Christopher Durso
Information Security Director CISO
Cyber & Information Security, NIST, ISO 270001, Cyber Security & Transformation Expertise
+44 (0-790*-***-*** ***********@*******.***
www.linkedin.com/in/chris-durso-37025832
Professional Overview
Commercially-astute & with confidence to partner at up to C-level from a Cyber Security perspective, adding value across B2B, B2C, energy, oil & gas exploration, accounting, consulting & global corporate sectors.
CISM certified, with broad experience in industry best practice tools, including ISO 27001, GDPR & NIST.
Proactive as a ‘trusted partner’ to the business, bridging the gap between Cyber Security & business needs, converting strategy into change, boosting performance via IS teams, robust processes and project delivery.
Sees both the ‘big picture’ and details, encouraging a culture of continuous improvement, understanding the challenge of risk, data & Cyber Security issues, articulating complex concepts to a non-technical audience.
Over 15+ years of experience in the Information Technology sector, specialising in Cyber Security, with a strong proven track record of success in leading Information Security responses, protocols and frameworks.
Key Skills & Expertise
Information Security Leadership
Multi-Site Operations Management
Cyber Security & InfoSec Strategy
Technology Investment Roadmap
Hardware & Software Deployment
Security Operations Centre Delivery
Cyber Security Control Frameworks
Threat & Vulnerability Mgmt
Cyber Incident Response Planning
Risk Identification & Management
Data Loss Prevention Technology
Multi-Vendor Contract Negotiation
Continuous Security Improvements
IT Security Awareness & Mentoring
Compliance, ISO 27001, NIS2, NIST
Career Experience
Global Switch, London
Information Security Director 2022 to Present
Information Security and Cyber Security leadership, taking ownership for all elements of Information Security spanning 7 European and APAC locations. Risk assessment and management across all business units.
Acts as a ‘trusted advisor’ on Information Security, including reporting to the board on a regular basis.
Full remit for security strategy creation, along with the implementation for the company's internal security.
Key role in undertaking real-time IT security analysis and mitigation, reducing risk throughout the business.
Co-ordinates internal, operational, and customer security deliverables, including adopting best practices.
Ensures ongoing BAU and innovation security strategy alignment, meeting rapidly-evolving business needs.
Key contributions and successes:
Delivered SOC implementation, accompanied by security awareness and incident response
Took the lead in overseeing security planning and technology selection, working with vendors
Ensuring new technology accurately aligned with evolving IT security standards, ensuring success
Managing continual security improvement efforts to deliver optimal security across the business
Increased Cyber Security and Information Security awareness where previously there was none
Aligned to ISO 27001, NIS2 and ENS, adhering to legislation and mandated security processes
Transformed real-time and automated threat intelligence within the Information Security function
Capricorn Energy Plc, London
Head of Cyber Security 2020 to 2022
Full remit for all elements of Cyber Security, advising the business on Information Security best practice, aimed at addressing internal and external audit findings, threat intelligence, and vulnerability management.
Engages collaboratively with senior stakeholders, including providing Boardroom-level quarterly updates.
Budgetary management across Information Security and Cyber Security, including working with vendors.
Planned development lifecycle security activities, including costs, duration and project execution impacts.
End-to-end project leadership and delivery, including project planning, scope, budgeting, risk and issues.
Key contributions and successes:
Created and embedded security protocols. Including NIST CSF implementation & maintenance
Analysed the customer service request (project) to determine security goals, issues and threats
Effectively managed Cyber Security reviews, vulnerabilities, corrective actions, and remediation
Provided assistance with Cyber Security and Information Security in 3rd contracts, KPIs & SLAs
Implemented a data classification & discovery solution, working closely with the technical architect
Drove the Data Loss Prevention project with the IT Team to prevent insider threat & data leakage
Matured supplier / vendor security, aimed at decreasing risk and identifying supply chain issues
Mace Ltd
Head of ICT Security 2017 to 2019
Responsible for …
Engaged as Head of ICT Security, acting as the Lead Consultant to delivering both Cyber Essentials and ISO 27001 accreditation. Full remit for managing all elements of business and ICT information security.
Key role in strategising, setting goals, and addressing technology-related controls risks and issues, advising business units and senior-level stakeholders on information security and promoting best practice methods.
Provision of expert-level Cyber Security consulting, developing standards, designs, and patterns to ensure security design governance.
Full ownership of the IT Security Risk Register, along with planned actions, controls and deliverables.
Maintained effective and proportionate surveillance for suspicious activity, vulnerabilities and threats.
Key contributions and successes:
Regularly reviewed and assessed IT risk, ensuring integration with wider risk management
Resolved security problems with internal and external auditors, regulators and legal teams
Helped implement innovative solutions to boost the team's performance and Cyber Security
Led threat modelling to reduce compromise risk, security evaluations & boost Cyber Security
Took ownership for GDPR management for the IT department and its systems and services
Managed and led Cyber Essentials Plus and ISO27001 initiatives, engaging with stakeholders
Mace Ltd
ICT Infrastructure and Cyber Security Manager 2013 to 2017
ICT infrastructure and Cyber Security leadership, taking ownership for ISO 27001 audits and related technical policy development. Engaged as Project Lead to secure Cyber Essentials accreditation.
Leadership, management and motivation of 9 people, including ICT technical delivery teams and field engineers, proactively engaging in team mentoring and promoting Cyber Security best practice methods.
Managed the relationship with numerous stakeholders and partners, including the ICT Security Partner, Data Centre, and Skype for Business\Communication Partner.
Key contributions and successes:
Worked collaboratively with the ICT Service Desk Manager on any issues / escalations
Engaged on wider project strategy and the delivery on various ICT and business initiatives
Created monthly KPI reports showing a dashboard of stats requested by the Group ICT Director
Early Career
2007 to 2012 ICT Technical Delivery Manager Mace Ltd
2006 to 2007 Desktop Support Mazars LLP, London
2005 to 2006 Support Analyst Poupart Ltd, Herts
2002 to 2005 IT Administrator Business Link, Herts
Education & Qualifications
University of Hertfordshire BSc (Hons) in Computer Science (2:1)
ISACA Certified Information Security Auditor (Studying)
ISACA Certified Information Security Manager (CISM)
IT Governance ISO27001 Certified ISMS Foundation
Association for Project Management (APM) Project Management Qualification (PMQ)
Microsoft MCSA Microsoft Certified Systems Administrator
Chartered Management Institute (CIM) Affiliate Member
Additional Information
Languages: English and Italian
Excellent references available upon request