major security programmes and complex risk projects. A specialist in security policy implementations, information security risk, controls and improvement in addition to governance and risk compliance. Confident and extremely motivated with the ability to manage operational activities or projects from conception through to delivery and implementation.
Capable and adaptable in providing information security risk roles, transformation oversight, gap analysis, planning or implementation initiatives.
Proficient in risk management practices, business awareness, data protection, supplier security, security compliance and oversight for teams and initiatives.
Markets
United Kingdom
Links for more
Once you have created a company account and a job, you can access the profiles links.
Language
English
Fluently
Ready for
Ongoing relation / part-time
Available
My experience
2017 - 2019
job
Information Security Risk Manager
HSBC Global Banking and Markets.
• 2LOD oversight activities for the GBM and CMB businesses
• Established tasks and attributes for risk management reviews and 2LOD opinion reports
• Review of formal Risk Control Assessments, Risk Appetite reports, KRIs, Risk Scenarios,
• Six-week interim Asia regional ISR GBM/CMB head role (Hong Kong)
• Oversight of CIO functions including reviewing operational control reports and remediation activity.
• Established tasks and attributes for risk management reviews and 2LOD opinion reports
• Review of formal Risk Control Assessments, Risk Appetite reports, KRIs, Risk Scenarios,
• Six-week interim Asia regional ISR GBM/CMB head role (Hong Kong)
• Oversight of CIO functions including reviewing operational control reports and remediation activity.
Information Security, Risk Management, Management, Security, CIO, Interim, Manager, Asia
2016 - 2017
temp
Information Security Advisor
QUANTUMBLACK VISUAL ANALYTICS LTD.
• Key advisor in the development and establishment of the information security program, policies and governance for the organisation
• Conducted risk assessments and defined the required operations to facilitate future ISO27001 ISMS certification
• Implemented successful Qualys and Okta (CSAB) solutions to achieve cohesive vulnerability management and access compliance
• Introduced a comprehensive client data profile tracking process
• Completed the "Cloud Services" gap analysis across Office 365, BOX, Confluence, JIRA, Slack and Bitbucket
• Defined Amazon AWS security requirements) to put strong safeguards in place to protect customer privacy
• Conducted risk assessments and defined the required operations to facilitate future ISO27001 ISMS certification
• Implemented successful Qualys and Okta (CSAB) solutions to achieve cohesive vulnerability management and access compliance
• Introduced a comprehensive client data profile tracking process
• Completed the "Cloud Services" gap analysis across Office 365, BOX, Confluence, JIRA, Slack and Bitbucket
• Defined Amazon AWS security requirements) to put strong safeguards in place to protect customer privacy
AWS, Office 365, Jira, Operations, Cloud, Information Security, Management, Compliance, Cloud services, Security, Confluence, ISO27001, Development, Office, Amazon, Organization
2015 - 2016
temp
Information Security Risk Manager
HSBC GLOBAL BANKING & MARKETS.
• Oversaw initiatives and security improvements of remaining projects pre-transformation using lessons learnt and best practice
• Developed the second line of defence (2LOD) information security risk process and governance, including deliverables and reporting
• Managed 2LOD transformation coordination activity, including collating risks and improving team productivity and communications
• Developed the second line of defence (2LOD) information security risk process and governance, including deliverables and reporting
• Managed 2LOD transformation coordination activity, including collating risks and improving team productivity and communications
Information Security, Security, Transformation, Manager
2014 - 2014
job
Senior Business Information Security Officer (EMEA)
BANK OF AMERICA MERRILL LYNCH.
• Reported to the Global BISO and EMEA RISO to oversee risk management and security global markets division
• Implemented the BISO operating model across the Global Banking and Markets business and the technology infrastructure
• Led the information security risk consulting team based in London and Chester
• Implemented the BISO operating model across the Global Banking and Markets business and the technology infrastructure
• Led the information security risk consulting team based in London and Chester
Information Security, Consulting, Risk Management, Management, Technology, Security, Banking, Infrastructure, LED
2012 - 2014
temp
Multiple Contract Roles- Senior Information Security & Technology Risk Specialist
• Provided consultancy to a range of organisations in the management of information security resources and risks
• Facilitated security assessment, information security program development and information security transformation management
Client Engagements
LV - Information Security Transformation Manager (10 months)
• Reviewed current operations and priorities to develop and implement a standard operating model and risk assessment process
• Created the action plan for information security management, including leading a team and management for the Head of InfoSec
Grant Thornton (2 months)
• Carried out a comprehensive Data Protection Act compliance security review to ensure compliance requirements being met
London Metals Exchange (5 months)
• Developed security policies and security governance framework to optimise limited security resources
BP - Oil & Gas Trading Division (2 months)
• Conducted historical risk analysis to identify trends and create themes for remediation as well as action plans to mitigate future risk
• Facilitated security assessment, information security program development and information security transformation management
Client Engagements
LV - Information Security Transformation Manager (10 months)
• Reviewed current operations and priorities to develop and implement a standard operating model and risk assessment process
• Created the action plan for information security management, including leading a team and management for the Head of InfoSec
Grant Thornton (2 months)
• Carried out a comprehensive Data Protection Act compliance security review to ensure compliance requirements being met
London Metals Exchange (5 months)
• Developed security policies and security governance framework to optimise limited security resources
BP - Oil & Gas Trading Division (2 months)
• Conducted historical risk analysis to identify trends and create themes for remediation as well as action plans to mitigate future risk
Operations, Exchange, Information Security, Management, Compliance, Technology, Security, Transformation, Security Assessment, Data protection, Development, Assessment, Risk analysis, Framework, Manager
2010 - 2011
job
Director & Regional Head of Information Security - EMEA
SOCIETE GENERALE CIB.
• Implemented a regional information security program including Risk Consultants, Technology Compliance and project teams
• Oversaw all policies and standards, risk assessments, information protection projects and supplier security
• Reported directly to the EMEA CIO and Global CISO, Liaised with UK and EMEA COOs, Legal, Compliance and Audit
• Covered 13 EMEA counties and emerging markets for business units and application development teams
• Managed projects end-to-end, including budget management, coordinating personnel and resource management
• Oversaw all policies and standards, risk assessments, information protection projects and supplier security
• Reported directly to the EMEA CIO and Global CISO, Liaised with UK and EMEA COOs, Legal, Compliance and Audit
• Covered 13 EMEA counties and emerging markets for business units and application development teams
• Managed projects end-to-end, including budget management, coordinating personnel and resource management
Budget, Audit, Information Security, Management, Compliance, Technology, Security, Resource management, Development, CIO, Audit
2009 - 2010
job
Technology Risk Manager - Technology Services
Xchanging.
• Developed of a risk management policy, framework and procedure for technology risk and enterprise risk management
• Establishment risk governance, risk registers and risk reporting to enable the company to benefit from change
• Facilitated workshops to educate teams and senior management on the risk process, and define concepts for systematic risks
• Consistently adhered to compliance regulations ISO27001 technology controls
• Establishment risk governance, risk registers and risk reporting to enable the company to benefit from change
• Facilitated workshops to educate teams and senior management on the risk process, and define concepts for systematic risks
• Consistently adhered to compliance regulations ISO27001 technology controls
Risk Management, Management, Compliance, Technology, Workshops, ISO27001, Enterprise, Framework, Manager
2007 - 2009
job
Technology Risk Services Manager
GOLDMAN SACHS.
• Designed the services management program, technology risk reporting and program governance best practice
• Developed, implemented and operated a risk management framework, registers, collection and technology oversight process
• Control assessment for IT services prior to transition to offshore services company in Bangalore
• Developed, implemented and operated a risk management framework, registers, collection and technology oversight process
• Control assessment for IT services prior to transition to offshore services company in Bangalore
Risk Management, Management, Technology, It, Offshore, Assessment, Framework, Manager
2000 - 2007
job
Head of Information Security Europe
GOLDMAN SACHS.
• Established, developed and managed a risk based application and infrastructure security program within the global CISO
• Controlled the project budget and had oversight responsibility for teams and initiatives
• Developed and operated the risk assessment processes, maintained SoX compliance for information security
• Recruited the UK InfoSec team and the initial InfoSec role in India
• Worked with IT support teams to implement improved controls across the infrastructure including to improve remediation times
• Managed strong relationships with legal, compliance and HR as well as global teams based in NY, Tokyo and Hong Kong
• Successfully managed BCP planning team and testing during the period 2004 and 2005
• Developed a program of activities to identify and deploy IDS, compliance tools, Network VA tools and external SOC facilities
• Mitigated technology related risks using patch tracking tools, data analysis tools and system & user misuse tools
• Created a global virtual engineering and threat response team, including developing resources to identify rogue activity
• Selected appropriate products, vendors and solutions for behaviour analysis, remote access and privilege management controls
• Further solutions included Symantec, Archer, McAfee, Qualys, Arbor, Intellitactics, AppSec, ISS
• Controlled the project budget and had oversight responsibility for teams and initiatives
• Developed and operated the risk assessment processes, maintained SoX compliance for information security
• Recruited the UK InfoSec team and the initial InfoSec role in India
• Worked with IT support teams to implement improved controls across the infrastructure including to improve remediation times
• Managed strong relationships with legal, compliance and HR as well as global teams based in NY, Tokyo and Hong Kong
• Successfully managed BCP planning team and testing during the period 2004 and 2005
• Developed a program of activities to identify and deploy IDS, compliance tools, Network VA tools and external SOC facilities
• Mitigated technology related risks using patch tracking tools, data analysis tools and system & user misuse tools
• Created a global virtual engineering and threat response team, including developing resources to identify rogue activity
• Selected appropriate products, vendors and solutions for behaviour analysis, remote access and privilege management controls
• Further solutions included Symantec, Archer, McAfee, Qualys, Arbor, Intellitactics, AppSec, ISS
Risk Management, Management, Technology, It, Offshore, Assessment, Framework, Manager
1997 - 2000
job
Regional Head, Information Security (Europe)
DEUTSCHE BANK.
• Implemented and maintained the UK Security group (32 staff) working with the global teams and CISO
• Managed the European security program development and operations.
• Implemented risk based security consulting for the Business and Technology
• Provided presentations, reports and proposals to CTO, CIO and COO.
• Managed the European security program development and operations.
• Implemented risk based security consulting for the Business and Technology
• Provided presentations, reports and proposals to CTO, CIO and COO.
Operations, Information Security, Consulting, Technology, Security, Cto, Development, CIO
1997 - 1997
job
Technology Auditor
JP Morgan.
Technology
1995 - 1997
job
Assistant Manager (IT Security)
N M Rothschild & Sons Ltd.
Security, It, Manager
Andy's reviews
Andy has not received any reviews on Worksome.
Contact Andy Bebbington
Worksome removes the expensive intermediaries and gives you direct contact with relevant talent.
Create a login and get the opportunity to write to Andy directly in Worksome.
are ready to help you
and get specific bids from skilled talent in Denmark