Cyber Security Information

Christopher Durso

Information Security Director CISO

Cyber & Information Security, NIST, ISO 270001, Cyber Security & Transformation Expertise

+44 (0-790*-***-*** ***********@*******.***

www.linkedin.com/in/chris-durso-37025832

Professional Overview

Commercially-astute & with confidence to partner at up to C-level from a Cyber Security perspective, adding value across B2B, B2C, energy, oil & gas exploration, accounting, consulting & global corporate sectors.

CISM certified, with broad experience in industry best practice tools, including ISO 27001, GDPR & NIST.

Proactive as a ‘trusted partner’ to the business, bridging the gap between Cyber Security & business needs, converting strategy into change, boosting performance via IS teams, robust processes and project delivery.

Sees both the ‘big picture’ and details, encouraging a culture of continuous improvement, understanding the challenge of risk, data & Cyber Security issues, articulating complex concepts to a non-technical audience.

Over 15+ years of experience in the Information Technology sector, specialising in Cyber Security, with a strong proven track record of success in leading Information Security responses, protocols and frameworks.

Key Skills & Expertise

Information Security Leadership

Multi-Site Operations Management

Cyber Security & InfoSec Strategy

Technology Investment Roadmap

Hardware & Software Deployment

Security Operations Centre Delivery

Cyber Security Control Frameworks

Threat & Vulnerability Mgmt

Cyber Incident Response Planning

Risk Identification & Management

Data Loss Prevention Technology

Multi-Vendor Contract Negotiation

Continuous Security Improvements

IT Security Awareness & Mentoring

Compliance, ISO 27001, NIS2, NIST

Career Experience

Global Switch, London

Information Security Director 2022 to Present

Information Security and Cyber Security leadership, taking ownership for all elements of Information Security spanning 7 European and APAC locations. Risk assessment and management across all business units.

Acts as a ‘trusted advisor’ on Information Security, including reporting to the board on a regular basis.

Full remit for security strategy creation, along with the implementation for the company's internal security.

Key role in undertaking real-time IT security analysis and mitigation, reducing risk throughout the business.

Co-ordinates internal, operational, and customer security deliverables, including adopting best practices.

Ensures ongoing BAU and innovation security strategy alignment, meeting rapidly-evolving business needs.

Key contributions and successes:

Delivered SOC implementation, accompanied by security awareness and incident response

Took the lead in overseeing security planning and technology selection, working with vendors

Ensuring new technology accurately aligned with evolving IT security standards, ensuring success

Managing continual security improvement efforts to deliver optimal security across the business

Increased Cyber Security and Information Security awareness where previously there was none

Aligned to ISO 27001, NIS2 and ENS, adhering to legislation and mandated security processes

Transformed real-time and automated threat intelligence within the Information Security function

Capricorn Energy Plc, London

Head of Cyber Security 2020 to 2022

Full remit for all elements of Cyber Security, advising the business on Information Security best practice, aimed at addressing internal and external audit findings, threat intelligence, and vulnerability management.

Engages collaboratively with senior stakeholders, including providing Boardroom-level quarterly updates.

Budgetary management across Information Security and Cyber Security, including working with vendors.

Planned development lifecycle security activities, including costs, duration and project execution impacts.

End-to-end project leadership and delivery, including project planning, scope, budgeting, risk and issues.

Key contributions and successes:

Created and embedded security protocols. Including NIST CSF implementation & maintenance

Analysed the customer service request (project) to determine security goals, issues and threats

Effectively managed Cyber Security reviews, vulnerabilities, corrective actions, and remediation

Provided assistance with Cyber Security and Information Security in 3rd contracts, KPIs & SLAs

Implemented a data classification & discovery solution, working closely with the technical architect

Drove the Data Loss Prevention project with the IT Team to prevent insider threat & data leakage

Matured supplier / vendor security, aimed at decreasing risk and identifying supply chain issues

Mace Ltd

Head of ICT Security 2017 to 2019

Responsible for …

Engaged as Head of ICT Security, acting as the Lead Consultant to delivering both Cyber Essentials and ISO 27001 accreditation. Full remit for managing all elements of business and ICT information security.

Key role in strategising, setting goals, and addressing technology-related controls risks and issues, advising business units and senior-level stakeholders on information security and promoting best practice methods.

Provision of expert-level Cyber Security consulting, developing standards, designs, and patterns to ensure security design governance.

Full ownership of the IT Security Risk Register, along with planned actions, controls and deliverables.

Maintained effective and proportionate surveillance for suspicious activity, vulnerabilities and threats.

Key contributions and successes:

Regularly reviewed and assessed IT risk, ensuring integration with wider risk management

Resolved security problems with internal and external auditors, regulators and legal teams

Helped implement innovative solutions to boost the team's performance and Cyber Security

Led threat modelling to reduce compromise risk, security evaluations & boost Cyber Security

Took ownership for GDPR management for the IT department and its systems and services

Managed and led Cyber Essentials Plus and ISO27001 initiatives, engaging with stakeholders

Mace Ltd

ICT Infrastructure and Cyber Security Manager 2013 to 2017

ICT infrastructure and Cyber Security leadership, taking ownership for ISO 27001 audits and related technical policy development. Engaged as Project Lead to secure Cyber Essentials accreditation.

Leadership, management and motivation of 9 people, including ICT technical delivery teams and field engineers, proactively engaging in team mentoring and promoting Cyber Security best practice methods.

Managed the relationship with numerous stakeholders and partners, including the ICT Security Partner, Data Centre, and Skype for Business\Communication Partner.

Key contributions and successes:

Worked collaboratively with the ICT Service Desk Manager on any issues / escalations

Engaged on wider project strategy and the delivery on various ICT and business initiatives

Created monthly KPI reports showing a dashboard of stats requested by the Group ICT Director

Early Career

2007 to 2012 ICT Technical Delivery Manager Mace Ltd

2006 to 2007 Desktop Support Mazars LLP, London

2005 to 2006 Support Analyst Poupart Ltd, Herts

2002 to 2005 IT Administrator Business Link, Herts

Education & Qualifications

University of Hertfordshire BSc (Hons) in Computer Science (2:1)

ISACA Certified Information Security Auditor (Studying)

ISACA Certified Information Security Manager (CISM)

IT Governance ISO27001 Certified ISMS Foundation

Association for Project Management (APM) Project Management Qualification (PMQ)

Microsoft MCSA Microsoft Certified Systems Administrator

Chartered Management Institute (CIM) Affiliate Member

Additional Information

Languages: English and Italian

Excellent references available upon request

Contact this candidate