$$$$
{{ $t($store.state.user.experience_value_in_dollars) }}
Expert
{{ $t($store.state.user.experience_search_name) }}
0
jobs
Infromation Security - GRC - Consultant
Lee Clayton
,
Shavington, United Kingdom
Experience
Other titles
Skills
I'm offering
A Senior Information Security Consultant with over 15 years experience in the security sector. A committed and versatile security professional with proven success in a range of roles at both an operational and strategic level in complex, high profile organisations. A key team player with a proven ability to lead on multiple and broad ranging projects. Dedicated to building cross-cultural rapport and maintaining pivotal relationships. A proactive reliable and focused individual with a balanced international perspective.
Markets
United Kingdom
Industries
Language
English
Fluently
Ready for
Larger project
Ongoing relation / part-time
Full time contractor
Available
My experience
2020 - ?
job
Security Policy Manger- GRC
wejo.
Manage the company security policy management processes in keeping with regulation and internal policy requirements.
Responsibilities:
• Ownership of the development and maintenance of the security policy process
• Active monitoring of the regulatory and legislative security and compliance landscape to ensure all future obligations and regulation are captured
• Promulgation of security policies to the business as a whole, in an appropriate format for key stakeholders
• Active liaison with key stakeholders to ensure understanding of the implications of security policies
• Periodic formal review and continuous improvement of the security policies
• Active consultation and development of policies with key focus groups as well as internal and external stakeholders
• Assist in implementing and maintaining our Information Security Management System and compliance with ISO 27001
Responsibilities:
• Ownership of the development and maintenance of the security policy process
• Active monitoring of the regulatory and legislative security and compliance landscape to ensure all future obligations and regulation are captured
• Promulgation of security policies to the business as a whole, in an appropriate format for key stakeholders
• Active liaison with key stakeholders to ensure understanding of the implications of security policies
• Periodic formal review and continuous improvement of the security policies
• Active consultation and development of policies with key focus groups as well as internal and external stakeholders
• Assist in implementing and maintaining our Information Security Management System and compliance with ISO 27001
Continuous improvement, Information Security, Management, Compliance, Security, ISO 27001, Monitoring, Development, Regulatory, Processes
2019 - ?
freelance
Senior Information Security Consultant- GRC
The Hut Group Dates.
Senior Information Security Consultant within the Governance Risk and Compliance team. Tasked with operating and improving Information Security Governance, Risk and Compliance processes including the following activities and projects:
● Development & implementation of THGs third-party supplier assurance program, creating a more mature end to end process, which now involves infosec, procurement, finance and other key stakeholders during onboarding, and/or periodic reviews, and involves vendor prioritisation, initial internal risk assessment, risk reporting and recommendations following a vendor completed security questionnaire (aligned to ISO27001 controls).
● Improving and Managing the organisations PCI DSS compliance program to ensure level one compliance is achieved.
● Supported the GRC teams efforts throughout implementation of ISO27001 certification
● Provide advice and guidance on information security risks to internal stakeholders
● Provide support, mentoring and technical guidance to junior team members
● Development & implementation of THGs third-party supplier assurance program, creating a more mature end to end process, which now involves infosec, procurement, finance and other key stakeholders during onboarding, and/or periodic reviews, and involves vendor prioritisation, initial internal risk assessment, risk reporting and recommendations following a vendor completed security questionnaire (aligned to ISO27001 controls).
● Improving and Managing the organisations PCI DSS compliance program to ensure level one compliance is achieved.
● Supported the GRC teams efforts throughout implementation of ISO27001 certification
● Provide advice and guidance on information security risks to internal stakeholders
● Provide support, mentoring and technical guidance to junior team members
Mentoring, Procurement, Information Security, Governance Risk and Compliance, Onboarding, Finance, Compliance, Security, ISO27001, Implementation, Support, Development, Assessment, Processes
2016 - 2019
job
Information Security Auditor
NCC Group Dates.
Location: World wide
● Four months as Trusted Adviser for JCB providing advice and consultancy on a wide range of projects including:
Third party supplier assurance, Cloud migration, policy and procedure review, Penetration test and vulnerability scan report reviews and management of associated remediation.
● Maintained a role as an approved PCI CP auditor delivering Payment Card Scheme Compliance Audits for MasterCard, American Express and China Union Pay.
● Provided audit and consultancy services for GSMA Subscription Management vendors
● Conducting Data Mapping workshops as part of GDPR compliance services
● Consulting on data centre security to ensure compliance with the above payment schemes
● Post audit, produce an in depth report highlighting any non- compliance findings and or recommendations.
● Audits and consultancy include comprehensive review of:
● Firewall rule sets and configurations
● Vulnerability scan and penetration test reports
● Network architecture
● System logs and system configurations
● Network and System security
● Cryptographic Key Management and Key lifecycle
● Four months as Trusted Adviser for JCB providing advice and consultancy on a wide range of projects including:
Third party supplier assurance, Cloud migration, policy and procedure review, Penetration test and vulnerability scan report reviews and management of associated remediation.
● Maintained a role as an approved PCI CP auditor delivering Payment Card Scheme Compliance Audits for MasterCard, American Express and China Union Pay.
● Provided audit and consultancy services for GSMA Subscription Management vendors
● Conducting Data Mapping workshops as part of GDPR compliance services
● Consulting on data centre security to ensure compliance with the above payment schemes
● Post audit, produce an in depth report highlighting any non- compliance findings and or recommendations.
● Audits and consultancy include comprehensive review of:
● Firewall rule sets and configurations
● Vulnerability scan and penetration test reports
● Network architecture
● System logs and system configurations
● Network and System security
● Cryptographic Key Management and Key lifecycle
Compliance, Audit, Express, China, Data mapping, Workshops, Security, Network, Architecture, Audit, Firewall, Test, Management, Consulting, GDPR Compliance, GDpr, Information Security, Cloud
2013 - 2016
freelance
Security Consultant
Convergent Risks Group Dates.
Location: World wide
● Providing Security Consultancy and Operational Requirements on major projects involving UK critical national infrastructure sites for National Grid
● Creating Technical Specifications and procedural documents and conducting Health checks across UK National Grid sites
● Lead auditor on a number of audit and compliance projects within the media supply chain. Audits include governance, physical and Information security systems.
● Producing in depth reports which are fed back to major motion picture clients such as Universal, Lionsgate, Disney and Sony.
● Defining minimum security requirements and best practices to be adopted by vendors
● Consult with clients throughout the reporting process in order to reduce the risks to assets.
● Providing Security Consultancy and Operational Requirements on major projects involving UK critical national infrastructure sites for National Grid
● Creating Technical Specifications and procedural documents and conducting Health checks across UK National Grid sites
● Lead auditor on a number of audit and compliance projects within the media supply chain. Audits include governance, physical and Information security systems.
● Producing in depth reports which are fed back to major motion picture clients such as Universal, Lionsgate, Disney and Sony.
● Defining minimum security requirements and best practices to be adopted by vendors
● Consult with clients throughout the reporting process in order to reduce the risks to assets.
Audit, Information Security, Compliance, Security, Infrastructure, Health, Audit
2012 - 2013
job
TEAM LEADER
Garda World Dates.
Location: Iraq
● Ensure full HSSE compliance in accordance with BP oilfield minimum standards
● Provide security analysis and Risk reports on oil and gas sites
● Provide armed escort and protection for Slumberger personnel
● Conduct Mission planning and team training for a team of local Iraqis
● Ensure full HSSE compliance in accordance with BP oilfield minimum standards
● Provide security analysis and Risk reports on oil and gas sites
● Provide armed escort and protection for Slumberger personnel
● Conduct Mission planning and team training for a team of local Iraqis
Training, Compliance, Security, Oil and Gas
2011 - 2012
job
TEAM LEADER/ASSISTANT OPS MANAGER
Edinburgh International Dates.
Location: Iraq
● Tasked to ensure all teams are compliant with BP HSE Policy
● Provide security analysis and HSE reports on oil and gas sites
● Provide armed escort and protection for various commercial clients
● Conduct Mission planning and team training for a team of expats and local national Iraqis.
● Tasked to ensure all teams are compliant with BP HSE Policy
● Provide security analysis and HSE reports on oil and gas sites
● Provide armed escort and protection for various commercial clients
● Conduct Mission planning and team training for a team of expats and local national Iraqis.
Training, Security, Oil and Gas, Manager
2008 - 2010
job
TEAM MEMBER/TEAM MEDIC
Aegis Dates.
Location: Iraq
● Provide personnel security for United States corps of engineers whilst visiting project sites
● Conduct site progress assessments and produce reports for high level management review, ensuring timely and accurate information was disseminated.
● Provide medical cover whilst on project sites
● Conduct medical training for team members and clients
● Provide personnel security for United States corps of engineers whilst visiting project sites
● Conduct site progress assessments and produce reports for high level management review, ensuring timely and accurate information was disseminated.
● Provide medical cover whilst on project sites
● Conduct medical training for team members and clients
Training, Management, Security
1999 - 2007
job
Various Dates
British Army.
Location: Various
Awards: General Service Medal 1962 Northern Ireland, Iraq Campaign Medal Clasp, Operational Service Medal Afghanistan, NATO Campaign Medal Afghanistan Clasp.
Awards: General Service Medal 1962 Northern Ireland, Iraq Campaign Medal Clasp, Operational Service Medal Afghanistan, NATO Campaign Medal Afghanistan Clasp.
Service, Campaign
Lee's reviews
Lee has not received any reviews on Worksome.
Contact Lee Clayton
Worksome removes the expensive intermediaries and gives you direct contact with relevant talent.
Create a login and get the opportunity to write to Lee directly in Worksome.
38100+ qualified freelancers
are ready to help you
Tell us what you need help with
and get specific bids from skilled talent in Denmark