$$$$
{{ $t($store.state.user.experience_value_in_dollars) }}
Expert
{{ $t($store.state.user.experience_search_name) }}
0
jobs
Cyber Security Professional
Steve Murphy
,
East Grinstead, United Kingdom
Experience
Other titles
Skills
I'm offering
I am a pragmatic, strategic, delivery focused Security Professional with 20+ years’ experience in cyber security transitions, security strategy, risk management, compliance management and security architecture. A results-oriented professional with a strong background in Security and Risk with demonstrable delivery of security requirements for COO’s, CSO’s, CISO’s and CIO’s. Recognized for my collaborative style, proactive, approach and keen ability to effectively translate complex security concepts into tangible action plans. A proven leader with a strong professional presence, capable of blending big-picture viewpoints with tactical considerations to inspire, build trust and mitigate risk to an acceptable level.
Markets
United Kingdom
Links for more
Once you have created a company account and a job, you can access the profiles links.
Industries
Language
English
Fluently
Ready for
Larger project
Ongoing relation / part-time
Full time contractor
Available
My experience
2018 - 2020
freelance
Cyber Security Consultant
AXA-PPP Healthcare.
UK
• Lead Security & Risk Consultant for AXA International SecDevOps initiation and governance
• Lead Security & Risk Consultant for AXA completing Third Party Due Diligence reviews of all AXA Suppliers and compiling risk assessments of the suppliers
• Delivering compliance with GDPR, DPA, PCI-DSS and ISO 27001 across all assigned projects.
• Sec Dev Ops input where required within an organisation starting its agile approach, ensuring security is addressed correctly in all components of the CI/CD pipelines being developed
• Management of internal and external ISO Audits
• Completing Third Party Due Diligence risk assessments via questionnaires, Site Visits and Conference calls, helping to educate relationship managers in how to manage risks arising from the assessments
• Ad-hoc security work as and when required by the business
• Lead Security & Risk Consultant for AXA International SecDevOps initiation and governance
• Lead Security & Risk Consultant for AXA completing Third Party Due Diligence reviews of all AXA Suppliers and compiling risk assessments of the suppliers
• Delivering compliance with GDPR, DPA, PCI-DSS and ISO 27001 across all assigned projects.
• Sec Dev Ops input where required within an organisation starting its agile approach, ensuring security is addressed correctly in all components of the CI/CD pipelines being developed
• Management of internal and external ISO Audits
• Completing Third Party Due Diligence risk assessments via questionnaires, Site Visits and Conference calls, helping to educate relationship managers in how to manage risks arising from the assessments
• Ad-hoc security work as and when required by the business
Agile, GDpr, Due Diligence, Management, Compliance, Security, ISO 27001, Organization, International, CI / CD
2017 - 2018
freelance
Digital Risk and Security Consultant
BP Ltd.
UK
• Lead Security & Risk Consultant for the BP Modernisation and Transformation Programme
• Key member of the BP M&T Security Governance group responsible for alignment of the security strategies with the programmes business requirements, current laws and regulations
• Integral role in defining/assessing security strategy, architecture, practices, standards & policies
• Lead Security Architect for various security projects, across the BP M&T Portfolio for all agile implementations which meant aligning the waterfall security process successfully into a DevOps CI/CD pipeline
• Develop/align security solutions with defined business, technology, threat and client requirements
• Manage compliance with the security requirements of BP & other programmes
• Devise security architecture templates, standards, procedures for security capabilities leverage
• Threat modelling of BP Cloud Architecture and other services related to risk, data and industry drivers
• Validate BP IT infrastructure for security best practices, recommending changes to reduce risk
• Security risk assessments of supplier/partner security design and the sharing of intellectual property/data
• Ensure audit reports flag up any security deficiencies & follow appropriate escalation procedure
• Perform security impact assessments of programme change requests and potential solutions
• Efficient IT budget management, defining KPIs to ensure optimised use of all resources
• Lead Security & Risk Consultant for the BP Modernisation and Transformation Programme
• Key member of the BP M&T Security Governance group responsible for alignment of the security strategies with the programmes business requirements, current laws and regulations
• Integral role in defining/assessing security strategy, architecture, practices, standards & policies
• Lead Security Architect for various security projects, across the BP M&T Portfolio for all agile implementations which meant aligning the waterfall security process successfully into a DevOps CI/CD pipeline
• Develop/align security solutions with defined business, technology, threat and client requirements
• Manage compliance with the security requirements of BP & other programmes
• Devise security architecture templates, standards, procedures for security capabilities leverage
• Threat modelling of BP Cloud Architecture and other services related to risk, data and industry drivers
• Validate BP IT infrastructure for security best practices, recommending changes to reduce risk
• Security risk assessments of supplier/partner security design and the sharing of intellectual property/data
• Ensure audit reports flag up any security deficiencies & follow appropriate escalation procedure
• Perform security impact assessments of programme change requests and potential solutions
• Efficient IT budget management, defining KPIs to ensure optimised use of all resources
Compliance, CI / CD, UP, Audit, Infrastructure, Transformation, It, Security, Architecture, Design, Technology, Management, Cloud, It infrastructure, Agile, Audit, DevOps, Budget
2015 - 2017
freelance
Lead Security Architect
EDF Energy Ltd.
UK
• Lead Security Architect for the EDF Energy SMART Metering solution, and devised SMART metering security architecture by liaising with EDF business owners, SMART security manager, internal & internal regulators, fulfilling both internal & external requirements
• Key member of the EDF Security Governance group responsible for alignment of the security strategies with the company's business requirements, and current laws and regulations
• As Lead Security Architect developed & implemented EDF Cloud Security Framework and Enterprise Security Architecture logical and technical pattern blueprints
• Led the defining of security strategy, architecture, practices and standards & policies
• Develop and aligned security solutions with defined business, technology, threat and client requirements
• Manage compliance with security requirements of the Smart Energy Code and other programmes
• Devise security architecture templates, standards, procedures for security capabilities leverage
• Threat modelling of EDF Cloud Architecture and other services related to risk, data, industry drivers
• Validate IT infrastructure for security best practices, recommending changes to reduce risk
• Security risk assessments of supplier/partner security design, sharing intellectual property/data
• Interface for stakeholder communications regarding business & regulatory aspects related to programme security whilst emphasizing compliance with Smart Security
• Ensure audit reports flag up any security deficiencies & follow appropriate escalation procedure
• Perform security impact assessments of programme change requests and potential solutions
• Efficient IT budget management, defining KPIs to ensure optimised use of all resources
• Lead Security Architect for the EDF Energy SMART Metering solution, and devised SMART metering security architecture by liaising with EDF business owners, SMART security manager, internal & internal regulators, fulfilling both internal & external requirements
• Key member of the EDF Security Governance group responsible for alignment of the security strategies with the company's business requirements, and current laws and regulations
• As Lead Security Architect developed & implemented EDF Cloud Security Framework and Enterprise Security Architecture logical and technical pattern blueprints
• Led the defining of security strategy, architecture, practices and standards & policies
• Develop and aligned security solutions with defined business, technology, threat and client requirements
• Manage compliance with security requirements of the Smart Energy Code and other programmes
• Devise security architecture templates, standards, procedures for security capabilities leverage
• Threat modelling of EDF Cloud Architecture and other services related to risk, data, industry drivers
• Validate IT infrastructure for security best practices, recommending changes to reduce risk
• Security risk assessments of supplier/partner security design, sharing intellectual property/data
• Interface for stakeholder communications regarding business & regulatory aspects related to programme security whilst emphasizing compliance with Smart Security
• Ensure audit reports flag up any security deficiencies & follow appropriate escalation procedure
• Perform security impact assessments of programme change requests and potential solutions
• Efficient IT budget management, defining KPIs to ensure optimised use of all resources
It, UP, Manager, LED, Framework, Enterprise, Energy, Regulatory, Infrastructure, Design, Security, Architecture, Compliance, Technology, Management, Cloud, It infrastructure, Audit, Budget
2014 - 2015
job
Global IS Security Manager
Tullow Oil.
UK
• Minimised Cyber Security Threats to the production of Oil through design & delivery of the £2.2m Industrial Control System (ICS) security for the Floating Production Storing Offloading (FPSO) vessels
• Delivered £2.5m cyber security portfolio comprising of privileged access management, identity access management, data loss prevention, SIEM and SOC enhancement
• Defined information security blueprint for the next 3-5 years (DLP, IAM, Cyber Risk, ICS, network & platform secure builds) across 27 countries, meeting local & international security obligations
• Identified requirements of different security regulators and implemented measures for compliance
• Ensured efficient change programme management due to changing priorities and requirements
• Reduced company risk by providing guidance on technical & process changes
• Devised and implemented robust escalation procedures for the resolving of security issues
• Reported industrial control systems in place to mitigate cyber threats
• Supported, advised and communicated security regulation changes relevant to the business
• Managed POC's for IAM & DLP products for evaluations - network appliance DLP/endpoint DLP
• Liaised with business stakeholders to tailor risk mitigation strategies to information security risk
• Provided Security Architectural input to IT designs on Wintel, Cloud, Linux & network infrastructure ensuring compliance with strategic security architecture, risk mitigation & policy
• Ensured external partners complied with Tullow standards via due diligence process
• Minimised Cyber Security Threats to the production of Oil through design & delivery of the £2.2m Industrial Control System (ICS) security for the Floating Production Storing Offloading (FPSO) vessels
• Delivered £2.5m cyber security portfolio comprising of privileged access management, identity access management, data loss prevention, SIEM and SOC enhancement
• Defined information security blueprint for the next 3-5 years (DLP, IAM, Cyber Risk, ICS, network & platform secure builds) across 27 countries, meeting local & international security obligations
• Identified requirements of different security regulators and implemented measures for compliance
• Ensured efficient change programme management due to changing priorities and requirements
• Reduced company risk by providing guidance on technical & process changes
• Devised and implemented robust escalation procedures for the resolving of security issues
• Reported industrial control systems in place to mitigate cyber threats
• Supported, advised and communicated security regulation changes relevant to the business
• Managed POC's for IAM & DLP products for evaluations - network appliance DLP/endpoint DLP
• Liaised with business stakeholders to tailor risk mitigation strategies to information security risk
• Provided Security Architectural input to IT designs on Wintel, Cloud, Linux & network infrastructure ensuring compliance with strategic security architecture, risk mitigation & policy
• Ensured external partners complied with Tullow standards via due diligence process
Design, Linux, Cloud, Information Security, Due Diligence, Management, Compliance, Architecture, Security, Network, It, Infrastructure, International, Production, Access management, Manager
2008 - 2014
job
Lead Architect
Lloyds Banking Group.
UK
• Delivered one of the biggest & most complex security integrations of 30.6m Halifax and Bank of Scotland customer accounts with balances of £127bn onto Lloyds Banking Group systems
• Responsible for all security domains, I&AM, application security, privacy security, compliance, infrastructure security and business continuity
• Acted as security design authority, guaranteeing security delivery from design to implementation by liaising with solution architects, business risk functions & service engineers
• Produce high level security design work and compliance documentation for large projects - including standards, policies and patterns across multiple platforms, solutions and technologies (Wintel to mainframe as well as public and internal facing web solutions)
• Created or updated bank standards outdated by new technologies or threats, using NIST, NSA, SANS and OWASP as the primary validation reference for the appropriateness of the updates
• Utilised frameworks ISO 27001, ISO31000, NIST and other industry standard best practices for managing Information Security
• Complied with comprehensive governance model for all work
• Delivered one of the biggest & most complex security integrations of 30.6m Halifax and Bank of Scotland customer accounts with balances of £127bn onto Lloyds Banking Group systems
• Responsible for all security domains, I&AM, application security, privacy security, compliance, infrastructure security and business continuity
• Acted as security design authority, guaranteeing security delivery from design to implementation by liaising with solution architects, business risk functions & service engineers
• Produce high level security design work and compliance documentation for large projects - including standards, policies and patterns across multiple platforms, solutions and technologies (Wintel to mainframe as well as public and internal facing web solutions)
• Created or updated bank standards outdated by new technologies or threats, using NIST, NSA, SANS and OWASP as the primary validation reference for the appropriateness of the updates
• Utilised frameworks ISO 27001, ISO31000, NIST and other industry standard best practices for managing Information Security
• Complied with comprehensive governance model for all work
Design, Information Security, Service, Compliance, Banking, Security, Mainframe, Implementation, ISO 27001, Infrastructure, Web, Patterns
2002 - 2004
freelance
Security Architect & Deployment Consultant
BNP Paribas.
Deployment, Security
2001 - 2002
job
Security/Network Manager
Bank of East Asia.
Security, Network, Manager
2000 - 2001
job
Security/Infrastructure Manager
Mesania.com.
Security, Infrastructure, Manager
1999 - 2000
freelance
Exchange Consultant
MAN Investment Products.
Exchange
1998 - 1999
freelance
NT Consultant, Gatton
Volt Group.
My education
2007
-
?
ISC2
Certified Information Systems Security Professional, Information Security
Certified Information Systems Security Professional, Information Security
Steve's reviews
Steve has not received any reviews on Worksome.
Contact Steve Murphy
Worksome removes the expensive intermediaries and gives you direct contact with relevant talent.
Create a login and get the opportunity to write to Steve directly in Worksome.
are ready to help you
and get specific bids from skilled talent in Denmark