RICHARD TODD

Provided consultancy, audit, and assurance on threats, risks, and application of NATO policy for NATO CIS and digital transformation programs. Managed the information security assurance and audit lifecycle, including assessment of control requirements and security design for NATO systems.

Provided risk and security consultancy for the CAPD Programme, focusing on the delivery of 2013 EU agricultural policy management systems. Ensured compliance with EU CAP Regulations for the redevelopment and re-deployment of RPA payment systems.

Provided information assurance consultancy for the Vanguard and Astute submarine common combat systems implementation. Worked with MOD data owners to identify and categorize information assets and establish sensitivity and risk throughout the development, refit, and operational support lifecycle.

Provided audit and accreditation support for digital services, specifically a Software as a Service (SAAS) solution. Conducted audit, requirements analysis, and technical design assurance for web-based user applications and back-office processing systems.

Managed the transition to centralised SAP finance systems and cloud computing environments. Integrated security governance under a single security officer, ensuring risk and controls were managed in the internal control environment and with cloud suppliers.

Worked on the procurement programme for the Debt Management Integration Programme. Focused on integrating and improving debt recovery via a joint venture, involving debt management and banking services for collections, analytics, and enforcement via PAAS, SAAS solutions.

Provided IA consultancy for the Passport Office and assurance to Home Office accreditors on security measures at passport counter services. Provided risk and control consultancy and assurance for passport processing development programmes and online BETA services.

Implemented and assured the security of the DSP smart metering programme. Provided assurance to the CTO, CIO, and programme on supply chain compliance and delivery projects.

Supported the accreditation of MOD Telecoms services, providing risk and information assurance consultancy or audit for the DFTS programme environment. Covered management, financial, billing, sites, service management, and provisioning and support services.

Provided security consultancy, assurance, and audit to support the development of cyber services and management of security incidents. Managed business risks and assured IA and ICT security requirements, HMG government policy, and system designs for DVLA Drivers and Vehicles systems.

Managed the delivery of assurance for the transition of the DCNS service portfolio, ensuring compliance with customer and certification requirements. Established a control framework and architecture model to rationalize delivery artefacts, achieving conceptual accreditation for the programme.

Undertook a gateway review audit of HMG gateway stages 2 and 3 and programme business cases for compliance with HM Treasury green book and orange book. Produced delivery confidence assessments for programmes and projects, including governance, staffing skills, risk management, and programme control.

Established management system reporting mechanisms, systems architecture, and configuration management practice maturity. Defined risk-based requirements for integrating business application data into AWS cloud environments. Provided design assurance for CTO technical design approvals, assessing risks and controls for accreditation.

Provided risk management, design assurance, compliance, and assurance planning for Boeing products and systems. Planned and delivered security compliance for Boeing defence systems for the MOD customer. Assessed threats and risk controls, providing assurance on security architecture implementation.

Managed information security aspects of the Whitbread Privacy programme, developing and delivering plans and privacy assessments. Conducted security screening, scoping, and assurance planning, including data modelling and gap assessment. Developed security architecture models and test plans for IT systems.

Worked as part of the NCA GDPR programme for the re-accreditation, compliance, and assurance of NCA information systems to meet GDPR/DPA and ISO standards. Identified control gaps, developed compliance and assurance plans, and assured design artefacts for compliance and effectiveness.

Managed information risk for the HMRC EU exit and Customs declaration system transformation programme. Defined risk management scopes and performed information and compliance risk management, including implementation of security architecture and solutions. Conducted privacy risk assurance and audit across the design and delivery environment.

Established an information security risk management and Cyber SIEM function, including risk management framework, controls, and policies. Provided assurance for information security and Cyber security controls for the inquiry, its investigations, and the secretariat function. Managed third-party suppliers and external information exchanges.

Improved the bank's information security compliance maturity and strategic realignment of the cyber portfolio's regulatory compliance. Conducted risk assessments of Bank information environments and assets to establish stakeholder needs and define a control and compliance strategy.

Assessed risk and provided assurance for the Royal Navy Training systems migration and development programme. Managed security activity and risk, including scope assessment, control requirements, and development of policy and control frameworks. Produced ISMS and contractual deliverables, defining assurance plans and reporting on residual risk.

Assessed the maturity of Central Government departments and reported on the control status of security posture/IA maturity and Cyber resilience. Developed a supply chain assurance and compliance policy, roadmap, and plan supported by relevant legislative and industry standards.

Implemented improvements to operational risk management plans, integrating the bank's internal enterprise risk and control frameworks with target models. Developed KPI and risk management and assurance plans using common audit practices to align ICBC operations with enterprise ICT management practices.

Provided security accreditation assurance and consultancy for the MOD Strategic Command MOD-Cloud Programme. Conducted risk assessment, control selection, and control assurance for cloud services using NIST, NCSC, and CCM guidance. Advised on supply chain and supplier assurance to meet secure by design principles.

Ensured projects complied with BAE and Ministry of Defense policies, secure by design practices, and managed the risk management lifecycle. Developed risk and control models for ships information systems and control systems, ensuring through-life accreditation and audit for complex ICT systems.

Completed a Master's degree focusing on Information Systems Engineering. This qualification contributes to a strong foundation in systems engineering and information management.

Achieved a Master's degree in Systems Engineering, leading to Chartered Engineer status. This demonstrates advanced knowledge in the field of engineering systems.