Director / Principal Consultant
Greater London, UK Β· Hybrid
- Founder of a specialist consultancy providing security architecture, technology risk management, and AI transformation services to clients in Fintech, Banking, and Insurance. All subsequent contract roles from March 2015 onward were delivered through E&F.
- Developing a fully automated, LLM-enhanced technology risk and regulatory compliance capability β built using AI-assisted development workflows (Claude Code) to accelerate policy mapping, control automation, and continuous monitoring tooling (Jan 2026 β present).
- Architected RAG-model solutions using Large Context Window LLMs to automate policy uplift and regulatory compliance mapping, achieving up to 85% automation rates.
- Delivered Compliance-as-Code frameworks integrating regulatory checks into CI/CD pipelines for major financial institutions.
Technology Risk & Regulatory Compliance SME
City of Westminster, London, UK Β· Hybrid
- AI-Driven DORA Compliance: Spearheaded the DORA implementation programme by architecting a RAG-model solution (using Large Context Window LLMs) to automate policy uplift, ensuring accurate coverage of IT Asset, Change, Access Management, and Vulnerability Management standards. Automated 85% of compliance mapping
- Compliance as Code: Designed a full set of automated controls, working with DevOps teams to integrate regulatory compliance checks early in the CI/CD pipeline for all major projects.
- Regulatory Remediation (PAM): Remediated critical, long-standing Privileged Access Management (PAM) non-compliance, bridging Technical/CISO teams and Regulatory Auditors to close a multi-year audit finding. The external auditor validated the remediation and the regulator subsequently lifted all new client onboarding restrictions. β
Restrictions lifted
- Resilience Strategy: Partnered with the CIO to map key business services and dependencies, delivering a prioritized Business Continuity Planning (BCP) and Technology Resilience strategy. BCP & Resilience plan delivered
Technology Risk Consultant
City of London, UK
- Led validation of a major risk remediation programme, ensuring all critical findings were properly addressed and control gaps closed.
- Conducted a comprehensive technology risk and controls framework review, identifying areas for improvement in the control environment.
- Assessed policy compliance against regulatory requirements and internal standards, providing actionable remediation recommendations.
Subject Matter Expert β Technology Risk & Architecture
Greater London, UK Β· Remote
- Cloud Security Architecture: Conducted end-to-end security architecture and control assessments for a large insurance firm's migration to Microsoft Azure (2,500+ VMs), identifying and remediating compliance gaps.
- Challenger Bank Resilience: Defined data management strategies and cyber resilience scenario testing for a challenger bank, ensuring protection against insider threats and compliance with GDPR.
- Algorithmic Trading Audit: Performed a comprehensive cybersecurity review of a Fintech trading firm to ensure IP protection and MIFID II compliance.
Technology Risk & Security Architecture SME
Greater London, UK / Zurich, Switzerland Β· Hybrid
- Cost Reduction: Coordinated external audit efforts throughout Group Technology, implementing a standardized audit response framework that reduced overall audit costs to UBS by ~40%. ~40% cost reduction
- Cloud Migration Risk: Performed risk assessments for file transfer technologies migrating to cloud (Azure, AWS), identifying 23 compliance gaps and defining remediation roadmaps.
- Regulatory Change Management: Managed requirements for MAS TRM and HKMA TPRM, defining remediation roadmaps for non-production environments and insider threat monitoring.
- Control Implementation: Validated the sustainability of data protection controls for internal auditors and closed critical risk issues related to data corruption detection.
Interim Head of IT Audit β CIO Global
Greater London, UK Β· Hybrid
- Led the global audit function for the CIO domain, covering infrastructure, architecture, strategy, and resilience across all business units.
- Defined the IT Audit universe and developed a risk-based multi-year audit plan, ensuring comprehensive coverage of critical technology risks.
- Coached and developed the audit team to improve delivery quality and strengthen stakeholder relationships across the organization.
Infrastructure & Security Architect
Greater London, UK Β· Hybrid
- Designed and implemented a technology infrastructure compliance framework integrated into the SDLC, ensuring security controls were embedded from design through deployment.
- Enforced compliance across ~800 on-premise and MS Azure assets across US, UK, Switzerland, and Singapore, covering Access Control, Cryptography, and Vulnerability Management.
Core IT Audit Director β Technology Risk SME
Greater London, UK Β· On-site
- Executed high-profile audits within Cyber Security Governance, Data Governance (BCBS 239), and Middleware, delivering actionable findings to senior management.
- Assessed the "Cyber Security by Design" framework, reviewing secure development controls for infrastructure and applications to ensure alignment with regulatory expectations.
Infrastructure Security Architecture & Audit SME (via E&F Consulting)
Greater London, UK Β· On-site
- Delivered end-to-end audits of security architecture design across the Group's infrastructure, including Linux, Windows, IBM Mainframe, and HPE Non-Stop platforms.
- Identified critical gaps in privileged access, event logging, and patch management, driving significant improvements in the Group's overall security posture.
Technology Risk Advisory
London, UK
- Delivered technology risk advisory services to financial services clients, focusing on IT controls assessment and regulatory compliance.
Senior IT Audit Manager
Belgium Β· On-site
- Managed complex IT audit engagements across the Euroclear Group, covering critical financial market infrastructure and settlement systems.
- Developed audit methodologies and mentored junior team members, building a high-performing audit function.
Head of IT Risk & Controls
Brussels Region, Belgium
- Established and led the IT risk and controls function, designing control frameworks aligned with regulatory requirements for banking operations.
IT Controls Director
Istanbul, Turkey
- Directed IT controls operations, ensuring compliance with banking regulations and internal control standards.
Senior IT Auditor
Istanbul, Turkey
- Conducted IT audits across banking systems and infrastructure, identifying control weaknesses and providing practical remediation recommendations.