I have worked in the field of information management for around 9 years now in various sectors. My experience and opportunities also now mean that I am able to give something back to the profession and can often be found volunteering for the Information & Records Management Society, publishing free content for fellow practitioners and arranging networking opportunities within the profession. Away from my professional life I am a relaxed and sociable person either spending my spare time with my family or reading on various topics including European history & Human Behaviour.
- Information Governance Strategy Lead (GDPR Implementation)– Essex County Council (ECC) (www.essex.gov.uk)
I returned to Essex County Council to assist in their development of their IG Strategy, IG traded service and lead their implementation of the General Data Protection Regulation (GDPR). The GDPR implementation project involves project managing the 10 operational work streams, managing key stakeholders within ECC and ensuring the project progresses accordingly. Alongside this main task, I also lead to the review and enhancement of the Greater Essex Information Strategy with our partners in Essex, including support the development of WEISF (an information sharing framework). Another task includes assisting the IGS service to become an externally traded service by sales, promotion n and delivery of services to private and public-sector clients.
- Information Risk & Security Officer (IRSO) – The Medical Defense Union (MDU) (www.themdu.com)
As the Information Risk & Security Officer for the Medical Defense Union, I have responsibility for Information Risk & Security governance, reporting & management. This includes general Information (Cyber) security but also responsibility for PCI DSS compliance as well as Data Protection & Privacy. Duties include responding and progressing incidents; advising the business on all Information Risk matters; development of online training as well as delivery of face to face sessions on Information Risk & wider Risk Management knowledge; chairing Information Security Working Group sessions; development and implementation of an effective Information Governance framework factoring in the above plus additional areas within Knowledge & Information Management; reporting to and advising the Executive, Board and Risk Committee on all of the above; subject matter expert within project teams and where appropriate project boards.
- Senior Data Privacy Consultant – Ernst & Young (EY) (www.ey.uk.com)
As a Senior Consultant in EY’s Cyber Security advisory service I supported EY’s clients on a range of engagements covering the Information Security and Privacy spectrum. More recently I have been supporting a large Programme of PCI DSS compliance remediation for a multinational retail client. This included business analysis of credit card data processes, physical audits of locations and IT infrastructure, project management and general support to the client on all PCI DSS related matters.
- European Data Protection Coordinator & UK Data Protection Officer – Ford Credit Europe (FCE) (www.fcebank.com)
As European Data Protection Co-coordinator my role is to be the Data Protection officer for the UK and European Data Protection Subject Matter Expert for the wider regional and global business. This includes working with local departments on ensuring compliance with the DPA 1998 as well as working with project teams and the business on FCE’s compliance with other locations DP requirements. I am also the line manager for 2 members of staff supporting the Privacy office within FCE. The role meant that I was a stakeholder in a Global Privacy Centre of Excellence working on a range of projects from Privacy Impact Assessments, legislation tracking and analysis, mobile working and technology and cybersecurity initiatives. Other duties include acting as general information and records management SME, attending and chairing operational governance groups including a DP Working Group and the Global PIA Governance Board and overseeing the bank’s privacy risk framework.
- Information Risk Advisor – Essex County Council (ECC) (www.essex.gov.uk)
As an Information Risk Advisor my duties include measuring & promoting compliance, providing advice and offering training to internal and external clients on Data Protection, Freedom of Information & Environmental Information Regulations including applying exemptions, responding to requests, conducting reviews and providing training, ISO27001, Human Rights and the Computer Misuse Act all including training, auditing and working on projects to ensure compliance. This included completion of Privacy Impact Assessments on various systems and projects throughout the council, provision of advice and audits of 3rd party data sharing, internal and external staff training on the above and investigating security incidents and breaches of Information Law for the Council including liaising with the Information Commissioners Office & all levels of management within the Council.
Other previous roles:
- Business Services Officer – SocialNet LTD
April 2008 to March 2009
- IT Support Team Mentor – CAPITA Education Services January 2007 to April 2008
- Customer Service Supervisor – 118 Central Services
May 2006 to January 2007