Highly qualified, experienced and passionate senior Information Security specialist with project, line management experience and excellent influencing skills. Exceptional track record in delivering major hardware, software and policy & standards changes to tens of thousands of users, in a professional pragmatic way, ensuring optimal resource usage, within budget, and delivering business advantage. With the ability to cut through the fog to identify the root cause of issues whilst still taking cognisance of the bigger picture.

Lead Security Architect @ Lead Security Architect/Consultant for Separation Programme. From January 2015 to Present (1 year) Edinburgh, United KingdomManaging Director @ Helping companies set their information security direction. From September 2009 to Present (6 years 4 months) Edinburgh, United KingdomCISO/HO IT Security, Risk & Continuity @ As the Interim CISO/Head of IT Security, IT Risk & Continuity (IT SR&C) at The Co-operative Group (tCG), my role included producing the TOM, the high level Bank separation plan, the PID for the 3 year Bank separation costs and a gap analysis of the services provided by CBG that will still be required in tCG. I also established and maintained the IT SR&C engagement model to ensure a clear point of contact for the services provided with escalation paths including direct engagement with the Group CIO, C Level Leaders and the Executive. After initiating Cyber Security daily checks, various incidents were uncovered, which resulted in remedial actions being undertaken to improve the tCG control baseline. I secured funding for the 2014 & 2015 project portfolios and drove forward continuous improvement to reduce the Groups IT Risk exposure by ensuring that IT SR&C services followed industry best practice and ISO Standards. This included publishing the IT Security Baseline Standards across the federated tCG. I was responsible for producing the tCG IT Risk framework with documented roles & responsibilities, including information ownership, classification, accountability & protection and then tracked and quality assured the closure actions for all IT Risks, Internal & External Audits and “Red Flags”, whilst producing quarterly updates for Trading Group Risk Committee (TGRC) and Group Audit Risk Committee (GARC) and producing the Annual Committee of Sponsoring Organisation (COSO) report and provided input into the external 2014 financial audit. I was responsible for Continuity for all GT supplied services and colleagues and this department was split into Service Continuity (which I migrated to a more appropriate area) and IT Work Area Recovery (IT WAR). I then continued to manage IT WAR and improvements made included reducing off-site recovery time from 48 to 24 hours and reducing Call Cascade documentation from 22 pages to a foldable pocket sized 1 pager From January 2014 to January 2015 (1 year 1 month) Manchester, United KingdomGroup IT Security Solution Engineering Manager @ Setup a new department to create detailed Security Engineering designs for all Group Security Projects. Responsible for ensuring that all detailed designs adhere to overall Enterprise Security Architecture and Group Policies & Standards. Responsible for embedding the new supporting documentation, processes and stakeholder management. From May 2013 to January 2014 (9 months) Edinburgh, United KingdomHO IT Security Operations @ Currently managing three departments, Access Management, Cryptography and Firewalls with over 40 staff. Responsible for the management and 24x7 support of the underlying infrastructures, BAU work and project implementations. Representing the IT Security Function Lead as required, at senior management forums and contributing to the overall IT Security vision and strategy. From August 2012 to May 2013 (10 months) Principle Security Architect @ I was the Lead Security Architect on a major piece of work to integrate the Banking and Trading Groups businesses. I represented IT Security at the Design Authority as well as setting the IT Security strategic direction for the whole programme. The role included stakeholder management, managing escalations, providing security controls design advice, managing Penetration Tests, arranging Due Diligence reviews and recommending process improvements. The role also included backfilling the second in charge role to the Head Of Information Security Project Services and representing the department at security and governance forums as well as managing BAU requests and work allocation. From December 2011 to August 2012 (9 months) IT Security Consultant @ Provided IT Security consultancy to various projects including ETL & ESB infrastructures based on a UNIX platform. Part of this work included the creation and penetration testing of a new UNIX Gold build. Consulted on multiple IT Security projects using ISO27001 controls, as well as managing any non-compliance issues. Contributed to the production of new Baseline Controls by reviewing documentation against industry best practice. From August 2011 to December 2011 (5 months) Manchester, United KingdomInformation Security Consultant @ Short term contract to provided specialised security advice on SIEM and Compliance Configuration products as well as reviewing security control improvements for strategic projects. From June 2011 to July 2011 (2 months) Information Security Consultant @ Providing Information Security consultancy on data loss prevention. Specialising in backup tape movements and removable media controls. Setting strategic direction for project investment in 2011, policies & standards and governance processes. From October 2010 to June 2011 (9 months) Edinburgh, United KingdomGroup Information Security Architect @ Successfully managed and delivered on behalf of the sponsor elements of the 2008 Group IT Operational Security investment programme including Data Loss Mitigation and Access Control Improvements. Reporting progress of the initiatives into the overall program, raising issues and suggested improvements where required. Latterly, these projects were either successfully halted or merged into the LBG Security Investment Programme. Facilitated the Information Security integration activity for HBOS with LTSB by successfully arranging F2F meetings with all relevant Information Security areas within both heritage Groups. These meetings were held in a spirit of openness which ensured that the correct issues were discussed in a frank and professional manner. Working with key Divisional & IT stakeholders delivering the Business Requirements Definition for Access Control Improvements. Also worked closely with Group Security & Fraud (GSF) and Enterprise Architecture & Design (EAD) to ensure that all background information was made available to ensure a successful project shutdown and production of a Project Review Report. In consultation with IT delivered the functional requirements for Data Loss Mitigation and subsequently worked with the chosen vendors to get the best solution and purchase deal for HBoS. We did not actually purchase the market leading product as by adhering to the 80/20 rule and performing accomplished contract negotiations, we managed to procure McAfee Data Loss Prevention at a substantial discount. Lead, produced, scheduled and delivered presentation to key Divisional & IT stakeholders to raise awareness on emerging vulnerabilities, new technologies and industry advancements. These included The Jericho Forum, Network De-perimeterisation, Mobile Phones and Secure Application Development. Represented Sponsor on Steering Committees and Information Security Strategy and Architecture department at the HBoS Design Authority. From May 2006 to October 2010 (4 years 6 months) Edinburgh, United KingdomSenior Technical Infrastructure Developer @ Headed a physical and larger virtual team (Approx 25) to deliver Microsoft patching to >58,000 Clients and >4,000 Servers across the HBoS Group. Hired contractors to both complete this work and backfill permanent resources. Developed and improved the patching process which resulted in implementing a new product to complete patching, Shavlik. Managed, organised and performed the product procurement process as well as the contract negotiations to ensure the best possible outcome for HBoS From September 2004 to May 2006 (1 year 9 months) IT Manager @ Managed a core team of 12 and a virtual team of up to 30 who provided testing, packaging and a software distribution service via Tivoli and ZEN to over 200 servers and 6000 NT PCs. Exploited an opportunity to develop one of my ideas and developed this into the Managed Test Facility. This was to create a Development, Test and Pre-Production facility for Software and Hardware testing before sign-off and the subsequent roll-out into production. My design included a separate comms room to ensure that it was not on the production network and therefore could not impact Business processing. Produced and implemented standard test scripts and sign-off documentation to ensure consistency during testing life cycle. This documentation was then used to hand over the BAU support to Operation Support. Initiated, developed and created the Service Delivery Intranet along with an offsite DR solution as well as developing and implementing a central technical documentation repository and a CMDB to audit IT hardware and software licences. Managed the project to install eTrust Virus protection software onto more than 25 Domino NT Servers as well as Scanmail protection software onto more than 60 servers in the OS/390, AIX, NT & Win2000 E-Mail infrastructure, in such a way that Pattern File Downloads would be queried every 15mins. From December 1995 to August 2004 (8 years 9 months) Senior Network Analyst @ Evaluated all Operating Systems and Client/Server software to ensure compatibility with standards and provided training and 3rd level support for 30 analysts within Network Team and other departments. Implemented software installs, affecting approx 700 staff per roll-out as well as managing Departmental moves for approx 500 people per weekend ensuring they ran to plan, on time and within budget. Developed an alternative to IBM's Restricted Workplace Shell and produced a GUI front end which integrated OS/2 and DB2/2 with the Novell Netware 4x operating system. Developed and implemented the Unitrack Application installed on all sales staff laptops across the WAN. Developed CID installation system that automatically installed OS/2 workstations and logged the asset ID, the date and the license type etc which reduced installation costs and enabled easier license control. From April 1993 to December 1995 (2 years 9 months) Edinburgh, United KingdomSenior Customer Support Engineer @ Installed, maintained and repaired Novell servers, UNIX systems, Networks, PC's, printers and peripherals whilst working to BS5750 and ISO9000 standards. Only Scottish Technical Support Engineer for Dell Computers, which included touring the UK to assist other engineers as well as representing ICL/Sorbus whilst at the Dell Headquarters in Bracknell. From May 1990 to April 1993 (3 years) Glasgow, United KingdomEuropean Training Officer @ Developed and presented training courses for Hewlett Packard/Apollo engineers on all Apollo hardware (including networks) and software in Scotland and Switzerland; also provided 3rd level support for Europe. Debugged various PCBs including CPU boards to component level by running appropriate diagnostics & final tests both as standalone and across networks using UNIX operating systems. From November 1986 to May 1990 (3 years 7 months)

HNC Electrical & Electronic Engineering, Marine Electrical & Electronic Engineering @ Leith Nautical College From 1983 to 1986 Jim Brady is skilled in: M.Inst.ISP, CISSP, CISM, Information Security, Access Control, ISO 27001, Security, Stakeholder Management, DLP, Penetration Testing, Firewalls, Governance, Disaster Recovery, Integration, ITIL