About

Security executive with 12+ years in information security and 8+ years leading governance, risk, and compliance programmes across financial services, healthcare, utilities, and critical infrastructure. Recognised conference speaker on GRC strategy, payment security, and practical compliance programme implementation.

Brings a rare combination of technical depth and executive communication: hands-on offensive security experience alongside a track record of delivering board-level risk narratives, building GRC advisory practices, and guiding organisations through complex regulatory environments. Trusted by clients to turn threat-landscape developments into programmes that protect operations and enable informed decisions at the highest levels.

Current Role

Director of Governance, Risk & Compliance

Structured Communication Systems, Inc.

New York City

March 2026 – Present
  • Leads the firm's GRC consulting practice, directing assessors and penetration testers across financial services, healthcare, utilities, and critical infrastructure clients.
  • Acts as virtual CISO and risk advisor to multiple clients, guiding information security governance, regulatory alignment, and board-level risk reporting.
  • Translates complex regulatory developments (DORA, HIPAA, NERC CIP, CMMC) into practical programme enhancements and executive-ready risk narratives.
  • Leads the firm's SOC 2 (SSAE 18) attestation programme, overseeing control design, evidence preparation, and external auditor engagement.
  • Owns presales and service development for the GRC portfolio, expanding into AI security assurance, third party risk management, and OT/ICS security.

Key Capabilities

Cybersecurity & GRC Consulting Information Security Controls Assurance ICT Risk Framework Development Regulatory Compliance & Maturity Assessments Remediation Programme Design & Roadmapping Penetration Testing & Control Validation vCISO & Trusted Advisory Board & Executive Reporting Third Party & Vendor Risk Management Team Leadership & Development Public Speaking & Thought Leadership

Certifications

CISSP Certified Information Systems Security Professional
CISA Certified Information Systems Auditor
CRISC Certified in Risk and Information Systems Control
PCI QSA Qualified Security Assessor
PCIP Payment Card Industry Professional
OSCP Offensive Security Certified Professional
CMMC RP Cybersecurity Maturity Model Certification Registered Practitioner

Frameworks & Standards

NIST CSF v2 · NIST RMF (SP 800-37) · NIST AI RMF 1.0 · NIST SP 800-53 · NIST SP 800-171 · NIST SP 800-30

PCI DSS 4.0.1 (QSA) · HIPAA · DORA · NERC CIP · CMMC

ISO/IEC 27001 & 27002 · CIS Controls v8 · SOC 2 (SSAE 18)

GDPR (advisory) · MITRE ATT&CK · Enterprise Risk Management

Speaker Bio & CV

Speaking & Advisory

Available for keynote speaking, executive advisory engagements, and board-level security consultation. Connect via LinkedIn.