RICHARD TODD
@richardtodd
Experienced auditor specializing in risk management and compliance assurance.
What I'm looking for
I am a professional and qualified auditor with extensive experience across both public and private sectors. My expertise spans internal audit, program and portfolio management, compliance, and assurance, particularly in information security and operational technologies. I have a proven track record of implementing control frameworks as part of end-to-end risk management processes, ensuring operational effectiveness, and conducting audits in complex environments.
Throughout my career, I have worked with various organizations, including NATO and BAE Systems, where I provided consultancy and assurance on risk management and compliance. My experience includes managing the information security assurance lifecycle, performing ISMS audits, and developing risk assessment methodologies. I am skilled in governance risk and compliance frameworks, and I have successfully managed risk and assurance for critical national infrastructure and sensitive information environments.
With a strong background in cyber resilience and secure design principles, I am committed to enhancing organizational security posture and ensuring compliance with industry standards. I am passionate about leveraging my skills to contribute to the success of organizations by embedding security into their operational frameworks.
Experience
Work history, roles, and key accomplishments
CIS Accreditor
NATO Allied Command Transformation
Nov 2023 - Present (1 year 8 months)
Provided consultancy, audit, and assurance on threats, risks, and application of NATO policy for NATO CIS and digital transformation programs. Managed the information security assurance and audit lifecycle, including assessment of control requirements and security design for NATO systems.
Risk and Security Consultant
RPA /DEFRA
May 2013 - Jul 2013 (2 months)
Provided risk and security consultancy for the CAPD Programme, focusing on the delivery of 2013 EU agricultural policy management systems. Ensured compliance with EU CAP Regulations for the redevelopment and re-deployment of RPA payment systems.
Risk Assurance Consultant
BAE Systems Submarines
Oct 2013 - Dec 2013 (2 months)
Provided information assurance consultancy for the Vanguard and Astute submarine common combat systems implementation. Worked with MOD data owners to identify and categorize information assets and establish sensitivity and risk throughout the development, refit, and operational support lifecycle.
Audit and Accreditation Support
NCC for Government Procurement Service
Dec 2013 - Jan 2014 (1 month)
Provided audit and accreditation support for digital services, specifically a Software as a Service (SAAS) solution. Conducted audit, requirements analysis, and technical design assurance for web-based user applications and back-office processing systems.
CFO Finance Consolidation Programme Consultant
London Borough Council
Apr 2014 - Jun 2014 (2 months)
Managed the transition to centralised SAP finance systems and cloud computing environments. Integrated security governance under a single security officer, ensuring risk and controls were managed in the internal control environment and with cloud suppliers.
Procurement Programme Consultant / 24-7 Recruitment
Cabinet Office/HM Treasury
Jul 2014 - Aug 2014 (1 month)
Worked on the procurement programme for the Debt Management Integration Programme. Focused on integrating and improving debt recovery via a joint venture, involving debt management and banking services for collections, analytics, and enforcement via PAAS, SAAS solutions.
IA Consultant / Outsource UK Ltd.
Home Office, Passport Office
Oct 2014 - Oct 2014 (0 months)
Provided IA consultancy for the Passport Office and assurance to Home Office accreditors on security measures at passport counter services. Provided risk and control consultancy and assurance for passport processing development programmes and online BETA services.
Security Consultant /Experis Ltd.
DCC/QinetiQ Smart Metering Programme
Dec 2014 - Jan 2015 (1 month)
Implemented and assured the security of the DSP smart metering programme. Provided assurance to the CTO, CIO, and programme on supply chain compliance and delivery projects.
Senior Security Consultant /Experis Ltd.
BT/MOD DFTS
Jan 2015 - Nov 2015 (10 months)
Supported the accreditation of MOD Telecoms services, providing risk and information assurance consultancy or audit for the DFTS programme environment. Covered management, financial, billing, sites, service management, and provisioning and support services.
Security Consultant
Driver and Vehicle Licensing Agency (DVLA)
Nov 2015 - Feb 2016 (3 months)
Provided security consultancy, assurance, and audit to support the development of cyber services and management of security incidents. Managed business risks and assured IA and ICT security requirements, HMG government policy, and system designs for DVLA Drivers and Vehicles systems.
Security Consultant
Ministry of Defense / ATOS, DCNS /MOD Grapevine
Mar 2016 - May 2016 (2 months)
Managed the delivery of assurance for the transition of the DCNS service portfolio, ensuring compliance with customer and certification requirements. Established a control framework and architecture model to rationalize delivery artefacts, achieving conceptual accreditation for the programme.
National Health Service PTP, Gateway Review
Cabinet Office/IPA
Jun 2016 - Jul 2016 (1 month)
Undertook a gateway review audit of HMG gateway stages 2 and 3 and programme business cases for compliance with HM Treasury green book and orange book. Produced delivery confidence assessments for programmes and projects, including governance, staffing skills, risk management, and programme control.
Security Consultant / CBS Butler Ltd.
Driver and Vehicle Standards Agency
Jun 2016 - Dec 2016 (6 months)
Established management system reporting mechanisms, systems architecture, and configuration management practice maturity. Defined risk-based requirements for integrating business application data into AWS cloud environments. Provided design assurance for CTO technical design approvals, assessing risks and controls for accreditation.
Risk Consultant
Boeing Defence UK
Dec 2016 - Apr 2017 (4 months)
Provided risk management, design assurance, compliance, and assurance planning for Boeing products and systems. Planned and delivered security compliance for Boeing defence systems for the MOD customer. Assessed threats and risk controls, providing assurance on security architecture implementation.
Assurance Consultant
NCC/Whitbread
Jul 2017 - Nov 2017 (4 months)
Managed information security aspects of the Whitbread Privacy programme, developing and delivering plans and privacy assessments. Conducted security screening, scoping, and assurance planning, including data modelling and gap assessment. Developed security architecture models and test plans for IT systems.
Privacy Risk Consultant
National Crime Agency
Jan 2018 - Mar 2018 (2 months)
Worked as part of the NCA GDPR programme for the re-accreditation, compliance, and assurance of NCA information systems to meet GDPR/DPA and ISO standards. Identified control gaps, developed compliance and assurance plans, and assured design artefacts for compliance and effectiveness.
Customs Declaration Service
HMRC
Jul 2018 - Dec 2018 (5 months)
Managed information risk for the HMRC EU exit and Customs declaration system transformation programme. Defined risk management scopes and performed information and compliance risk management, including implementation of security architecture and solutions. Conducted privacy risk assurance and audit across the design and delivery environment.
Risk and Compliance Consultant
Government Independent Inquiry
Mar 2019 - Oct 2019 (7 months)
Established an information security risk management and Cyber SIEM function, including risk management framework, controls, and policies. Provided assurance for information security and Cyber security controls for the inquiry, its investigations, and the secretariat function. Managed third-party suppliers and external information exchanges.
Risk and Control Consultant
Bank Of England
Dec 2019 - Jun 2020 (6 months)
Improved the bank's information security compliance maturity and strategic realignment of the cyber portfolio's regulatory compliance. Conducted risk assessments of Bank information environments and assets to establish stakeholder needs and define a control and compliance strategy.
Risk and Control Consultant
Fujitsu Services
Dec 2020 - May 2021 (5 months)
Assessed risk and provided assurance for the Royal Navy Training systems migration and development programme. Managed security activity and risk, including scope assessment, control requirements, and development of policy and control frameworks. Produced ISMS and contractual deliverables, defining assurance plans and reporting on residual risk.
Assurance and Audit Manager
HM Revenue and Customs (HMRC)
Mar 2021 - Mar 2022 (1 year)
Assessed the maturity of Central Government departments and reported on the control status of security posture/IA maturity and Cyber resilience. Developed a supply chain assurance and compliance policy, roadmap, and plan supported by relevant legislative and industry standards.
Risk Manager Senior Assurance and Audit Consultant
ICBC
Mar 2022 - May 2022 (2 months)
Implemented improvements to operational risk management plans, integrating the bank's internal enterprise risk and control frameworks with target models. Developed KPI and risk management and assurance plans using common audit practices to align ICBC operations with enterprise ICT management practices.
Risk and Control Auditor
MOD
May 2022 - Dec 2022 (7 months)
Provided security accreditation assurance and consultancy for the MOD Strategic Command MOD-Cloud Programme. Conducted risk assessment, control selection, and control assurance for cloud services using NIST, NCSC, and CCM guidance. Advised on supply chain and supplier assurance to meet secure by design principles.
Risk and Compliance Accreditor
BAE Systems
Dec 2021 - Jan 2023 (1 year 1 month)
Ensured projects complied with BAE and Ministry of Defense policies, secure by design practices, and managed the risk management lifecycle. Developed risk and control models for ships information systems and control systems, ensuring through-life accreditation and audit for complex ICT systems.
Education
Degrees, certifications, and relevant coursework
Unknown
Master's in Information Systems Engineering, Information Systems Engineering
Completed a Master's degree focusing on Information Systems Engineering. This qualification contributes to a strong foundation in systems engineering and information management.
Unknown
Master's in Systems Engineering, Systems Engineering
Achieved a Master's degree in Systems Engineering, leading to Chartered Engineer status. This demonstrates advanced knowledge in the field of engineering systems.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Job categories
Interested in hiring RICHARD?
You can contact RICHARD and 90k+ other talented remote workers on Himalayas.
Message RICHARDFind your dream job
Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
