Post Job Free

Resume

Sign in

Security Information

Location:
Gibraltar, Gibraltar
Posted:
January 08, 2021

Contact this candidate

Resume:

Resumé / Curriculum Vitae

Kelly Burnside

PERSONAL PROFILE

A Certified Information Systems Security Professional with other desirable IT accreditations bringing experience in Security, Project, Configuration, Change and Implementation Management. With experience working in the global banking arena, UK government, consulting, logistics and security service provision. Experience ranging from SOC work, to security advice, guidance and consulting on security issues/policy/frameworks, management of security projects to risk assessment creation, review and residual risk mitigation.

Promotes a positive upbeat and professional approach, maintains professional and excellent working relationships with all stakeholders from both technical and managerial levels. Happy and confident to train and mentor junior staff members.

KEY SKILLS / EXPOSURE HIGHLIGHTS / KEY TOOLS

ISC2 CISSP

ITIL V3

ISO27001

Capability Maturity Model

ISO9000

CobIT

ISO9001

PCI Compliance

HMG Information Assurance Standard No.1 & 2

SDLC Methodologies – Agile; Waterfall

Sarbanes Oxley

GDPR, Cyber Essentials

UK Government Security Policy Framework

Lean Thinking methodology

Service Now

DarkTrace

CyberArk

Data movement / UK Regulations

Mentoring & Training

Project management experience

Process Review & Improvement

Risk Assessment / management

FORMAL QUALIFICATIONS & TRAINING

ISC2 Certified Information Systems Security Professional

ISEB Certification in Security Management Principles

ITIL V3 Foundation certificate

ISEB Foundation Certificate in Software Testing

NVQ Levels 1, 2 & 3 in IT Software Installing and Administration

Learning Tree International certificate of Configuration Management

EMPLOYMENT HISTORY & KEY RESPONSIBILITIES

Dec 2019 – present – Head of Strategic Operations (IDT Finance)

Managing internal and external stakeholders to deliver complex projects on time, within budget

Project management – multiple projects simultaneously, of varying size and type (Technical / infrastructure/ regulatory) through the full lifecycle from inception through to closure

Project analysis and risk mitigation, including report creation and presentation to multiple layers of management and departments

Plan, Manage and Deliver all aspects of the project daily, from scoping out projects to capturing the issue log, risk log, change requests etc.

Ability to work across borders, with different cultures and time zones

Develop and write Policies and procedures aligned with industry best practice

Develop and deploy bank wide governance strategy

Chair and run project working groups across the Bank

Lead Disputes & Resolutions Team to ensure timely recovery of customer funds where appropriate

Lead the Data Analytics & Science team; ensuring the timely processing of daily reports for financial reconciliation and transaction monitoring; financial crime returns; operational queries.

July 2019 – Dec 2019 – Career break due to immigration.

May 2019 – July 2019 (Part time) – Security Architect (LTE Group)

Responsible for delivering IT security services by providing security consulting, carrying out security risk assessments and subsequent RMADS production.

Develop and enhance policy, security architectures and processes.

Liaise with LTE staff to ensure the maintenance of security standards for current and future Information Systems and promote security awareness.

Assist and provide guidance on ensuring certifications such as ISO27001, Cyber Essentials etc are obtained and maintained

Identify and maintain professional relationships with key stakeholders across LTE as well as externally with the customer and customer accreditation teams.

Mar 2019 – June 2019 (full to part time) – Information Assurance Specialist (Thales UK)

Support Thales UK in ensuring all technical security measures are enhanced and developed where necessary, to ensure successful and timely system accreditations and re-accreditations.

Provide central point of contact for all technical security matters and concerns, supporting project teams and businesses throughout project lifecycles.

Provide assurance and ensure successful and secure delivery of all Code of Connections (CoCos), associated cryptographic products, key material and required documentation.

Responsibility for developing and implementing formal and regular technical risk assessments of Thales’ IS environments, recommending remedial action where required.

Work collaboratively with technical project delivery teams to ensure proposed solutions provide the required level of security assurance.

Ensure that technical requirements for Thales assurance activities are delivered in the functional area.

Dec 2018 – Mar 2019 – Career Break

Sept 2017 – Nov 2018 – Technical Project Security Specialist (HSBC) – Privileged Access Management

Reviewing project documentation for security policy conformance; including technical designs, process and onboarding work

Assist in creation of technical project documentation

Assist with technical detail for onboarding and implementation

Lead the project work stream for ensuring regulatory, legislative and security conformance for the project prior to go live

Liaise and manage the relationship with data protection, legal and regulatory compliance teams to ensure ongoing compliance throughout project lifecycle

Liaise with other technical & infrastructure teams for development, build and test work

Arrange security, performance and Infrastructure vulnerability scanning on; provide reviews of the test reports and assist in mitigation planning where appropriate

Liaise with business & technical stakeholders; acting as the single point of contact where necessary

Identify key stakeholders and maintain professional relationships with those stakeholders, including key delivery teams and support teams across the customer organisation as well as externally with 3rd party suppliers

Report project progress via a weekly dashboard to line management and key stakeholders

Where necessary, provide clear and concise escalations to specific parties or stakeholders

Supporting the impacting and commercial approval process for projects

Provide Security specialist advice when required for design, build and implementation phases of the project

Feb 2017 – Aug 2017– Operational Security Specialist (TNT)

Collects and collates evidence as part of formally conducted and planned reviews of information and communications technology applications.

Examines records as part of specified testing strategies for evidence of conformance with management directives, or the identification of abnormal occurrences.

Conducts security control reviews to ensure compliance.

Assesses security of information and infrastructure components. Investigates and assesses risks of network attacks and recommends remedial action.

Reviews compliance with information security policies and standards. Assesses configurations and security procedures for adherence to legal and regulatory requirements to assist and support the Operational Security Manager.

Reviews network usage. Assesses the implications of any unacceptable usage and breaches of privileges or corporate policy. Recommends appropriate action.

Administers the operation of appropriate security controls (such as physical or logical access controls), as a production service to business system users and as part of the compliance program.

Helps investigate suspected attacks and security incidents, providing advice to stakeholders to determine the best course of action to remedy the problem

Liaises between organisation and 3rd party service providers when required.

Undertake vulnerability management activities and in co-operation with internal stakeholders and 3rd party service providers.

Analyse and assess security incidents and escalate to client resources or appropriate internal teams for additional assistance when required.

Analyse data sets and support alerts and response activities, assisting in root cause analysis of security issues.

Dec 2016 – Feb 2017 – Career Break (Maternity)

Feb 2016 – Nov 2016 – Technical Project Security Specialist (HSBC) – Identity and Access Management project

Reviewing project documentation for security policy conformance; including technical designs, process and onboarding work

Assist in creation of technical project documentation

Assist with technical detail for onboarding and implementation

Lead the project work stream for ensuring regulatory, legislative and security conformance for the project prior to go live

Liaise and manage the relationship with data protection, legal and regulatory compliance teams to ensure ongoing compliance throughout project lifecycle

Liaise with other technical & infrastructure teams for development, build and test work

Arrange security, performance and Infrastructure vulnerability scanning on; provide reviews of the test reports and assist in mitigation planning where appropriate

Liaise with business & technical stakeholders; acting as the single point of contact where necessary

Identify key stakeholders and maintain professional relationships with those stakeholders, including key delivery teams and support teams across the customer organisation as well as externally with 3rd party suppliers

Report project progress via a weekly dashboard to line management and key stakeholders

Where necessary, provide clear and concise escalations to specific parties or stakeholders

Supporting the impacting and commercial approval process for projects

Provide Security specialist advice when required for design, build and implementation phases of the project

Aug 2015 – Feb 2016 – Networks Security Project Manager (HSBC)

Responsible for creation, maintenance and distribution of project plans for network security projects

Identify and maintain professional relationships with key stakeholders, key delivery teams and support teams across the customer organisation as well as externally with 3rd party suppliers

Report project progress via a weekly dashboard to line management and key stakeholders

Where necessary, provide clear and concise escalations to specific parties or stakeholders

Supporting the impacting and commercial approval process for projects

Provide Security specialist advice when required for design, build and implementation phases of the project

June 2015 to Aug 2015 – Information Security Manager & Security Delivery Specialist (IBM)

Prior to service commencement act work with the programme transformation manager to ensure that required Information Security policies and processes are in place to run the security service

Post service commencement act as Information Security Manager:

oBe accountable for delivering business as usual security services to the client and be the IBM single point of contact for the client

oRemain independent and report directly to the Delivery Project Executive providing objective, informed and impartial guidance that balances the needs of the customer and IBM.

oEstablish, maintain and oversee effective working relationships for all IBM and Third Party teams providing security support on the account.

oServe as a dedicated focal point for managing security incidents that occur in the customer's environment (where this is an IBM responsibility).

oReview and approve change records which may impact the customer's security posture.

oProvide Audit support for internal and external reviews e.g. pre-audit preparation activities, support data collection, audit tool installation, report generation. Respond to security related audit and review findings including developing and tracking action plans.

oProvide informal security reviews for IBM delivered processes or architectures to ensure that security contractual requirements are completed.

oProvide SME advice during the management of security incidents and ensure SME coverage when not available.

oSecurity Risk Management for the client, including consultancy on security and risk matters

oSecurity health checking, audits and reporting (KPIs)

oSecurity and governance process improvement and transformation.

Nov 2014 – June 2015 – Career Break - Maternity

Jun 2010 to Oct 2014 - Security Risk Advisor & Delivery Manager (Capgemini)

Responsible for delivering IT security services by providing security consulting, carrying out security risk assessments and subsequent RMADS production.

Develop and enhance policy, security architectures and processes.

Liaise with security & project staff to ensure the maintenance of security standards for current and future Information Systems and promote security awareness; including Security Awareness training and delivery.

Liaise with Technical Architects and Live Service Management to provide Information Security guidance during the design, development, implementation and running of new Information Systems and the upgrade and refresh of current Information Systems.

Responsible for ensuring the scheduling, tracking work load, escalation for issues and the weekly reporting on security deliverables across the infrastructure estate.

Working with Projects and Programmes being delivered by Solutions Delivery bringing together a single consolidated plan for large programmes of work.

Identify and maintain professional relationships with key stakeholders (including the main client) across the customer organisation as well as internally across the department I worked in and various project departments.

Report project progress to line management, client, stakeholders and the account leadership team. Where necessary, provide clear and concise escalations to specific parties

Supporting the impacting and commercial approval process for major programmes of work.

Dec 2008 to June 2010 - Security Change Manager (Deutsche Bank)

Evaluate existing change control & security systems and processes

Implement the controls necessary to deliver appropriate assurance and security of the applications being delivered, whilst complying with Corporate Governance and SOX Compliance.

Define, implement and review the change management process within the business unit ‘Global Banking Services’ and approval of the applicable and agreed changes and publishing into a change schedule for the week ahead to relevant groups.

Control security access into systems deployed across the estate, including monitoring and controlling the use of privilege profiles.

Ensure that current technology, security & documentation standards are maintained when changes are implemented by working with representatives from all Business units where appropriate

Provide feedback and assistance in the development and maintenance of other processes as outlined by ITIL.

Oct 2007 to Nov 2008 – Configuration & Change Manager (Windsor Life Assurance)

Control, and also perform, the Configuration and Release function on a day to day basis.

Ensure that procedures and controls are performed to preserve the integrity, accuracy and completeness of code changes, demonstrating compliance with all legislative and regulatory requirements.

Control security access and configuration of systems when deployed out to new offices, including the introduction of new security processes to ensure new starters & leavers are processed effectively.

Ensure that software tools used to assist in the Configuration and Release process are appropriate and are covered by support agreements.

Manage SLAs between third party teams that interact with the CRM Team.

Implement the controls necessary to deliver appropriate assurance of Corporate Governance and SOX Compliance within the Department

Oct 2005 to Oct 2007 - Live Service Acceptance Team Leader (Fujitsu)

Provide full solution testing of all software changes, evaluation of all potential modifications, including hardware, infrastructure or security protocol changes, and prior to implementation onto any Live HMRC Office workstations or FAPs. This includes brand new changes/additions and maintenance releases.

Ensuring that all products and processes are compliant to all Service Level Agreements defined by the HMRC customer and the ASPIRE contract holders.

Facilitate problem investigation and the proving of subsequent fixes.

Liaising closely with the HMCE customer to provide support and assistance with product delivery, piloting and usage when required.

Act as a SPOC for specified projects, building custom environments, providing access and supervision for project testing; as well as technical support where necessary.

June 2005 to Oct 2005 - Software Configuration & Change Manager (SERCo)

Creating and maintaining a customised work area to suit the Project’s specification, within the tool.

Creation of and ensuring adherence to the Configuration Management Plan and overall CM strategy. Creation of processes & supporting documentation to ensure CMM level 2 compliance and ISO 9000 accreditation

Building and supervising of releases to the customers live environment

Ensuring all change proposals are thoroughly tested and pass all quality gates before deployment into the live estate.

Build issue escalation and problem management of any issues through to resolution

Mar 2005 to June 2005 - Mac Specialist (Apple)

Acting as a single point of contact for multiple customers on a daily basis

Providing technical knowledge and relaying detailed product knowledge in appropriate language

Providing technical assistance to customers as required

May 2000 to Mar 2005 – Change, Configuration, Release & Implementation Manager (Capgemini – differing roles at differing periods through the 5 year period)

Writing and maintaining an Implementation plan for my allocated projects

Liaising with areas prior to and during the implementation phase

Holding Post Implementation Reviews, to include comments on the implementation from all involved areas; and where necessary conducting further investigations into any issues found/raised, e.g. cause and analysis

Management and co-ordination of the implementation of individual release items to meet the release schedule and minimise the impact of releases to the live office environment.

Maintaining the Configuration Management Database

Actively co ordinating major and minor releases of software to test, pre-prod, clone and production environments

Maintaining and creating where applicable technical and team documentation to assist new team members

References upon Request.



Contact this candidate