Information Security Service
Resume:
David Cross
+** (0-790*-****** Gillingham, Kent
Email: adla3f@r.postjobfree.com
PROFILE
Business and commercially-oriented IT Director experienced at innovating and improving on large-scale IT systems, platforms, and infrastructure. Skilled at providing IT services and support aligned with business objectives. Proven ability to mentor and motivate teams, manage complex change, increase customer satisfaction, and reduce unnecessary expenditure and risk. Certified and experienced in fortifying network systems and security controls to ensure reliability and lower risk, with more than 15 years’ experience in Cyber Security.
CORE COMPETENCIES
Cyber Security / Cyber Essentials / ISMS & GDPR
Governance, Risk & Compliance
Training / Coaching / Mentorship / Staff Cohesion
Business Development & Consulting
Leadership and Management
Change Management / Transformation
IT Platforms / Infrastructure / Cloud Services
Service Delivery / Service Support / Operations
TECHNICAL PROFICIENCES
Frameworks
CISM Practitioner / Cyber Essentials Certification Body / OGC Management of Risk Practitioner / OGC PRINCE2 Practitioner/ OGC MSP Practitioner / ITIL 3 Practitioner
Tools
MS 365 / MS Office / MS Project / MS Visio / Oracle / SAP ERP
Environments
Cloud Hosting / Platform Hosting / IaaS / Disaster Recovery / Data Centre Management
EDUCATION
Master of Business Administration
Greenwich School of Management, Hull University, UK
BSc Mathematics, Statistics and Computing
University of London, Goldsmiths College, UK
PROFESSIONAL EXPERIENCE
Head of Technical Services / Cyber Security Officer, Sota Solutions Ltd, UK (5/2017 to Present)
Managed operations at board level, including Business Development, creation of Cyber Security Service offerings to Enterprise organisions, development of platforms, infrastructure, internet services, service delivery/support, and information security management. Enforced cohesion among teams and removed silos, improving customer service and mentoring staff. Contributed significantly to business growth of 200% in under three years. Developed mature ISO:27001 framework and gained external BSi certification for the last 3 years with zero non-conformances.
Cyber security projects – Developed new business and delivered complex projects to external customers, handled service reviews and incident responses. Completed Cyber Defences & Controls for World’s largest Windfarm.
Scaling platforms and infrastructure – Implemented new service catalogue, new ITIL 3 Service Desk Application, and 24/7/365 global service desk operation, along with a rolling 18-month Roadmap of new services.
Business development– Supported sales and business development teams. Provided response to tenders, proposals, presentations, and pre-sales support. Developed new products and services. Developed Cyber Security Offerings and launched an Education Business Sector to Secondary Schools and Trusts.
Optimizing service delivery and support – Reduced daily open service desk tickets from 370+ to less than 10+ per day in under two years and increased customer satisfaction from 4.5 to 9.6 during the same period.
Director of Professional Services, Azzurri Communications Ltd, UK (9/2015 to 5/2017)
Based out of the UK, responsible at Board level for the Professional Services Business Unit and the infrastructure and operational delivery of all Customer Projects at Azzurri Communications Ltd - a £100m Communications Company employing more than 500 staff out of 5 offices: Setting the strategy and direction of the Professional Services Project Group, with 50+ people and an OPEX budget of £2.038m, to maximise revenue and profitability.
Business Development, contract negotiation and portfolio management for large multi-site project rollouts, including the largest contract and operational delivery for Azzurri with National Farmers Union Mutual for £5.7m across 300+ sites.
Setting and delivering quarterly improvements to SLOs to ensure continuous achievement of Customer SLAs and continuous improvement in Operations and Service Delivery: Reduced long-tail orders from 1,376 down to less than 20 in the first year, developed BAU Service Catalogues, reduced project start time from 90 days to less than 10 days, through early engagement and a better established Sales Process, reduced WIP from £2.5m to £1.2m per month and put in place the necessary trackers to ensure effective management of Customer SLA’s.
Creating a PMO, with a single portal repository for all information, standards and templates, and reporting, establishing an organisation-wide Project Management Methodology, an automated Customer Escalation Alerting Service and for ensuring the correct recording, management, tracking and operational delivery of all projects.
As the Senior Risk Officer, the development and delivery of an ISMS programme, with a virtual team of 12 people cross-BU, covering ISO:27001, N3 and PCI Compliance, network security and for Business Process Improvement; raising the ISMS maturity level from 1 to 3 within 18 months: Responsible for ensuring achievement of 3-year recertification of ISO 9001 (Quality Management), ISO 14001 (Environmental Management), OHSAS: 19001 (Health & Safety Management) and ISO 27001 (Information Security) in February 2016.
Radically improving the morale and performance of the Projects Team and for the first time in over 3-years ensuring the Company exceeded its financial business targets.
Group Head of Procurement/Chief Information Security Officer, GEA, Germany (8/2012 to 9/2015)
Based in Germany, I was responsible for Information Security & Procurement at Group level for GEA, a €5.4bn Manufacturing Company employing more than 26,000 staff across 400 entities in more than 48 countries, as well as IT Operations Management:
Designing, developing and implementing the Organisations Information Security Management Strategy, based on input from Business Stakeholders, IT Teams, Risk Management Groups and the Internal Auditors, ensuring ongoing aligning of the IT Security Strategy with the Business Strategy.
Development and delivery of the IS Programme, split into strategic, tactical and operational projects, delivering progress in improving user awareness and raising the maturity level from Gartner level 1 to 3 in under 2 years.
Managing and developing a virtual IT Security team of 8 across 6 regions, focused on incident alerting, operational issue resolution and key projects to improve Information Security Maturity.
Reducing the security attack space through identification and remediation of risks and vulnerabilities. This included the auditing of 60+ entities a year and introduction a self-assessment GRC audit application.
Development and implementation of the Organisations IT Procurement Strategy with the key objective of driving supplier reduction and simplification across the portfolio to gain efficiencies and reduced cost of support.
Creating a cohesive team, by providing leadership that engaged all staff, clear establishment of performance expectations, coaching, performance management, career development, reward and recognition, hiring and positive employee morale. This included annual cost reduction across the portfolio of more than 15% pa.
Aligning the Legal, Financial and Commercial functions to ensure 100% compliance to the Organisations Procurement Lifecycle Policy and Procedures, including alignment with the Manufacturing Teams: Identifying and targeting global and regional opportunities for cost savings and leveraging GEA’s scale to achieve greater discounts on global supply: this included negotiation of global contracts with ATT, Microsoft, CISCO and SAP.
Improving Operational Performance of key suppliers through robust Supplier Management: Using automation to improve productivity, maximizing opportunities for web ordering and lowering administration costs.
Building the necessary infrastructure to support decision-making of data driven metrics, and benchmark metrics for executive and internal reporting and for analysis to measure success.
Global Programme Director, Dimension Data, South Africa (9/2009 to 8/2012)
Based in South Africa, I was responsible for IT Transformation Services, Business Systems Architecture and the development and implementation of a Global Programme to harmonise systems, architectures, applications and processes across 6 geographies for Dimension Data, a services provider with more than 19,000 staff in 45+ countries and duties included:
Responsible for the management of multiple related projects directed towards a common objective, the implementation of Global IT Applications and Infrastructure strategy throughout the business globally.
Responsible for project prioritisation based on business strategy and priorities within the constraints of available resources, funding, time and other group-wide initiatives and programmes.
Initial detailed planning and co-ordination with the business and group stakeholders, followed by ongoing Programme Management and execution of multiple streams including key application (ERP, Supply Chain, Integration etc.), process streams and business transformation streams: -
Business Process Harmonisation: using SAP as the core environment, including the development of new processes and moving from the as-is to future state operations.
Governance, Risk and Compliance: responsible at Group Level for consolidation of Risk and Compliance and reporting to the Group CIO and the Executive Board.
Enterprise Applications: including landscape determination, application optimisation and alignment with the business processes re-engineering projects.
Business Operations Suite: the development of a common SAP template and its deployment to all regions with enhanced reporting and alignment to harmonise business processes.
Digital Channel and Quotation System: ensuring a consistent and common platform for go-to-market solutions, including CISCO, and for ensuring an “opportunity to quote solution”, integrated with SAP.
Programme and Project Management: managing a large portfolio of projects to support the alignment of IT to a common standard, including monthly reporting to the Group Executive Board.
IT Director, Mazars LLP, UK (1/2002 to 9/2009)
Carried out strategic development and operational implementation of critical transformation services to 1600+ users across 22 sites in UK. Created Global One Team IT organisation for 15,000 staff across 43+ countries. Managed team of 28 staff members, responsible for annual performance reviews, training, and development.
Systematically improved performance and reliability of IT systems and services to support 100% business growth over five years.
Designed and fitted new Tower Bridge House Offices, including design and build of new data centre and disaster recovery centre, and facilitated move to new HQ premises over one weekend.
Initially appointed to manage and deliver a complex portfolio of projects and services and for improving the service development, service delivery and service support of IT within a large UK business accountancy and consulting practice: Promoted after 3 years to IT Director to lead and manage the IT and Facilities Teams.
Budget responsibility and accountability for IT and Facilities of £6m in the UK and one of 4 Country Directors responsible for delivering global IT within a budget of €35m.
Leadership, management and development of a multi-functional team of 28 IT technical and support staff, plus a team of 6 people to take care of Facilities, Health and Safety, Fire Safety and office moves.
Identification of premises, design, fit and move of the new HQ to Tower Bridge House, including the design, implementation and move of the Data Centre and business operations to Tower Bridge House (2007).
Design and management of in-house Data Centre, Server environment (CITRIX, VMWare and SANs), email and back-up, together with Service Desk and Service Support using ITIL 3 framework.
Responsibility for developing IT / Information Security Management Strategy and ensuring alignment with the changing needs of the business, including the acquisition, merger and integration of new partnerships.
Established the UK Sourcing Strategy and managed relationships with key suppliers, leveraging vendor capabilities and delivering value for money. This included the Tender Selection Process, Operational Delivery and ongoing management of Professional Services, including access control and front of house services.
Reporting directly to the Executive Board, including advising on UK IT and International IT, working with stakeholders and various committees, acting as a sounding board for top management and for ensuring that appropriate solutions were implemented before any impact on the business.
Strong stakeholder management and trust with Partners on strategic programmes: Responsible for designing, developing and implementing the Project Management standards, policies and procedures, gaining Executive Board approval to implement a PMO and use of structured Project Management and for training and implementing key IT staff, users and stakeholders in the Prince 2 framework.
Delivery and implementation of a Global Resource Domain / SharePoint Portal and Global Internet Services.
CERTIFICATIONS
NCSC Cyber Security Certification Body (2018)
Certified Information Security Manager (CISM) Practitioner (2015)
PRINCE2 Practitioner (2003), Managing successful Programmes Practitioner (2004), Management of Risk Practitioner (2006), ITIL 3 Practitioner (2007)
GOVERNMENT SPECIALISMS
Grade B Certification for Government Commercial Function Certificate in the role of Commercial Associate Specialist (2021)
Accredited Contract Manager at Contract Manager Foundation for Government Commercial Function (2021)
CLEARANCE
Enhanced DB Clearance
Previously cleared at MoD-SEC 1 Level for Ministry of Defence and GCHQ
Recommendations
Matthew Howland: IT Consultant / IT Project Manager, Sota Solutions Ltd; worked with David at Sota
“During David’s tenure at Sota, the company enjoyed the benefits of his insights into improving our productivity and project management processes as well as helping us develop our thinking along more strategic, tactical and operational lines. Leading by example in his planning and time management methodologies as well as being approachable and fair, whilst still maintaining strong, decisive leadership, he was able to help the Technical Services Department move Sota to a higher level of efficiency and operation, furthering the company’s growth and development goals. When the going got particularly tough for the team, the supply of pizza was a welcome incentive! If you want to improve your team’s efficiency or approach to planning and project delivery, hire David!” February 24, 2020
Hans van Melick: Group CIO, GEA; worked with David at GEA
“I hired David in my position as Group CIO for GEA Group AG, a multibillion German stock listed multinational. Given his prior responsibilities and experiences, I asked David to take responsibility for both the Global Head of IT Procurement as well as for the position of Group CISO. David has shown to be able to act at both strategic, tactical and operational level in both roles and has delivered substantial value (both qualitative as well as financially) to the GEA organisation. David has strong communication skills (both verbally and in writing), takes an open and creative approach to dealing with challenges, is capable of running a number of complex programs simultaneously and is demanding but at the same time honest and fair to his colleagues. I was a great pleasure working with him” August 2, 2016
Chris Jagusz: Chief Executive Officer, Azzurri Communications Ltd (a Maintel Company); current line manager of David at Azzurri
“David is a highly effective leader with a broad portfolio of management capabilities. In my experience, he quickly identifies the key issues within his team and structures his resources accordingly. He has focused his team on the basics of their job and put the relevant measures in place to drive improvement. David works on the people, process and the systems across the whole organisation, and is commercially astute, thinking about the business contribution of his actions. In the face of challenges, he engages directly and proactively with stakeholders. Politely direct and very determined, David readily inspires confidence through his calm and thoughtful manner.” July 18, 2016
Aad van Os: Director Information Management and IT, Mazars (colleague); worked with David at Mazars LLP
I have worked together with David for several years now. David is a very fine person to work with as well as on interpersonal as on professional aspects. We share a MBA background and that's probably the reason we have many IT management views in common which are valuable for Mazars. Furthermore, David has proven to be a successful project manager (based on PRINCE2) with great negotiation skills. In the Mazars international IT team, David is the one to put the right questions for complex subjects, very straight but without being rude. A real much appreciated colleague!” June 11, 2009.
Jean-Francois Nouveau: Director Information Management & IT, Mazars (colleague); worked with David at Mazars LLP
“David and I worked together in a group of 5 IT country leaders who were assigned the strategic objective for the Group to build a new and common way of managing IT and IS projects in Mazars. David showed an impressive sharpness of analysis, opening ways for convergence and synergies. Always constructive, he wants to make the most of his IT and methodological skills to build the most pertinent action plans in a highly moving environment. A very good colleague, David shares and sells his ideas and vision in a clear and rational manner. It was, is and will be a personal and professional pleasure to work with David!” September 23, 2009
Matthias Nicolay: Head of IT, MAZARS GmbH, Mazars (colleague); worked with David at Mazars LLP
“David is an extremely persuasive and positive leader who successfully sells his ideas and projects. He presents his position in a well-organized fashion and supports it with clear and compelling arguments. David inspires great enthusiasm and is well respected throughout the organization. I have had numerous intellectual exchanges with him and respect him as one of the most brilliant thinkers I know. He possesses an amazing analytical mind that looks at issues deeply. David has proven great negotiation skills. I would highly recommend David for any IT Leadership and business role. In addition to his technical and business leadership skills, he is a genuine and decent person and one with whom I enjoyed working.” June 13, 2009
Covering Letter
Strong leadership credentials, with experience of building, developing and leading large multi-disciplinary technology and operations teams that are seen as exemplary in the delivery of services.
20 years experience in putting together new teams, and harmonizing existing staff, into efficient and effective operational units, both in the UK and Internationally (between 6 and 120+ staff):
SITA Inc: Responsible (amongst other global programmes) for setting up a 90-person project team in Hong Kong for the outsourcing of the entire Global IT Infrastructure and WAN for Cathay Pacific, including a Staging Centre in Manila for configuring and shipping 39,000 PCs, design and build of a Global Service Desk in Singapore, international rollout of the systems and network, outplacement of the IT team and the implementation, training and handover to BAU (USD $57m).
ADACS: 10 years experience working with the Government, MoD and GCHQ on the development and implementation of Secure IT Systems: Development of Tempest Secure Systems with GCHQ; Strategic Design and Rollout of the Army’s Catering System (CATPAC); Development of an Underwater Weapons System for the Navy (between Portsmouth, Cape Canaveral and the Bahamas), a Parachute Packing System for the RAF at Strike Command High Wycombe and a Helicopter Tasking System for the Army at Wilton Nr Salisbury; “Winning the Catalogue System” for the MoD 3 years running with Apricot and 2 years with Oracle; technical coding and supply of systems used in the Falklands Conflict (1982) and also for the Gulf Crisis (1990); development of 3 x 57-seater self-contained Mobile Training Coaches for use by the MoD in UK and Germany.
Mazars: Responsible, as Director of IT for 9 years, to the Executive Board for IT Strategy and Operations across 22 offices in the UK and one of 4 country leaders internationalising IT across 43+ countries: Managing a team of 28 staff and responsible for their annual performance review, training and development, including a team of 6 for the development and support of business critical programmes and development of lines of business including Outsource Programmes for HBOS and Clydesdale Bank.
Sota: Supporting more than 500+ Enterprise Customers as CTO and Information Security Manager: Coaching and mentoring 6 Senior Management Reports on prioritisation, resource planning, executing business objectives and customer satisfaction, and developing 3 Service Desk Apprentices (indirect reports) from Level 0 to Level 3 in less than 2 years; design and implementation of a new 24x7x365 Global ITIL 3 MSP Service Desk for Sota Customers, in addition to Ascot Insurance (its largest customer), including recruitment and on-boarding of staff, design and implementation of the service and shift patterns - writing procedures and reporting systems, business process automation and continuous improvement to support the new operation (including the development of a new Service Catalogue, implementing a new MSP Service Desk Application and new ways of working).
Dimension Data: responsible for Global Business Harmonisation, detailed planning and co-ordination with Business Stakeholders, followed by ongoing Programme Management and execution of multiple streams including key applications (including ERP, Supply Chain and Integration) and business transformation encompassing 6 discrete areas of Business Process Harmonisation: using SAP as the core ERP environment; Governance, Risk and Compliance: responsible at Group Level for consolidation of Risk and Compliance and reporting to the Group CIO and Executive Board; Enterprise Architecture: working with the EA team to improve the network landscape, application optimisation and alignment with business processes. Business Operations Suite: development of a common SAP template and deployment to all regions with enhanced reporting; Digital Channel and Quotation System: ensuring a consistent and common platform for go-to-market solutions and developing an “opportunity to quote solution”, integrated with SAP; Programme and Project Management: managing a large portfolio of projects to support the alignment of IT to a common standard.
Deep experience of high-tempo and critical technology operations, including in times of challenge. Highly resilient, with ability to remain calm under pressure and produce effective, strategic response plans.
Mazars: A key part of the role was the systematic improvement of systems and services to support 100% growth of the business over a 5 year period, the radical improvement of performance and reliability of IT systems and a major programme of service improvements, including implementation of LAN-Desk, setting up remote international 24x7x365 support and implementing Information Security, Risk Management and Governance; the design and fit of new Offices, including the design and implementation of the new Data Centre at Tower Bridge House, Disaster Recovery Centre in the Docklands and move of 400 people to the new HQ over a weekend. Required ‘critical decision thinking’ to ensure zero downtime, Partners could move from fixed offices to open plan and at the same time integrate a newly acquired professional services firm (Moors Roland International).
Sota: Providing Information Security Management and Incident Response for 500+ customers, including Banks, Energy, Insurance and Legal. This included London Array Limited (the UK’s largest Windfarm) and the design, implementation and on-going improvement of IT and ICS, including 24x7x365 monitoring, ISMS development, alerting and incident response and disaster recovery.
GEA: As CISO, responsible for the Strategic Design of their Global Cyber Security Programme spanning 26,000 staff across 400 entities, including: Raising the IS Maturity Level from 1 to 3 in less than 2 years; working with the Global Infrastructure Team to implement Security Controls and Security Hardening to reduce the threat landscape and reduce vulnerabilities; reduced P1’s by more than 26% and provided more effective incident response; responsibility for Critical Incident Response and “gold command” to ensure effective communications to the business, its customers, regulators and the Group Board.
Track record of delivering complex IT infrastructure programmes, at scale, and ideally with experience of hybrid cloud-based and ‘on-premise’ solutions in an exacting security environment.
Sota: The design and build of a new Data Centre, implementation of a 40GiG Dark Fibre Circuit around Kent, scaling the Platforms and Cloud Hosting Infrastructure to cater for the doubling in organisational growth in compliance with ISO27001: led the Organisation through external BSI ISO:27001 Certification in 2017, 2018 and 2019 with zero non-conformities.
Sota: Migrating customers to Office 365, AWS and Azure and moving customers to hybrid private and public cloud solutions including: Global Risk Partners - migration to Public Cloud/On-premise; One Savings Bank - Cloud and Platform Hosting; Fujitsu - move of their UK infrastructure and platforms to Sota Hosting, including meeting exacting IS requirements for audit from Japan.
Mazars: The design and implementation of a Private Cloud, based on VMWare and Citrix, for 24x7x365 operations internationally. This included providing Live replication to the DR site and non-repudiation for Forensic Cases.
Mazars: Carrying out Information Security assignments for the firm’s major customers, e.g. working with the Qualifications Curriculum Authority Audit Committee to review and recommend remediation of the state of Information Security across 5 domains, including Data Centre, Software Lifecycle Development, Setting & Marking Systems, Physical and Logical Security.
Azzurri: contract negotiation, security management and programme delivery of multi-site rollouts, including the largest contract with National Farmers Union Mutual for £5.7m across 300+ sites, encompassing WAN, Telephony, PCI DSS Certification, Call Recording and Report on Compliance for e-commerce: This included a secure payments solution across the Azzurri hosted platform and NFUM’s Citrix environment for all insurance payments; Operational implementation of security systems and standards for its hosted telephony platform, security for the data center’s, security standards and protocols for customer implementations - managed firewalls and telephony for Carpetright across 540 stores, Vanquis Bank for Secure Payments, Kingfisher/B&Q for managed firewalls, telephony and managed services, {my}Dentist hosted telephony across 500 sites, BIFFA for telephony and WAN Services and OCS for global firewalls.
Solid technology and systems engineering background, able to direct complex problem solving across specialist teams with credibility.
Sota: Cyber Essentials Plus Certification and PCI DSS Accreditation for Shepherd Neame Brewery, working with Stakeholders in Restaurants, Hotels, Shops, Brewery and IT to ensure effective governance and compliance; Information Security Management System design, Asset Inventory Discovery, GDPR implementation and DR scenario planning for London Array Limited, including monitoring and alerting of priority assets; Resolution of baseline metrics at Sota for PRTG Monitoring, to reduce ‘red alerts’ to < 10 per day (rather than 200+ per day); Changing the backup solution to VEEAM in order to remove overlaps causing backup and support issues with Customers - this reduced compute and storage requirements for Customers and led to cost reductions within the Data Centre’s.
Sound experience of large budget management and ability to drive down costs to achieve best value for money.
Mazars: Responsibility for CAPEX and OPEX budgets (£7.5m) and working with the business to create a realistic budget which was delivered each year at > 2% below the industry standard benchmark for Financial Services organisations.
Azzurri: I was specifically recruited to bring the Organisation to profitability ahead of the sale of the Company; Setting the strategy and direction of the Professional Services Group, with 50+ people and an OPEX budget of £2.5m, to maximise revenue and profitability: Implemented a new organisational structure, collapsing management layers from 4 to 2, reducing head-count by 18%, reducing budget spend by 5%, establishing an effective Customer Engagement & Governance Model, whilst improving Customer Satisfaction; Radically improved the morale and performance of the Professional Services Team and for the first time in more than 3 years ensured the Company exceeded its financial business targets; Setting and delivering quarterly improvements of SLOs to ensure continuous achievement of Customer SLAs and continuous improvements in Service Delivery and Customer Satisfaction: Reduced long-tail orders from 1,460 down to less than 5 within 18 months, developed new Service Catalogues, reduced project start time from 90 days to less than 10 days, through early engagement and a better established Sales Process, reduced WIP from £2.5m to £1.6m per month and set in place the
Contact this candidate