I work in technology risk, governance, and compliance, with an interest in how organisations design and operate their technology and security risk management systems.
My background spans both the public and private sectors, supporting national and international organisations in the development, assessment, and operation of information security management systems.
I am interested in how control frameworks function in practice, how risk is interpreted across institutions, and how decision-making changes as systems grow in scale and complexity.
Areas of focus
- Information security governance and risk management
- Design and assessment of information security management systems
- Audit, assurance, and control effectiveness
- Technology risk
- Regulatory requirements
- Privacy engineering and data protection considerations
Background
- Fifteen years working across public and private sector environments
- Experience supporting large, complex organisations with international footprints