About:  “ The only source of knowledge is experience“. Albert Einstein

Cyber risk management is a journey

The development of cyber risk programmes and the management of cyber security is a continual journey.  Which adapts to changes in the circumstances of an organisation as it grows, deploys new technologies, acquires new businesses and develops new products and services.  Cyber risk management is a complex and continual process of evolution and change, moving as fast or as slow as the threats to the business model.  We don’t advise that you take this journey on alone unless you have the skills and experience to develop cyber risk strategy, management and operations along side those of the business.  Cyber risk is an enterprise wide risk and one where both the upside and downside cost are high and the cost of failure can be significant.

Andy Watkin-Child

Founding Partner

Andy is a founding member of the CMMC AB standards working group and has worked with the CMMC AB since the formation of the standards working group in February 2020.  Developing the CMMC assessment methodology and practices.  He works with his international network of cyber security and risk professionals on Supply Chain Risk management (SCRM), cyber security, cyber risk and CMMC programmes.  Working with companies and supporting them through their cyber security and supply chain risk management journey.  Delivering cyber security programmes for NIST and ISO 27001.  He works with the CMMC Accreditation Body (CMMC-AB) Standards Working Group, developing the CMMC assessment methodology, and is a member of the Advisory Board of the CMMC Center of Excellence (CMMC-CoE).  A US organisation which supports the Global Defence Industry Base (DIB) assess and deploy CMMC.  Through his Advisory companies Parava Security Solutions (www.parava.org) and CMMC Europe (www.cmmc-eu.com) he supports organisations assess and deploy NIST SP 800 – 171 and compliance programmes.

He has broad and deep business and technical experience in cyber security.  He has led global both 1st and 2nd Lines of Defence (LOD) in cyber security, cyber risk management, operational risk and IT in regulated businesses.  As Group Vice President for Cyber and Technology risk for Santander, Europes’ Largest Bank.  EMEA CISO and Deputy General Manager Operations Risk for Mizuho Corporate Bank, Group and EMEA regional head of information security for Penguin Random House and regional head of IT for Rolls-Royce Energy Operations.  He is an expert advisor and witness, who has advised Executive Government agencies on data protection risk and cyber security.  He is an experienced member of management and executive committees including regional Man Com, Group Risk Leadership, Operational Risk, Cyber Security and GDPR.

Andy is a Chartered Security Professional (CSyP) and CSyP assessor, recognised by the UKs Centre for the Protection of National Infrastructure (CPNI) and holds a place on the UK Register of Chartered Security Professionals.  He is a Chartered Engineer (CEng) and a member of the Institute of Mechanical Engineers (MIMechE).  A member of the Board of the Security Institute (MSyI), a freeman of the Worshipful Company of Security Professionals (WCoSP) and a Practicing Associate of the Academy of Experts (AMAE). https://www.linkedin.com/in/andywatkinchild/

David Hensley

Consulting Partner

David has advised boards around the world on building and securing value through improving organisational performance. David worked as a Senior Partner at Towers Perrin and Oliver Wyman/Lippincott, and before that as a Senior Manager with McKinsey in their London and Brussels offices. David was also Executive Director of Citymax, Credit Suisse’s IT subsidiary which provided proprietary software, facilities management and systems integration to the financial services industry from its operations in London, New York and Cairo. https://www.linkedin.com/in/dhensley/

Robert Marcus

Legal Partner

Robert Marcus Jurit SolicitorsRobert advises clients on all aspects of commercial law, business and risk management. He is also a technologist and a passionate advocate for the circular economy and renewable energy. His practice focuses primarily on technology and innovation as being both an adviser and as a specialist technology mediator.  Robert trained at Macfarlanes, was a litigator at Clyde & Co before becoming a senior counsel at IBM.  Where he had over 20 years’ experience working with senior teams supporting large complex technology projects, and then went on to be a Founding Partner of Jurit LLP. https://www.linkedin.com/in/robert-marcus-b1702113/

David Dumeresque

Executive Eesourcing Partner

David Dumeresque has over 30 years’ experience of recruiting senior executives and board directors (both executive and non-executive) for a wide variety of organisations, both public and privately owned. He has a particular specialisation in the Information and Communications sector and the recruitment of Non-Executive Directors, especially in the Investment Trust sector. A qualified solicitor, David practised in London and Paris with Slaughter and May before spending some ten years in investment banking.  He is a member of the Harvard Business Review Advisory Council. https://www.linkedin.com/in/david-dumeresque-b821b8/

Chartered Security Professional (CSyP)The Institute of Mechanical Engineers (IMECHE). The UKs largest professional body representing Mechanical Engineers and Chartered Engineers.Security Institute (MSyI)Worshipful Company of Security ProfessionalsAcademy of Experts