Summary
Work History
Education
Skills
Affiliations
Certification
KEY ACHIEVEMENTS SNAPSHOT
LEADERSHIP AND GOVERNANCE
AVAILABILITY
EDUCATION AND CERTIFICATIONS
AISA GRC Professional 2017
Timeline
background-images

AM FN AM LN

Perth,Australia

Summary

Cyber Security Assurance Leader with over 15 years of experience driving governance, risk and compliance uplift across a complex higher-education environment. Recognised as a trusted advisor to senior executives, defence, academic & research stakeholders, delivering measurable improvements in cyber maturity, privacy, secure research enablement, and ISO 27001-certified assurance outcomes. Skilled in interpreting strategy into operational frameworks, embedding compliant-by-design practices, and strengthening organisational resilience through proactive risk treatment and controls assurance. Experience includes leading cyber security assurance, risk management, regulatory compliance (including DISP , SOCI Act, PRIS context), audit programs, control frameworks and secure research environments. Experienced in developing risk reporting, cyber performance metrics, and governance dashboards for executive consumption. Frequently performs Acting CISO duties, supporting high-level decision-making, executive committee engagement and incident escalation leadership.

Work History

Cyber Security Assurance Lead

ABC-Org University
06.2021 - Current
  • Lead the development, governance and continual improvement of the University’s cyber security assurance and GRC capability. Provide thought leadership and trusted advisory services across cyber risk, secure research enablement, ISO27001 certification, and control governance. Collaborate with system owners, executive sponsors, government partners and IT delivery teams to protect critical information assets while enabling academic innovation.
  • Key Responsibilities
  • Maintain and uplift a certified ISO27001 Information Security Management System (ISMS) including expansion into new high-risk research domains
  • Lead cyber risk and controls assurance program including policies, standards, procedures and maturity assessment
  • Guide development of KRIs, dashboards and metrics for transparency of security posture and governance decision-making
  • Partner with government agencies, researchers, defence-aligned programs and support secure research compliance including PSPF, DISP, ISM, DGov, ASD’s ACSC requirements
  • Provide specialist advice on regulatory alignment including privacy, critical infrastructure policy and contractual requirements
  • Review technology and business initiatives to identify cyber risks and ensure compliant-by-design approaches
  • Develop uplift initiatives for GRC processes through automation, templates, reporting and guidance
  • Mentor team members and build capability across the broader cyber security function
  • Regularly act as CISO during leadership absence, interfacing with senior executives and responding to security escalations

Senior Consultant – Cyber Advisory and Security Assurance

ABC-Org University
01.2018 - 01.2021
  • Delivered advisory services to system owners and researchers on cyber risk treatment and architecture compliance
  • Supported cloud and digital transformation programs with assurance over security requirements
  • Enhanced alignment with sector-wide compliance requirements and standards

Information Security Specialist – Risk, Compliance and Audit

ABC-Org University
01.2015 - 01.2018
  • Led internal audit remediation initiatives to improve enterprise control effectiveness
  • Developed cyber awareness advisory services including secure onboarding practices for projects and vendors
  • Supported improvements to vulnerability and operational risk posture through process development and reporting

Information Security Specialist

Department of Parks and Wildlife
09.2012 - 07.2013

Contributed to security review, procurement assessments and compliance controls

  • Conducted risk assessments to identify vulnerabilities in existing information security frameworks.
  • Collaborated with cross-functional teams to ensure compliance with state and federal regulations.
  • Reviewed and updated internal policies related to information security standards and procedures regularly.
  • Consulted with team members to assess flawed root causes and plan for remediation.
  • Developed and implemented security protocols to protect sensitive data across departmental systems.

Security, Risk and Assurance Roles

Government and US Embassy environments
01.2000 - 01.2011
  • Delivered governance and risk management uplift across regulated and classified environments including US Department of State risk frameworks
  • Managed security awareness, incident response and compliance reporting
  • Oversaw identity and access controls including PKI and two-factor authentication
  • Coordinated audits and vulnerability assessments supporting enterprise risk reduction

Education

Master of Engineering - Electrical Engineering

Indian Institute of Technology, IIT
Kanpur, India

Bachelor of Engineering - Electrical And Electronics Engineering

Calicut University
Thrissur

Skills

  • Security Governance, Risk and Compliance (GRC)
  • ISO27001 Implementation and Certification
  • NIST CSF 20 Framework Alignment
  • Secure Research Enablement and DISP Readiness
  • Risk and Controls Assurance
  • Cyber Policy, Standards \, Procedures development and Controls Frameworks
  • Internal and External Audit Lead Coordination
  • GRC Platform Leadership (ServiceNow, MyCISO)
  • Executive Risk Reporting and KRIs
  • Security Culture and Awareness Uplift
  • Vendor and Third-Party Security Management(upguard)
  • Regulatory Compliance and Privacy Obligations
  • Cloud Operating Model and Process Improvement
  • Stakeholder Partnership and Engagement
  • Experience with MyCISO tools
  • ServiceNow governance, risk, and compliance
  • Experience with Upguard
  • Audit analytics expertise
  • Access control monitoring tools
  • Cybersecurity metrics evaluation

Affiliations

  • ISACA
  • (ISC)²
  • Australian Information Security Association (AISA)
  • PMI
  • SABSA
  • PECB

Certification

  • GSTRT – GIAC Strategic Planning, Policy and Leadership
  • CISM – Certified Information Security Manager
  • CISSP – Certified Information Systems Security Professional
  • CISA – Certified Information Systems Auditor
  • ISO27001 Lead Implementer
  • CDPSE – Certified Data Privacy Solutions Engineer
  • SABSA Foundation – Security Architecture
  • PMP – Project Management Professional
  • AWS Cloud Practitioner
  • SANS Cloud Security for Leaders
  • ITIL Foundation
  • Agile Foundation
  • NV1 AGSVA Security Clearance

KEY ACHIEVEMENTS SNAPSHOT

  • Improved audit performance by approximately 80%, achieving highest maturity levels and reducing high-risk findings by 85%
  • Expanded ISO27001-certified ISMS scope into 2 additional domains supporting high-value research security requirements
  • Enabled secure research growth by onboarding 5 major research projects to DISP-compliant multi-million ISMS environments, supporting more than $5M annual research revenue
  • Mapped and aligned the University-wide cyber control environment to NIST CSF 2.0, Essential 8 and enabling clearer maturity measurement and investment decisions
  • Represent cyber assurance at key University steering committees, influencing enterprise cyber risk prioritisation and controls uplift
  • Lead ServiceNow GRC capability development, Critical Assets identification and risk management, to establish improved key risk indicators, process automation and real-time reporting
  • Uplifted security policy architecture and standards to reduce operational burden and increase business adoption and compliance
  • Strengthened cyber risk communication across IT, research and corporate units, increasing accountability and risk-ownership culture
  • Lead assurance capability uplift using MyCISO and ServiceNow GRC for enhanced KRIs and real-time reporting

LEADERSHIP AND GOVERNANCE

  • Member of cyber working groups and governance committees influencing enterprise security decision-making
  • Contributor to risk reporting used at CIO/CISO governance levels
  • Trusted advisor to senior leadership, frequently performing Acting CISO responsibilities
  • Advocate for risk-aware culture and continuous improvement in cyber governance

AVAILABILITY

  • Full Australian work rights
  • NV1 AGSVA Security Clearance
  • Able to obtain additional clearances as required
  • Willing to travel and work outside core hours when needed

EDUCATION AND CERTIFICATIONS

AISA Certificate of Recognition – Cyber GRC Expert (2018)

AISA GRC Professional 2017

Write about AISA Award here

Timeline

Cyber Security Assurance Lead

ABC-Org University
06.2021 - Current

Senior Consultant – Cyber Advisory and Security Assurance

ABC-Org University
01.2018 - 01.2021

Information Security Specialist – Risk, Compliance and Audit

ABC-Org University
01.2015 - 01.2018

Information Security Specialist

Department of Parks and Wildlife
09.2012 - 07.2013

Security, Risk and Assurance Roles

Government and US Embassy environments
01.2000 - 01.2011

Master of Engineering - Electrical Engineering

Indian Institute of Technology, IIT

Bachelor of Engineering - Electrical And Electronics Engineering

Calicut University

Similar Profiles

CREATE PROFILE
AM FN AM LN