CV

VP Information Security

Vault (a Diligent Brand)

I lead information security strategy, compliance and governance for a global SaaS company operating in ethics and compliance technology. My focus has been building customer trust, strengthening operational resilience, and using security as a commercial advantage through periods of growth, fundraising and acquisition.

Market Positioning & Revenue Enablement

‍

Key Challenge: Security due diligence slowed down enterprise sales and created friction in procurement. Needed more market visibility to unlock revenue.

I built out a security buyer persona for the product and created collateral targeted to shorten and simplify the sales cycle.

I developed and implemented strategy for products' security positioning in comparison to competitors and industry expectations and achieved this within 9 months. I participated in commercial calls with key clients to reduce friction during procurement and pre-sales due diligence processes, and continue to write thought leadership and technical pieces for marketing.

I built a brand as a security and startup GRC influencer with SSI ranking at top 2% in my industry. I used my personal brand to create opportunities for revenue - was a 2023 STEM award Runner Up, and have ongoing webinars, podcasts and external and internal publications as a Cybersecurity SME. I was a speaker at International Cyber Expo 2025 and Visions CIO+CISO Summit 2025.

‍

Outcome: Security became a visible strength in the sales process, reducing friction and improving buyer confidence.

Business Transformation, Innovation, & Growth

Key Challenges: The company was going through an acquisition that required security oversight and integration.

I led the security due diligence process, supported legal and commercial teams, and managed the secure integration of infrastructure, tooling and governance frameworks post-acquisition.

Outcome: The acquisition completed smoothly with no security or compliance blockers. I was promoted twice in 18 months, ultimately appointed VP with board approval.

‍

Compliance & Assurance

Key Challenge: Customers and partners required confidence that their data was managed securely and in compliance with international standards.

I maintained and matured the ISMS to remain compliant with SOC 2 Type II and ISO 27001: 2022 compliance certification and demonstrating security maturity for customers and prospects. I maintained compliance with global data privacy and whistleblowing regulations including EUBD, GDPR, CCPA. I championed understanding, translating, and supporting compliance with novel regulatory and industry requirements, such as ESG, and Accessibility requirements (VPAT) to meet customer expectations and market advantage, integrating these into the company's compliance roadmap.

Outcome: Maintained continuous audit readiness and strengthened customer assurance during procurement and renewal cycles.

‍Operational Security, DevSecOps, & Privacy‍

Key Challenges: Privacy requirements were handled separately from security operations, creating inefficiencies. Staff across the organization needed consistent security and privacy training. Security wasn't baked into product development from the start.

I integrated privacy within the ISMS, standardised DPIAs, PIAs and third-party reviews, and established a cloud-based Record of Processing Activities (RoPA). I also launched a comprehensive awareness programme including role-based training, phishing simulations and continuity exercises.

I built close partnership with Engineering and Product function to ensure security items are prioritised and implemented as part of the CI/CD and Product Development LifeCycle through Security and Privacy by Design practices.

Outcome: Privacy operations became embedded in business-as-usual processes, improving consistency and reducing operational gaps.

Revenue Enablement & Industry Influence

‍Key Challenge: Security wasn't clearly communicated to buyers, which slowed down sales. The company sought greater visibility and credibility in the security community.

I represented the organisation through speaking engagements and published thought leadership on cybersecurity and compliance. I participated in commercial calls with key clients to reduce friction during procurement and pre-sales due diligence processes, and continue to write thought leadership and technical pieces for marketing. I built out a security buyer persona for the product and created collateral targeted to increase use cases for CISOs for vulnerability and incident reporting in accordance with SEC requirements.

Highlights:

Speaker: International Cyber Expo 2025, Visions CIO + CISO Summit 2025
STEM Award Runner-Up 2023
Top 2 % SSI ranking in cybersecurity industry
Women in CyberSecurity UK & Ireland (WiCyS UK & I) Executive Community
Women in CyberSecurity (WiCyS) Global Senior Leaders Network

Outcome: Contributed to brand growth and industry recognition.

‍

Product Security & AI Governance

Key Challenges: The company needed to adopt AI tools safely while meeting regulatory and customer expectations. Security and compliance needed to evolve with faster product development and new AI use cases.

I implemented a framework for use of AI internally for operational efficiency and effectiveness, as well as for use in products that are compliant with emerging regulatory requirements and customer requirements. I implemented an AI governance framework for use of AI services and tools for internal and product (customer) use purposes.‍ I embedded security and privacy by design within CI/CD pipelines and worked with product teams to align development with regulatory and customer expectations.

‍Outcome: Improved confidence in product security posture and supported safe, compliant innovation with AI.

Risk & Governance

Key Challenge: Risk was not consistently owned or visible at executive level.

I introduced a unified risk management framework covering information security, privacy, innovation, and vendor management.

I implemented a holistic risk management, project security, privacy risk management, and vendor management framework and operating model for continual improvement and visibility into emergent risks. I partnered with business functions to create shared ownership and implemented regular reporting to the board and executive team. I implemented a risk based decionmaking framework to enable and inform timely actions to innovate, build, or enhance product.

‍Outcome: Improved transparency of emerging risks and supported risk-based decision making across the company.

Senior Lead Consultant

Bridewell Ltd

I advised clients across FinTech, government and legal sectors on building secure, compliant and resilient operations. My work combined audit, governance and risk transformation with hands-on implementation of ISO 27001, SOC 2, NIS 2, CAF, Cyber Essentials and other regulatory frameworks. I also developed and matured operating model for ISO 27001, SOC2 Type II as well as vCISO service offerings for clients, and led a team of high performing senior consultants.

Security Governance & Audit

Challenge: Clients lacked structured and repeatable approaches to security assurance.

I delivered more than six ISO 27001 internal audits, helping clients identify weaknesses and strengthen compliance. I also designed templates Microsoft 365-based ISMS frameworks and Jira tools to manage evidence and workflow more efficiently. I matured ISO 27001 Compliance and ongoing management services to unlock ongoing revenue opportunities.

‍Outcome: Clients achieved faster audit readiness and reduced manual compliance effort.

SOC 2 &Assurance Delivery

Problem: A FinTech client required SOC 2 Type II certification to meet partner and investor demands.

‍
I managed the entire project using an agile delivery model, aligning existing controls with SOC 2 criteria and guiding the team through evidence preparation and readiness assessments. I also created SOC 2 Type II service offering for clients, building out collaterals, templates and compliance frameworks for clients of varying maturity to increase profit margin for compliance services.

‍
Outcome: The client achieved SOC 2 Type II certification on schedule, strengthening credibility with enterprise customers.

Risk & Regulatory Alignment

Key Challenges: We needed to maintain multiple compliance certifications while demonstrating security maturity to customers. Public-sector clients struggled to align to national and sector-specific requirements.

I maintained and matured the internal ISMS to remain compliant with SOC 2 Type II, ISO 22301, Cyber Essentials, and ISO 27001: 2022 compliance certification, demonstrating security maturity for customers and prospects. I championed understanding, translating, and supporting compliance with novel regulatory and industry requirements, such as NIS 2, DORA. I supported a government organisation, and several organisation within the Energy Sector (CNI) with a risk management improvement strategy and the implementation of the NIS Regulations and NCSC Cyber Assessment Framework.

Outcome: Improved governance maturity and demonstrated compliance readiness for regulatory oversight.

Cloud & Technical Enablement

Key Challenges: Industry partnerships with local educational institutions required training including practical understanding of network and cloud security controls.

I led technical workshops for Cybersecurity College Cymru on network monitoring tools such as Snort, hosted in Azure environments. I also advised clients on AWS, GCP and Azure cloud security tooling.

‍Outcome: Enhanced learning for Cyber College Cymru participatns, and improved their operational capability and confidence managing cloud-based risks.

Leadership & Delivery

Key Challenge: Consulting delivery required structure and resource development.

I provided recruitment, training, and leadership support for senior and junior security consultants, supported their professional development whilst ensuring delivery quality across multiple projects.

‍
Outcome: Maintained consistent delivery standards and high utilisation (80%+) while developing team capability and a culture of continual learning.

Head of Information Security

Perspectum Ltd

I established and led the global information security function for a Software as a Medical Device (SaaMD) and Medical Technology company operating across the UK, US, EU and APAC. I built the security programme from the ground up, integrating regulatory compliance, clinical safety and operational security to support international growth in a highly regulated industry.

Security Strategy and Implementation

Challenge: The company wanted to expand their market presence globally whilst adhering to relevant legal, security, and safety requirements

I built the company’s global information security programme and team, developing policies, processes and governance aligned to business and regulatory requirements across five regions. I led a team of four to implement the security strategy and introduced scalable operating practices. This was implemented to offices across US, EMEA, and APAC to serve customers around the word.

‍Outcome: Security became a structured business function that supported growth and customer assurance across regions.rt.

Compliance and Security in Regulated Healthcare

Problem: Operating in medical technology required alignment to complex, multi-region healthcare regulations and their own requirements for cybersecurity. Security requirements were not embedded in product development, increasing regulatory risk.

‍
I maintained compliance with CCPA, HIPAA and HITRUST as well as GDPR and PDPA. I assured compliance with ISO 13485, 27001, GxP systems, as well as NHS DSP Toolkit requirements, and Cyber Essentials Plus for medical devices development and clinical diagnostic services as well as academic research and clinical pharmaceutical trials.

I engaged with stakeholders to raise awareness, and implemented controls in product development lifecycle to comply with information security requirements for EU and US regulations (including CE marking, UKCA, MHRA approvals, and FDA approval/510k and 21 CFR 11).

‍
Outcome: The company was able to meet the security and compliance expectations of healthcare providers, clinical research partners and regulators in global markets. Products met security expectations for EU and US market approval.

Risk & Governance

Key Challenges: Risk wasn't cohesively managed across product, operations, technologies, and leadership.

Introduced a security risk management framework based on ISO 31000 and embedded ownership across departments. Delivered regular risk reporting to senior stakeholders including the executive team, SIRO and DPO, improving security decision-making and accountability including executive dashboard and leadership forum discussions to identify, escalate, and authorise risk management decisions.

Outcome: Improved governance maturity and enabled standardised approach to risk management decisions across procurement, product, legal, and commercial sectors with financial, commercial, and reputational impacts clearly defined.

Global Expansion and Technical Assurance

Key Challenges: Geographic expansion and new research as well as clinical facilities required secure foundations.

I developed and carried out security assessments for new offices in Singapore, US, and Portugal, and for a clinical laboratory facility in the UK. I introduced periodic penetration testing for internal and cloud infrastructure (alongside product) and worked with engineering teams on remediation plans.

‍Outcome: Enabled secure international expansion with appropriate safeguards in place.

Security Operations & Incident Management

Key Challenge: Security monitoring and incident response capabilities needed maturing.

I implemented AI-based managed security services (SOC) for detection and alerting. I introduced SSO and MFA across systems handling sensitive data and improved operational security processes. I introduced annual penetration testing for internal infrastructure, cloud environments and APIs and managed remediation with asset owners. I led incident management and business continuity planning, including real-world incident response and service recovery. I implemented automation in incident handling and established consistent processes across teams.

‍
Outcome: Enhanced security posture, and reduced operational risk through technical controls, iterative improvements, continual improvement

Senior Governance, Risk, and Compliance Officer

University of Oxford