About: “ The only source of knowledge is experience“. Albert Einstein
Cyber risk management is a journey
The development of cyber risk programmes and the management of cyber security is a continual journey. Which adapts to changes in the circumstances of an organisation as it grows, deploys new technologies, acquires new businesses and develops new products and services. Cyber risk management is a complex and continual process of evolution and change, moving as fast or as slow as the threats to the business model. We don’t advise that you take this journey on alone unless you have the skills and experience to develop cyber risk strategy, management and operations along side those of the business. Cyber risk is an enterprise wide risk and one where both the upside and downside cost are high and the cost of failure can be significant.
Andy is a founding member of the CMMC AB standards working group and has worked with the CMMC AB since the formation of the standards working group in February 2020. Developing the CMMC assessment methodology and practices. He works with his international network of cyber security and risk professionals on Supply Chain Risk management (SCRM), cyber security, cyber risk and CMMC programmes. Working with companies and supporting them through their cyber security and supply chain risk management journey. Delivering cyber security programmes for NIST and ISO 27001. He works with the CMMC Accreditation Body (CMMC-AB) Standards Working Group, developing the CMMC assessment methodology, and is a member of the Advisory Board of the CMMC Center of Excellence (CMMC-CoE). A US organisation which supports the Global Defence Industry Base (DIB) assess and deploy CMMC. Through his Advisory companies Parava Security Solutions (www.parava.org) and CMMC Europe (www.cmmc-eu.com) he supports organisations assess and deploy NIST SP 800 – 171 and compliance programmes.
He has broad and deep business and technical experience in cyber security. He has led global both 1st and 2nd Lines of Defence (LOD) in cyber security, cyber risk management, operational risk and IT in regulated businesses. As Group Vice President for Cyber and Technology risk for Santander, Europes’ Largest Bank. EMEA CISO and Deputy General Manager Operations Risk for Mizuho Corporate Bank, Group and EMEA regional head of information security for Penguin Random House and regional head of IT for Rolls-Royce Energy Operations. He is an expert advisor and witness, who has advised Executive Government agencies on data protection risk and cyber security. He is an experienced member of management and executive committees including regional Man Com, Group Risk Leadership, Operational Risk, Cyber Security and GDPR.
Andy is a Chartered Security Professional (CSyP) and CSyP assessor, recognised by the UKs Centre for the Protection of National Infrastructure (CPNI) and holds a place on the UK Register of Chartered Security Professionals. He is a Chartered Engineer (CEng) and a member of the Institute of Mechanical Engineers (MIMechE). A member of the Board of the Security Institute (MSyI), a freeman of the Worshipful Company of Security Professionals (WCoSP) and a Practicing Associate of the Academy of Experts (AMAE). https://www.linkedin.com/in/andywatkinchild/