Enterprise Security & Risk Management

28 November 2018

Victoria Park Plaza




Sarb Sembhi

Past President, ISACA London - CONFERENCE CHAIR

Sarb Sembhi has been the Chair of the ISACA GRA Committee and a member of the ISACA Relations Board. Sarb began his career in the public sector as a Project Manager, and has more than 30 years of project management and consultancy experience.

He has gained this experience providing services to companies including the BBC, Travis Perkins, BP, Network Rail. Sarb is a regular speaker at Information Security Conferences around the world, including the CxO Dialogue, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IPSec, IFSEC, Security Directors Forum.

He is also a member of the Defence and Security Committee and the Cyber Security Working Group at the London Chamber of Commerce & Industry, Infosecurity Magazine Editorial Board, and The Institute of Engineering and Technology, The Institute of Risk Management, The Chartered Insurance Institute, and was an individual member of the Parliamentary IT Committee.

Thomas Christophers

Group Enterprise Risk, Thames Water

Tom Christophers leads the Corporate Risk function to define a robust enterprise risk management process that sits at the heart of the corporate governance framework and reports risk exposure up to and including the executive and senior leadership teams, as well as with external stakeholders.

Tom has been with Thames Water for a year. Prior to that he held group and business risk roles at Centrica plc.

Krešimir Jurišić

Enterprise Architecture Manager, Mercury Processing Services International (MPSI)

Krešimir Jurišić is an Enterprise Architecture Manager with almost two decades experience in the payment card industry. He brings with him large experience gathered in different roles within Mercury Processing Services International Company from leading large migration projects, designing target business architecture, managing data centre transformation to implementation of a data protection tool to comply with PCI DSS and GDPR regulations.

Hrvoje Rončević

Application Architect, Mercury Processing Services International (MPSI)

Hrvoje Rončević is an Application Architect in Product Engineering Division of Mercury Processing Services International. His whole career has been in the IT sector, designing and developing complex information systems. From projects at the University Computing Centre to his current position in MPSI, his main focus of work has been on application development with system integration on application level and information interchange in heterogeneous environments.

Mark Gray

Chief Risk Officer, British Business Bank

Mark joined the British Business Bank (BBB) in November 2013 as Managing Director for Risk and Compliance. Mark’s initial tasks were putting in place a Risk Management Framework, setting the BBB’s Risk Appetite and building up the Risk and Compliance team. Since then Mark has had overall responsibility for monitoring and reporting on Business and Strategic, Credit and Investment, Market, Operational, Cyber, Legal and Compliance and Reputational Risk. Mark sits on the Executive Committee as Chief Risk Officer, reporting to the CEO with direct access to the Board of Directors.

Previously Mark was Chief Risk Officer at a UK Challenger Bank, Shawbrook, for two years where he was responsible for the bank’s Risk Appetite and putting in place a Risk Framework. Before that he spent 10 years at General Motors Acceptance Corporation (GMAC) where he was Chief Risk Officer for GMAC Financial Services (Europe and China), Chief Risk Officer, GMAC Residential Funding Corporation (International) and Director of Structured Finance GMAC RFC (UK).Earlier in his career, Mark worked in Investment Banking for Banque Nationale de Paris, Swiss Bank Corporation, Credit Suisse First Boston and Morgan Stanley. Mark is also currently advising the Nuclear Decommissioning Authority on their Risk Management Framework and is leading a cross-governmental forum on credit risk management. Outside of government Mark is a Non-Executive Director of the Marsden Building Society where he chairs the Board Risk Committee.

Ollie Sheridan

CISSP, Principal Engineer, Security (EMEA), Gigamon

With over 18 years’ experience in IT security, Ollie Sheridan joined Gigamon in November 2015 following similar roles at leading companies including Ixia and VSS Monitoring.

Having been a Certified Information Systems Security Professional (CISSP) for over 13 years, Ollie is Gigamon EMEA’s Principal Security Engineer and Security Strategist.

His wealth of experience in assisting organisations to improve their security posture has ranged from developing Security Standards and writing Security Assessments for major Financial Institutions, to providing assistance in dealing with complex security incidents such as DDoS attacks. Ollie therefore has an extensive breadth of knowledge of the key aspects any organisation needs to focus on in order to secure its assets.

Matthew Kay

Group Data Protection Officer, Balfour Beatty

Matthew holds a Masters in Information Rights Law and Practice and the BCS certificate in Data Protection. He is experienced in case handling and advising organisations on information compliance across a variety of sectors.

Matthew currently heads the Data Protection function for Balfour Beatty(c.40000 employees) overseeing the 6 Data Protection Officers across the strategic business units that the organisation operates to achieve compliance with the General Data Protection Regulation(GDPR) as well as the Data Protection Act 2018.

In addition to his core work he is also a member of the Data Protection Network(https://www.dpnetwork. and a regular speaker at numerous external events on GDPR to help assist other organisations with compliance and share best practice.

He previously worked for the London Borough of Hounslow where he was organisational lead for GDPR implementation(c.2000 employees) as well as being a key member of the Information Governance Network for London.

Prior to this work Matthew worked in the audit department at the Information Commissioner’s Office (ICO) helping organisations improve their privacy practices to reduce risk. He provided expert advice to local government, criminal justice and health organisations through on-site audits which were followed up with listed recommendations. Matthew also worked as part of a network of trainers delivering internal training to all levels within ICO.

His diverse work experience has exposed him to Information risks facing the Financial, Higher Education, Property and Transport, Emergency and Legal sectors.

Chris Hodson

Chief Information Security Officer, EMEA, Tanium

Chris Hodson is the CISO, EMEA at Tanium. He is an information security, data privacy and risk management leader with an SME background in strategy, architecture and design. Chris possesses 18 years’ professional experience obtained across the financial, retail, energy and media industry sectors.

In early 2016, Chris made the move from end-user into the vendor space with Zscaler where he operated as CISO, EMEA and Data Protection Officer. As a CISO, Chris is a trusted advisor to executives, board members and other stakeholders, helping them define well-balanced strategies for managing risk and improving business outcomes. Chris holds an MSc in Cyber Security from Royal Holloway and retains an active role in the Infosec industry through directorship of the IISP and membership of CompTIA’s Cyber Security Committee.

James Martin

Senior Cyber Security Manager, Darktrace

At Darktrace, James is a Senior Manager working with our most high profile blue chip clients across industry sectors including one of the UK’s leading retailers. He has spoken in front of a vast array of audiences internationally. James’ specialism lies in the application of AI and machine learning in order to futureproof and protect an organization’s core business assets against cyber threat.

Oliver Madden

Chrome Enterprise Browser Specialist, Google Cloud

Oliver Madden serves as an Enterprise Browser Specialist at Google where he provides support to businesses. In this role, he helps businesses utilize Chrome as an Enterprise grade browser through management tools, building vision, app strategy and deployment.

Oliver has been with Google for over 5 years and most recently served as the Chrome Operations Lead for UK and EMEA. He is a Certified Deployment Specialist, Google Administrator and Google Educator.

Boris Taratine

Chief Cyber Security Architect, Lloyds Banking Group

Boris is a passionate visionary and an influential ambassador of cybersecurity and cyber defence.

He has been working for world-renowned companies across the Globe holding different senior cyber and information security technical and leadership roles; was engaged in consulting with numerous organizations and is an active participant in various industry and law enforcement forums influencing global cyber security development. He is a frequent speaker at various industry events. He serves as a Strategic Executive Advisor to CEOs and a member of Advisory Boards to new cybersecurity start-ups.

He has near 30 years of experience in the Cyber Security, Information Security and Information Technology fields that is spanned across different industries. He possesses extremely strong analytical and problem-solving skills and as able to find and integrate complex solutions consistent with the customer and regulatory requirements.

He is an author of 6 scientific publications and 9 patents (incl. 4 granted under NATO HiTech project); further has dozens patents pending. He strive to make everyone perform at their best.

Chris Beckett

Cloud Security Architect, Check Point Technologies

Chris has recently joined Check Point as Cloud Security Architect for UK and Ireland, focusing specifically on the CloudGuard IaaS and now Dome9 product set. He is a 20 year veteran of the IT industry and has worked in many verticals including healthcare, higher education, financial services and consulting.

Mohsin Choudhury

UK Head of Information Security for Bank of Ireland (First Line Defence)

Mohsin has over 20 years of experience in Information Security from diverse sectors including Investment Banking, Defence & National Security, Central Government, Big 4 Audit Firms, Nuclear and Global Health Organisations. He is responsible for all areas of Information Security from defining security requirements for new digital programmes, advising businesses of their Cyber Risks, Technical Cyber Risk Assessment and Financial Regulatory needs.

During his career, Mohsin has worked on the Security of Satellite Communication Systems, producing key management and encryption systems, helping and advising Global Investment Bank’s with their Information Security maturity and managing large scale security of transformational programmes . He is highly technical and understands business needs.

Mohsin holds CISM and CISSP Certifications and has two Master Degrees, MSc in Defence Communications and MSc in Nuclear Science.

Kate Dunckley

Senior Fraud Strategy Manager, NewDay

Kate Dunckley is a Senior Fraud Strategy Manager at NewDay. She has worked in fraud prevention field for over a decade and has experience of working with small and large UK and international financial institutions. Kate’s expertise covers a range of subjects – from payment card scheme compliance, extensive knowledge of disputes and chargebacks, intelligence-led fraud investigations through data-driven fraud analysis as well as first party and application fraud prevention, and online fraud mitigation.  Kate has a special interest in fraud prevention from UX perspective.

Peter Avamale

Vulnerability Managment,

Peter Avamale is a cyber security professional with experience in several domains including security assessments, cloud security, cybersecurity risk management, and security monitoring. He was a regional cybersecurity advisory lead at a Big 4 firm, and is currently driving the vulnerability management efforts of, the world’s largest accommodation provider, responsible for delivering a scalable process for management of security vulnerabilities.

Simon Sharp

Vice President International, ObserveIT

With more than 18 years of leadership and management experience in cybersecurity, fraud and telecommunications, Simon leads ObserveIT’s international strategy, management and execution. He has held strategic management and leadership roles with market-leading cybersecurity organisations including Entrust, RSA (Dell Technologies), Pindrop, and Cybereason. With many achievement awards, Simon has demonstrated the energy, passion and creativity required to ensure his customers succeed in competitive and emerging markets.

Previous Speakers

Chris Rivinus

Head of IT Finance, Tullow Oil

Chris has over 20 years of experience in Information Technology, Innovation Management and Project Management working across the civil engineering and energy sectors. He holds degrees in Cultural Anthropology, Business Administration and International Business Transactions as well as certifications in Industrial Control System Security Management. His articles on information management and business strategy have been published in research forums, textbooks and mainstream business publications including CIO Magazine, Business Information Review and Knowledge Management Review.

Sam Lee

Head of Operational Risk, EMEA at Sumitomo Mitsui Banking Corporation

Sam Lee is Head of Operational Risk, EMEA for SMBC. He has previously been head of operational risk at RBS, Barclays Wealth and Credit Suisse Private Banking and has ridden a number of the industry’s challenges. Sam started his career training as a chartered accountant and left the profession immediately after qualifying and entered the world of investment banking as an internal auditor before moving to operational risk and initially setting up the operational risk framework and department for CSPB – He has stayed with Operational Risk ever since and has been focused on the embedding and transformational aspects of Operational Risk.

Andy Boura

Senior Information Security Architect, Thomson Reuters

Andy Boura has a passion for technology, science, and business. He brings technical depth of knowledge together with broad development process, business, and management experience. This allows him to take a holistic strategic view of technology, information security, and risk management. He advises on enterprise and technical security architecture of internally developed and third-party applications; and contributes to technical strategy, policies, and standards.

Thomson Reuters has over 50,000 employees in over 100 countries and is trusted by many of the biggest organisations in the world to provide business critical services and deliver accurate and timely information to professionals. As such, information security is critical in almost everything Thomson Reuters does.

Randi Roisli

IT Technical Security Lead, Shell International

An information risk management professional with 20 years’ of experience from the oil and gas industry, Randi was born in The Netherlands, gained engineering degrees in the UK and USA before embarking on an IT security career. Over the years, her roles and responsibilities have spanned technical security to governance and assurance, and she is currently working in the Joint Venture IT area.

David Wood

Information Security Manager, Kennedys

David Wood has over 14 years’ experience in information security, from access control with Halifax Card Services, to non-compliance management with Lloyds Banking Group. He has worked for Kennedys for over 3 years, overseeing the ISO 27001 certification programme, and general Information Security management.

David Robinson MBE

Head of Global IT Security, Herbert Smith Freehills LLP

David Robinson MBE is the Head of Global IT Security for Herbert Smith Freehills, one of the world’s leading law firms, who advise many of the biggest and most ambitious organisations across all major regions of the globe. David leads the delivery and strategy for IT security services across the firm in a flexible and responsive approach to the business. He has a wealth of experience gained from 22 years as a communications and electronics engineer with the RAF where he worked in numerous sectors including aircraft simulation, Radar, data handling & processing networks, training, procurement and information security; his military career was followed by a little over 13 years in senior security roles in the private sector with both C&W and Fujitsu where latterly he held various posts including company CSO.

Jonathan Gill

Chief Information Officer, Watchfinder & Co.

Jonathan Gill has spent the last twenty years working in the IT sector, specialising in complex IT systems for the education, health, engineering, accountancy and retail industries. His experience with web front-end systems dates back to 1999, but his core focus is on developing bespoke information management systems. His most recent work has been for Watchfinder & Co., a Sunday Times Virgin Fast Track Hot 100 ‘Ones to Watch’ company, building the company’s entire IT infrastructure to support rapid growth and maintain a stock roster of well over 4,000 high-value luxury items across multiple locations whilst catering to 1 million website visitors each month.

Algy Booker

Group Head of Information Security, RSA Insurance Group

Algy has worked for RSA for over 30 years in a variety of technology-oriented roles. He has been working in Information Security for over 10 years, developing capability from an initial basic IT Security focus into a wider Information Security framework aligned with Enterprise Risk Management practises.