Open to opportunities

Fiona O

@fionao

Message

Cyber Security professional with 10 years of experience in compliance.

United Kingdom

Message

What I'm looking for

I am looking for a role that fosters growth, values compliance, and prioritizes security.

I am a Cyber Security professional with a decade of progressive experience in information security and compliance. My expertise lies in identifying IT risks and compliance issues, and I excel in designing proactive solutions. I have a strong background in developing and implementing layered network security approaches, and I am proficient in policy writing and documentation.

In my current role as a Senior Information Security Manager at Farrer & Co, I spearheaded the development of a firm-wide Information Security Management System (ISMS) aligned with ISO/IEC 27001, significantly reducing risk exposure. I lead cross-functional security governance initiatives, ensuring compliance with UK GDPR and other regulations. My hands-on experience includes managing third-party vendor risk assessments and implementing security awareness training programs that have improved phishing detection metrics by 60%.

Throughout my career, I have demonstrated my ability to work independently and collaboratively to achieve project goals. I am committed to embedding cyber hygiene practices within organizations and continuously improving security postures through effective risk management and compliance strategies.

Experience

Work history, roles, and key accomplishments

Current

Senior Information Security Manager

Current

Farrer & Co

Jun 2024 - Present (1 year)

Spearheaded the development and execution of a firm-wide Information Security Management System (ISMS) aligned with ISO/IEC 27001, significantly reducing risk exposure across practice areas and client data workflows. Led cross-functional security governance initiatives ensuring full compliance with UK GDPR, DPA 2018, SRA Code of Conduct, and client-specific contractual obligations.

ISO 27001 GDPR DPA Risk Management Incident Response Vendor Risk Management RBAC

Senior IT Security & Compliance Analyst

ADNOC

Sep 2019 - Apr 2024 (4 years 7 months)

Drafted ISMS, created review, managed and updated company policies, procedures and controls implementation to ensure laws and regulation are respected. Successfully implemented ISO27001:2022 compliance transition and recertification process through ongoing audits.

ISMS ISO 27001 Auditing Risk Assessment Security Incident Management GDPR

Senior GRC Analyst

Zelle

Jan 2016 - Jan 2019 (3 years)

Led GRC efforts for SOC2 compliance by effectively managing regulatory, operational, and third-party risks across business units. Responsible for the ongoing assessment, processes & controls to ensure the regional IT systems comply with the SOX, audit and compliance requirements.

GRC SOC2 SOX Security Systems Firewalls

IT Auditor, Risk & Assurance

Cushman & Wakefield

Jan 2011 - Jan 2014 (3 years)

Performed IT SOX compliance audits for public and private entities as well as SOC 1 Type 2 reviews using COBIT and COSO frameworks. Managed and facilitated Self-Assessment (NIST SP A): Performed IT risk assessment to identify systems threats, vulnerabilities, and risks.

SOX Compliance COBIT COSO NIST Patch Management

Education

Degrees, certifications, and relevant coursework

Birmingham City University

Bachelor's Degree, Management

Obtained a Bachelor's Degree in Management, developing a strong foundation in business principles and practices. Acquired skills in leadership, organizational behavior, and strategic planning.

Unknown

BTech, Business and Finance

Completed a BTech in Business and Finance, gaining foundational knowledge in business operations and financial principles. Developed practical skills applicable to various business environments.

Plymouth University

Master's Degree, IT

Completed a Master's Degree in IT, focusing on advanced topics within the field. Gained in-depth knowledge and specialized skills relevant to information technology.