RICHARD TODDRT
Open to opportunities

RICHARD TODD

@richardtodd

Experienced auditor specializing in risk management and compliance assurance.

United Kingdom
Message

What I'm looking for

I seek a role that values security and compliance, offering growth opportunities and a collaborative culture.

I am a professional and qualified auditor with extensive experience across both public and private sectors. My expertise spans internal audit, program and portfolio management, compliance, and assurance, particularly in information security and operational technologies. I have a proven track record of implementing control frameworks as part of end-to-end risk management processes, ensuring operational effectiveness, and conducting audits in complex environments.

Throughout my career, I have worked with various organizations, including NATO and BAE Systems, where I provided consultancy and assurance on risk management and compliance. My experience includes managing the information security assurance lifecycle, performing ISMS audits, and developing risk assessment methodologies. I am skilled in governance risk and compliance frameworks, and I have successfully managed risk and assurance for critical national infrastructure and sensitive information environments.

With a strong background in cyber resilience and secure design principles, I am committed to enhancing organizational security posture and ensuring compliance with industry standards. I am passionate about leveraging my skills to contribute to the success of organizations by embedding security into their operational frameworks.

Experience

Work history, roles, and key accomplishments

NT
Current

CIS Accreditor

NATO Allied Command Transformation

Nov 2023 - Present (1 year 8 months)

Provided consultancy, audit, and assurance on threats, risks, and application of NATO policy for NATO CIS and digital transformation programs. Managed the information security assurance and audit lifecycle, including assessment of control requirements and security design for NATO systems.

R/

Risk and Security Consultant

RPA /DEFRA

May 2013 - Jul 2013 (2 months)

Provided risk and security consultancy for the CAPD Programme, focusing on the delivery of 2013 EU agricultural policy management systems. Ensured compliance with EU CAP Regulations for the redevelopment and re-deployment of RPA payment systems.

BS

Risk Assurance Consultant

BAE Systems Submarines

Oct 2013 - Dec 2013 (2 months)

Provided information assurance consultancy for the Vanguard and Astute submarine common combat systems implementation. Worked with MOD data owners to identify and categorize information assets and establish sensitivity and risk throughout the development, refit, and operational support lifecycle.

NS

Audit and Accreditation Support

NCC for Government Procurement Service

Dec 2013 - Jan 2014 (1 month)

Provided audit and accreditation support for digital services, specifically a Software as a Service (SAAS) solution. Conducted audit, requirements analysis, and technical design assurance for web-based user applications and back-office processing systems.

LC

CFO Finance Consolidation Programme Consultant

London Borough Council

Apr 2014 - Jun 2014 (2 months)

Managed the transition to centralised SAP finance systems and cloud computing environments. Integrated security governance under a single security officer, ensuring risk and controls were managed in the internal control environment and with cloud suppliers.

CT

Procurement Programme Consultant / 24-7 Recruitment

Cabinet Office/HM Treasury

Jul 2014 - Aug 2014 (1 month)

Worked on the procurement programme for the Debt Management Integration Programme. Focused on integrating and improving debt recovery via a joint venture, involving debt management and banking services for collections, analytics, and enforcement via PAAS, SAAS solutions.

HO

IA Consultant / Outsource UK Ltd.

Home Office, Passport Office

Oct 2014 - Oct 2014 (0 months)

Provided IA consultancy for the Passport Office and assurance to Home Office accreditors on security measures at passport counter services. Provided risk and control consultancy and assurance for passport processing development programmes and online BETA services.

DP

Security Consultant /Experis Ltd.

DCC/QinetiQ Smart Metering Programme

Dec 2014 - Jan 2015 (1 month)

Implemented and assured the security of the DSP smart metering programme. Provided assurance to the CTO, CIO, and programme on supply chain compliance and delivery projects.

BD

Senior Security Consultant /Experis Ltd.

BT/MOD DFTS

Jan 2015 - Nov 2015 (10 months)

Supported the accreditation of MOD Telecoms services, providing risk and information assurance consultancy or audit for the DFTS programme environment. Covered management, financial, billing, sites, service management, and provisioning and support services.

D(

Security Consultant

Driver and Vehicle Licensing Agency (DVLA)

Nov 2015 - Feb 2016 (3 months)

Provided security consultancy, assurance, and audit to support the development of cyber services and management of security incidents. Managed business risks and assured IA and ICT security requirements, HMG government policy, and system designs for DVLA Drivers and Vehicles systems.

MG

Security Consultant

Ministry of Defense / ATOS, DCNS /MOD Grapevine

Mar 2016 - May 2016 (2 months)

Managed the delivery of assurance for the transition of the DCNS service portfolio, ensuring compliance with customer and certification requirements. Established a control framework and architecture model to rationalize delivery artefacts, achieving conceptual accreditation for the programme.

CO

National Health Service PTP, Gateway Review

Cabinet Office/IPA

Jun 2016 - Jul 2016 (1 month)

Undertook a gateway review audit of HMG gateway stages 2 and 3 and programme business cases for compliance with HM Treasury green book and orange book. Produced delivery confidence assessments for programmes and projects, including governance, staffing skills, risk management, and programme control.

DA

Security Consultant / CBS Butler Ltd.

Driver and Vehicle Standards Agency

Jun 2016 - Dec 2016 (6 months)

Established management system reporting mechanisms, systems architecture, and configuration management practice maturity. Defined risk-based requirements for integrating business application data into AWS cloud environments. Provided design assurance for CTO technical design approvals, assessing risks and controls for accreditation.

NC

Assurance Consultant

NCC/Whitbread

Jul 2017 - Nov 2017 (4 months)

Managed information security aspects of the Whitbread Privacy programme, developing and delivering plans and privacy assessments. Conducted security screening, scoping, and assurance planning, including data modelling and gap assessment. Developed security architecture models and test plans for IT systems.

NA

Privacy Risk Consultant

National Crime Agency

Jan 2018 - Mar 2018 (2 months)

Worked as part of the NCA GDPR programme for the re-accreditation, compliance, and assurance of NCA information systems to meet GDPR/DPA and ISO standards. Identified control gaps, developed compliance and assurance plans, and assured design artefacts for compliance and effectiveness.

HM

Customs Declaration Service

HMRC

Jul 2018 - Dec 2018 (5 months)

Managed information risk for the HMRC EU exit and Customs declaration system transformation programme. Defined risk management scopes and performed information and compliance risk management, including implementation of security architecture and solutions. Conducted privacy risk assurance and audit across the design and delivery environment.

GI

Risk and Compliance Consultant

Government Independent Inquiry

Mar 2019 - Oct 2019 (7 months)

Established an information security risk management and Cyber SIEM function, including risk management framework, controls, and policies. Provided assurance for information security and Cyber security controls for the inquiry, its investigations, and the secretariat function. Managed third-party suppliers and external information exchanges.

BE

Risk and Control Consultant

Bank Of England

Dec 2019 - Jun 2020 (6 months)

Improved the bank's information security compliance maturity and strategic realignment of the cyber portfolio's regulatory compliance. Conducted risk assessments of Bank information environments and assets to establish stakeholder needs and define a control and compliance strategy.

FS

Risk and Control Consultant

Fujitsu Services

Dec 2020 - May 2021 (5 months)

Assessed risk and provided assurance for the Royal Navy Training systems migration and development programme. Managed security activity and risk, including scope assessment, control requirements, and development of policy and control frameworks. Produced ISMS and contractual deliverables, defining assurance plans and reporting on residual risk.

H(

Assurance and Audit Manager

HM Revenue and Customs (HMRC)

Mar 2021 - Mar 2022 (1 year)

Assessed the maturity of Central Government departments and reported on the control status of security posture/IA maturity and Cyber resilience. Developed a supply chain assurance and compliance policy, roadmap, and plan supported by relevant legislative and industry standards.

IC

Risk Manager Senior Assurance and Audit Consultant

ICBC

Mar 2022 - May 2022 (2 months)

Implemented improvements to operational risk management plans, integrating the bank's internal enterprise risk and control frameworks with target models. Developed KPI and risk management and assurance plans using common audit practices to align ICBC operations with enterprise ICT management practices.

MO

Risk and Control Auditor

MOD

May 2022 - Dec 2022 (7 months)

Provided security accreditation assurance and consultancy for the MOD Strategic Command MOD-Cloud Programme. Conducted risk assessment, control selection, and control assurance for cloud services using NIST, NCSC, and CCM guidance. Advised on supply chain and supplier assurance to meet secure by design principles.

BS

Risk and Compliance Accreditor

BAE Systems

Dec 2021 - Jan 2023 (1 year 1 month)

Ensured projects complied with BAE and Ministry of Defense policies, secure by design practices, and managed the risk management lifecycle. Developed risk and control models for ships information systems and control systems, ensuring through-life accreditation and audit for complex ICT systems.

Education

Degrees, certifications, and relevant coursework

UN

Unknown

Master's in Information Systems Engineering, Information Systems Engineering

Completed a Master's degree focusing on Information Systems Engineering. This qualification contributes to a strong foundation in systems engineering and information management.

UN

Unknown

Master's in Systems Engineering, Systems Engineering

Achieved a Master's degree in Systems Engineering, leading to Chartered Engineer status. This demonstrates advanced knowledge in the field of engineering systems.

Tech stack

Software and tools used professionally

Interested in hiring RICHARD?

You can contact RICHARD and 90k+ other talented remote workers on Himalayas.

Message RICHARD

People also viewed

View all talent

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan
RICHARD TODD - CIS Accreditor - NATO Allied Command Transformation | Himalayas