Steve Wright - Profile
Steve Wright is a Senior Risk Analyst and Strategic Security Advisor and has over 10 years of experience in Information Security and Data lifecycle and Privacy space. He is a highly qualified, motivated and adaptable Senior Manager with over fifteen years practical experience in delivering compliant IT and Information Security Management Systems in business complex environments. Steve is an effective communicator and organiser, accustomed to meeting tight deadlines and often exceeding client objectives. With a wide range of experience and proven track record, he possesses positive self-motivation as well as excellent interpersonal and presentation skills and has held interim CISO roles in the past.As is currently a Senior Manager at PwC, and focused on providing Professional Services in relation to Information Security frameworks/Technology/Management to meet Governance, Risk, and Compliance requirements such as SOX, COSO, COBIT, ISO27001, ITIL, ISO20000, PCI DSS, PAS99, Tickit, ISO13335 and much more.
He is also well versed working with conducting information security reviews, audits, incident management, risk analysis and using risk assessments methodologies like CRAMM, COBRA, OGC M_o_R, ISF Information Risk Assessment Methodology (IRAM). This also includes working in the Business continuity management spectrum with emerging standards such as BS25999 & PAS 77.
Being a qualified PRINCE 2 project managed has also helped him ensure that the many implementations of ISO27001, ISO9001 and BS25999 compliant systems, have been delivered on time and to budget. Steve involves himself from initiation scoping through to final delivery, to meet certification requirements of ISO27001 and ITIL (ISO20000) in both financial, private and public service sectors, at least five of which have received formal certification.
Particular areas of expertise include:
- Interim CISO roles and Thought Leadership (recently published a book on PCI DSS)
- Extensive line management experience of various technical and non technical people/teams
- Programme and project management of large value and large team projects (Prince2 qualified)
- ISO27001 certification projects to fulfil SOX, Corporate governance, COSO, Data Protection Act, HNS N3, NHS Connect for Health, HIPPA, Cobit and other client contractual requirements
- Enterprise Risk Management frameworks
- PCI DSS compliance programme
- Business Continuity - BS25999 & PAS 77
- Integrated Management System (PAS99) - ISO27001, ISO9001, ISO 20000 (ITIL) in federated organisations
- HMG RMADS system implementation and documentation (Hold UK ‘SC’ security clearance until 2016)
- Experienced provider of training in Information Security, Risk Management, Governance and ISO27001
- Industry experience (Financial Services, Banking, Telecoms and IT, Utilities, Logistics and Construction, Retail, UK Central and Local Government)
Key experience - Recent projects include:
- Interim CISO for large multi complex (federated) Outsourced and Managed Services Provider
- Managed global Information Security Management and Governance framework implementation projects in new and acquired businesses in the UK, Europe and USA
- Implementing ISO27001 compliant (ISMS) systems that support global internal control systems
- Managed projects to review the stability of a major RMADS system implementation, which included reviewing system scalability, technical build, configuration, security, interfaces and investigating risks around the technology or business processes
- Managed projects to implement IT system changes and manage changes to the business processes
- Designed and help implement state of the art encryption solution for high integrity / high resilience network
- Managed projects to review system Review existing business and security incident procedures (Global) including re-work and re-design of new security incident procedures
- Managed projects to design and develop real-time interfaces between a transactional business system which included customer and supplier data security, monitoring and reporting
- Software and vendor evaluation (Knowledge Mge and Malware systems)
- Defined requirements for outsourced environment, KPI’s and performance improvement monitoring
- Managed penetration testing, UAT and social engineering teams
- Led countless strategic security reviews across many different industries and locations
- Helped dozens of organisations achieve ISO27001 certification or compliance (Weis Group New York)
