About Us

August 2015 - Present

Helping enterprises make risk decisions that are appropriate and relevant for them by: 

• Finding ways for them to balance compliance requirements and obligations with their own security and risk appetite 
• Understanding the implications for their business of emerging regulatory requirements for security and authentication 
• Assessing the risks and any liabilities they have from the vendors and service providers they use to deliver their business to their customers

September 2014 - July 2015

Definition, identification and classification of critical company information assets, assess threats and vulnerabilities against these assets and implement security controls for the EMEA region. Delivery of all Information Security and PCI projects across EMEA in support of the global security programme.

Management of the EMEA component of the global security budget, create business cases and own, manage and motivate project resources as required to implement the information security and compliance program. Client engagement to provide assurance of CWT’s security posture in both proposals to new clients and when they were conducting their diligence and security reviews on CWT. Educating CWT business and IT stakeholders, and contributing to the making of sound informed decisions that would contribute to both enabling CWT business and protecting it from all threats.

June 2010 - August 2014

Development and maintenance of a strategy to reduce the risks present wherever cards are accepted for payment in Europe; to manage the collective response with Visa Europe members to data compromises which expose cardholder data; and finally to provide assurances of the security of the primitives at the foundation of card payment security: cards, PINS and authentication services.

A thought leader for Payment Security, with knowledge of the underlying issues and challenges present, in order to promote and solve challenges through balanced risk strategies for the differing needs of very different national card markets and industry verticals. Leading Visa Europe in engagement with external entities in addressing payment system risk and security issues. The alternate Visa member to the PCI SSC Executive Committee and contributed to providing focus and direction to the PCI SSC’s standards development processes.

Leading the diverse engagement with the EU Commission and other EU regulatory bodies on security and risk issues by leading and developing the Visa Europe risk response to legislative consultations, and contributing to lobbying activities in support of legal colleagues.

November 2001 - April 2010

The focus for information security issues, and in doing so directly support - the UK Payment Clearing Companies that operated under the aegis of APACS. Information Security consultancy support to UK clearing companies and members of APACS and subsequently the Payments Council. This provided the essential support to define the security architectures of UK payment systems.

Information security incident coordination on behalf of the UK payments industry focussed on the direct attacks against e-banking customers. Information Security engagement with government and law enforcement, and external bodies, addressing CNI, contingency planning and resilience matters. Preparation of technically based Threats and Vulnerability assessments in respect of all UK payment systems that were accessible and open to senior business figures to drive understanding.

From Jun 2009 the company was rebranded from APACS to UK Payments Administration. The activities and tasks remained the same, but the way that they applied to the member groups each with their own brand and public image was a new and a refreshingly interesting challenge