 Providing expert information security and architecture consultancy and services.  Amazon Web Services (AWS) Cloud Architecture Security Architecture Technical Architecture Cloud Security Application Security Data Security & Privacy Threat & Vulnerability Management Threat Modelling MITRE ATT&CK Identity & Access Management JML Processes Configuration Management Security Assurance Risk Management Secure by Design Zero Trust Architecture Defense-in-Depth High Availability BCP/DR Security Event Management Security Monitoring Process Improvement Security Policy Compliance ISO 27001 GDPR PCI-DSS PSN CSA Project Management Third Party and Vendor Management

 Working directly with CxO and reporting directly into the CIO/CISO providing expert cybersecurity and architecture advice and direction.  Designed and delivered a global cloud, network, infrastructure and security architecture for a start-up crypto exchange platform, compliant with CCSS, ISO27001 and PCI-DSS and aligned with the NCSC, CSA and ZTA security principles.  Designed and delivered best practice and recommended security controls, e.g. threat and vulnerability management, configuration management, asset management, malware protection, IDS/IPS, network segmentation, security information event management and monitoring.  Designed and delivered a private, highly-secure trading environment allowing for secure remote access to trading applications and services.  Designed and delivered a global enterprise virtual desktop infrastructure (VDI) estate enabling secure access to corporate and operational systems and applications.  Designed and delivered a penetration testing and co

 Lead security platform architect and consultant providing guidance, governance and assurance for multiple workstreams including cloud migrations and hosting, cloud architecture, information security and compliance, including ISO 27001, Cloud Security Alliance (CSA CCM), GDPR, PCI-DSS, Public Services Network (PSN), Code of Connection (CoCo).  Provided architectural guidance, assurance, conducted risk assessments, third-party assurance, threat modelling using MITRE ATT&CK frameworks, defined security control sets including MVPs and non-functional requirements for multiple applications and services hosted in AWS for several projects including:  Restructuring of PSN services in AWS. Defined and delivered the solution architecture, security, and non-functional requirements.  Data analytics platform delivery in AWS capable of hosting highly sensitive data (OFFICIAL-SENSITIVE).  Intranet platform (SaaS) delivery to improve internal communication and collaboration capabilities. Executed

 Collaborated with the COO and Group Security teams in delivering Cybersecurity services globally.  Served as the Lead architect for Identity Management and Privileged Access/User Management across the global group and Member of the Change Advisory Board (CAB) providing information security subject matter expertise and assurance to projects across the Inmarsat business, including China and India.  Spearheaded assurance and governance of solution architectures and designs proposed for changes to the estate and to the enterprise architecture.  Interviewed business units, gathered functional and non-functional requirements, analysed current and target states, and performed role-based access control, Joiners-Movers-Leavers process capture and improvement, birth-right application identification and documented data security requirements.  Delivered the security architecture, target operating model, and security controls for Inmarsat Aviation's Classic Aero, SwiftBroadBand Safety, SwiftB

 Lead security architect for GDPR compliance programme. Analysed the current state of the application estate in scope of GDPR, reviewed data security and privacy, incident management and response policies and processes. Provided analysis and requirements from UK compliance and law.  Analysed business processes (Joiners, Movers and Leavers) to document PII data flow through the application landscape on the JM estate.  Conducted gap analysis, risk assessments, process reviews and delivered recommendations and remediations for GDPR compliance for on-premise systems, public cloud services (AWS and Azure), Office 365, document management, data privacy, protection and handling.  Influenced JM enterprise architecture group, advising, reviewing and approving architectural changes impacting the group and the organisation. Steered assurance and governance of solution architectures and designs being proposed for changes to the estate and to the enterprise architecture.  Led the design, deliv

 Supported the OneIT technology transformation programme collaboratively with the COO and Group Security delivery team to provide Cybersecurity services across the company.  Provided assurance and governance of solution architectures and designs proposed for changes to the estate and to the enterprise architecture.  Delivered the security architecture, target operating model, and security controls for Inmarsat's Classic Aero, SwiftBroadBand Safety, Enhanced SwiftBroadBand Safety (Airbus LCS) and IRIS Pre-cursor platforms enabling secure high-speed global avionic communications, working with the Inmarsat Aviation Business Unit, the European Space Agency, third-party vendors and system integrators.  Conducted formal risk assessments, vulnerability analysis, remediation and risk treatment planning for Inmarsat's Classic Aero, SB-Safety and European Aviation Network platforms and services.  Delivered security architectures, frameworks, principles, processes, design patterns and requir

 Delivered high and low-level solution architecture and designs for several network, security and infrastructure projects.  Deployed a centralised SIEM cloud solution design across the JS estate. Delivered pre-production and production solution designs and pre-requisites such as firewall rulesets and client packaging.

 Lead security architect and subject matter expert (SME) delivering the conceptual design, solution design and requirements analysis for an antimalware protection and detection project as part of the CyberSecurity Programme. The solution provides antimalware protection across network, web and endpoints integrated with Threat Intelligence and Advanced Threat Protection and forensic sandboxing capabilities.  Lead security architect delivering the conceptual design, solution design and requirements analysis for a data loss prevention (DLP) solution as part of the CyberSecurity Programme, providing web and endpoint data loss prevention capability across 40,000 endpoints.  Assessed the current state and developed the target state architectures for malware detection and protection and data loss prevention (DLP) capabilities across all NBS networks, web and endpoints.  Conducted risk assessments for malware and data loss prevention threats using the IRAM2 methodology. Identified assets un

 Lead PCI-DSS Programme architect delivering Level 0, 1 and 2 level network, and system and data flow diagrams required for PCI-DSS v3.1 accreditation for an estimated 2500 server estate.  Mapped and modelled technical and application architecture for TP Group retail and eCommerce systems. Maintenance of the EA repository for PCI-DSS systems. Card data environment discovery, e.g., on premise, datacentres, retail stores, cloud (AWS).  Identified Security Information Event Management (SIEM) & File Integrity Monitoring (FIM) scope for PCI v3.1 compliance.

 Delivered design principles and blueprints to be re-used across UK government enabling departments to optimally utilise required IT services, e.g. Internet, PSN connectivity, WAN connectivity, Wi-Fi.  Discovery of business requirements through interviews and workshops with UK government departments, e.g., DoH, DoT and Defra.