Career overview

The focus of my work has evolved over the years, but the thread has been the combination of risk disciplines, and governance, assurance, and control, applied to information technology.

After training with PwC in the UK, I have lived and worked overseas including in Asia, and served in both in-house roles and for clients on advisory and transformation projects, spanning a range of risk, resiliency & cyber security.

My journey in risk began with an undergraduate degree in Mathematics, Statistics and Accounting, before starting my career with PwC, training as a financial auditor. I then went on to specialise in risk management and controls, and working with organisations to help them become more resilient.

I moved with PwC to Melbourne Australia, serving local and multinational organisations across the financial services, telecommunications and retail sectors. Later I was seconded back to the UK to develop the IT internal audit capability for the London mid-tier market.

After PwC I moved in-house, working with JPMorgan first in London and then in Hong Kong, where I transferred to lead a regulatory remediation project for the Asia banking technology team. I later joined Standard Chartered to lead IT Audit for the North East Asia region, which led me later to join Deloitte China to develop the technology risk and regulatory capability for the financial services team, and to lead business development and service delivery across a number of client accounts.

I’m now in back in Europe and acting as an information security consultant for a European Financial services organisation.


Currently

Currently acting as an Information security consultant with a European financial services provider.

AIA Australia

2023-2024 - Principal Information Security Advisory & acting Head of Cyber

Interim role as Principal Information Security Advisor to the General Manager and acting Head of Information Security & Operations (Cybersecurity).

AIA Group is Asia’s largest publicly listed life insurance group. Spun out from AIG in 2010, the Group operates across 18 markets in the Asia Pacific region. AIA Australia is the country’s second largest life insurer.

Deloitte

2017-2022 - Risk Advisory Partner - Hong Kong

Deloitte risk advisory connects trust, resilience and security for responsible business and enduring client success. As a Partner in Deloitte’s financial services team, supported clients on a range on risk issues impacting their business, including regulatory and control; technology risk & cyber security.

Running a risk advisory service portfolio also including third party risk management (TPRM), digital risk transformation, internal audit, digital & analytics.

Team building; coaching, developing, and supporting the career growth of a team of risk professionals.

Account executive, working with clients in financial services, primarily within the insurance and banking sectors.



Standard Chartered

2014-2017 - Group Audit Manager - Hong Kong

Lead for the Hong Kong technology and operations audit team, with coverage across North East Asia region including China & Japan. Focus on technology risk & resilience, and cyber security audit coverage, including regulatory across the region including Hong Kong, Japan and India (HKMA, JFSA, RBA).

J.P. Morgan

2013-2014 - Information Risk Manager - Hong Kong

Relocated to Hong Kong to join the J.P. Morgan Asia Banking technology team, and to lead the regulatory remediation efforts around Singapore MAS TRM regulations, and technology risk and cybersecurity regulation across the Asia footprint with application and development teams and third-party risk.

Appointed Banking lead responsible for all of Banking technology risk in Asia Pacific, including China, Singapore, and Japan. Areas of responsibility included application security assessment, vulnerability management, incident management & root cause analysis, regulatory reporting.

Ran the periodic Risk and Control Self Assessment (RCSA) exercise for the Asia Banking business, including workshops held with technology executives to set risk appetite.

2011-2013 - Group Audit Manager - London

After a graduate role with PwC, moved into the banking industry for a role in J.P. Morgan’s internal audit team, covering technology and application audit for the worldwide securities services business (aka transaction banking).

Role was primarily UK / EMEA focused including London, Bournemouth and Luxembourg, with some global technology audit coverage covering New York, Hong Kong, Dallas. Areas of focus included risk assessment, application security assessment, third party risk assessment, incident resolution & vulnerability management.