Philip is a Managing Director in Protiviti’s London Technology Consulting practice, leading solutions around Technology Strategy and Operations, Technology Risk, Third Party Risk and Privacy. He has over 20 years experience in consulting and previous worked for Andersen and Deloitte prior to joining Protiviti. He worked extensively across the technology, cyber, risk and privacy domains, working across industries.
Security transformation – Philip is leading the cyber workstream for a major integration project between two global financial institutions. We have deployed an experienced team of cyber security professionals covering cyber risk, security architecture and programme management. We are helping the client to define their ISMS, drive cyber strategy, understand and define day one cyber processes, identify day one risks post integration and complete cyber awareness and cyber incident war gaming activities.
Third party risk – development of an end to end target operating model for third party risk for a global financial exchange. This has included design of the organisation and roles and responsibilities, definition of processes as well as configuration of third party risk technologies. We have then gone on to temporarily run these processes as a managed service before handing back to the customer for transition and embedding into the BAU operation.
GDPR Programme Assurance – leading a subject matter led programme assurance review, providing assurance into the Board over the completeness and progress of the GDPR programme.
Vendor Risk Management Assessment for an international Private Bank. Supporting our client to complete vendor risk assessments against IT and information capabilities in support of their GDPR programme. As well as executing reviews for 40 of their highest risk suppliers, we reviewed their internal processes and provided recommendations for enhancement based on our client experiences and benchmark data from other financial service clients.
Third party risk resilience – supported a challenger bank to assess their third party risk activities against the PRA Consultation Paper to provide a gap assessment to support their operational resilience. This also included providing feedback against exit plans for one of their material outsource providers.
Third party technology assessment – supported a client build out their third party process requirements and supported them with vendor selection for a third party risk platform. This included leveraging our market knowledge to short list the vendors and then support them through the vendor selection process.
IT infrastructure programme manager – working at a global bank to programme manage a variety of IT infrastructure remediation programmes, covering IT asset management as well as security remediation across an IT infrastructure in excess of 200k devices across Windows, Unix, Mainframe, Networks, Storage and Databases.
Programme Controls Assurance Lead – delivery of a global security controls assurance workstream as part of an IT remediation portfolio at a global banking client. The project involved deployed a multi skilled assurance team across multiple projects covering information security, privileged access management, unsupported infrastructure and logical access management. The project objectives were to provide a combination of 2nd line controls assurance and supporting the 1st line teams to interpret and implement control requirements and deliver complete solutions to demonstrate adequate risk reduction.
Head of IT Internal Audit – seconded as the Head of IT Internal Audit for Schroders, based in London. He was responsible for creation and delivery of the global IT audit plan. This included liaising with senior stakeholders to develop an audit plan to meet their requirements, including assessment of a significant outsourced provider of IT services.
IT Governance Review at a global insurance company. End to end review considering IT governance across IT service delivery,change, innovation, risk management and business alignment. This included interview with critical business stakeholders across COO, CIO, key IT leads as well as Heads of Actuarial and Client Management.
Cyber risk assessment for a global insurance broker. Leveraging NIST CSF to complete an end to end assessment of the information security controls in place across technology, providing technical remediation recommendations with IT management, as well as board level reporting for the Audit Committee to help them gain maturity over the current state of information security maturity.
Areas of Expertise
- GDPR and data privacy programmes
- IT & information risk management & governance
- Programme management/governance
- Information security and technology transformation
- Risk and assurance
- Financial Services, Consumer Products, Hotels & Leisure
- BSc Management Sciences – University of Southampton
Professional Memberships & Certifications
- Association of Chartered Certified Accountants (ACCA)
- Certified Information Systems Auditor (CISA)
- PRINCE2 (Foundation and practitioner)