Informed Risk Decision’s goal is simply to help enterprises make reasoned informed decisions about how they protect and secure their critical information assets and meet society and regulatory expectations. The services identified in the catalogue are designed to provide the focus for delivering on this goal. They are appropriate and relevant for all enterprises from small to large, across all business functions and for all lines of businesses across all industry verticals. For more information, talk to the team today.
I have directly contributed to leading the evolution and thinking of how we define data and payment security, and the threats they have to address. These strategic insights helped me develop and promote reasoned and pragmatic risk management strategies to protect business; where necessary striking the risk balance between compliance and security.
I am a highly experienced and motivated senior leader, specialising in Cyber Security and Risk, with practical leadership, strategic planning and complex problem-solving skills. My goal is to help enterprises exploit modern IT to build business benefit, but at the same time ensuring that they can build pragmatic cost-effective defences against the risks and challenge presented from cyber threats.
The bottom line for all enterprises is that they want to conduct business safely and protect their own business data and systems, and the personal information of their customers and employees. However, no enterprise has an unlimited budget to build their defences against these threats. It is important, therefore, for enterprises to assess, implement, and manage a cyber risk profile that is proportionate to the threat directed at them and the harm that might befall them from any attack.
My experience allows me to help enterprises make reasoned informed decisions about the appropriate risk and defence profile. I have provided this guidance within enterprises as a member of the senior leadership team, as an external consultant supporting senior business leaders, and as a regulatory authority within the card payments industry.
I have demonstrated my excellent leadership and interpersonal skills when leading in high-pressure operational and strategic environments. I have engaged with, and reported to, the C-Suite level in both Government and Business. I have worked nationally and internationally. I am a gifted public speaker with excellent presentational skills.
August 2015 - Present
Helping enterprises make risk decisions that are appropriate and relevant for them by:
September 2014 - July 2015
Definition, identification and classification of critical company information assets, assess threats and vulnerabilities against these assets and implement security controls for the EMEA region. Delivery of all Information Security and PCI projects across EMEA in support of the global security programme.
Management of the EMEA component of the global security budget, create business cases and own, manage and motivate project resources as required to implement the information security and compliance program. Client engagement to provide assurance of CWT’s security posture in both proposals to new clients and when they were conducting their diligence and security reviews on CWT. Educating CWT business and IT stakeholders, and contributing to the making of sound informed decisions that would contribute to both enabling CWT business and protecting it from all threats.
June 2010 - August 2014
Development and maintenance of a strategy to reduce the risks present wherever cards are accepted for payment in Europe; to manage the collective response with Visa Europe members to data compromises which expose cardholder data; and finally to provide assurances of the security of the primitives at the foundation of card payment security: cards, PINS and authentication services.
A thought leader for Payment Security, with knowledge of the underlying issues and challenges present, in order to promote and solve challenges through balanced risk strategies for the differing needs of very different national card markets and industry verticals. Leading Visa Europe in engagement with external entities in addressing payment system risk and security issues. The alternate Visa member to the PCI SSC Executive Committee and contributed to providing focus and direction to the PCI SSC’s standards development processes.
Leading the diverse engagement with the EU Commission and other EU regulatory bodies on security and risk issues by leading and developing the Visa Europe risk response to legislative consultations, and contributing to lobbying activities in support of legal colleagues.
November 2001 - April 2010
The focus for information security issues, and in doing so directly support - the UK Payment Clearing Companies that operated under the aegis of APACS. Information Security consultancy support to UK clearing companies and members of APACS and subsequently the Payments Council. This provided the essential support to define the security architectures of UK payment systems.
Information security incident coordination on behalf of the UK payments industry focussed on the direct attacks against e-banking customers. Information Security engagement with government and law enforcement, and external bodies, addressing CNI, contingency planning and resilience matters. Preparation of technically based Threats and Vulnerability assessments in respect of all UK payment systems that were accessible and open to senior business figures to drive understanding.
From Jun 2009 the company was rebranded from APACS to UK Payments Administration. The activities and tasks remained the same, but the way that they applied to the member groups each with their own brand and public image was a new and a refreshingly interesting challenge
The Royal Military College of Science
MSc, Design of Information Systems, 1989 - 1990
The Royal Military College of Science
BSc Hons, Telecommunications Systems Engineering, 1977 - 1980
Meteor Scatter Communications,
Royal Signals Journal 1988
Authors: Colin Whittaker
Application of Domain Based Security
Proceedings of the 20th National Information Systems Security Conference Baltimore 1997
Authors: Colin Whittaker, Dr Simon Wiseman
The UK’s Financial Sector place in the Critical National Infrastructure
Elsevier Computer Security Special Report 2002
Authors: Colin Whittaker