CYBER SECURITY ASSURANCE AND GOVERNANCE

I am a tech exec with FTSE250 CIO experience, and previous PE and entrepreneurial success. I help Executive Teams and Boards normalise technology into their thinking. When we think about technology we need to think about cyber security and resilience, so cyber is an important part of what I do.

I reducing the likelihood and impact of a cyber incident by ensuring that:

  • business leaders understand and prioritise the risks; so the plan is risk-driven,

  • a holistic plan is in place to address those risks - business, technology and human,

  • the senior governance of the risks and plans is in place.

Too many organisations are working on technical-only mitigations that don’t address the big risks. Delivery is abdicated to IT teams because it feels like an IT problem and leadership don’t feel able to engage. Assurance, if it is in place, focuses on technical compliance, not the business and people matters.


Here are two documents that might help:


Can I run that session for your organisation? Contact me at hello@trigenit.com or call us on 01962 383596.

~ ~ ~

I engage with organisations to as a Fractional CIO or on a advisory project basis to support leadership and technology teams; on cyber, setting up tech-enabled change for success, and building new digital products.

I use the UK Department of Science, Innovation and Technology’s Cyber Security Governance Code of Practice as the governance baseline. (I was a direct contributor too this.)

I pair this with the National Cyber Security Centre’s Cyber Essentials as the technical controls baseline OR I work with whichever controls framework the client organisation has in place. (I work with NCSC on cyber security communication to Boards and Exec teams.)