NSK Europe is part of the international NSK group, one of the world's leading manufacturers of rolling bearings, automotive components and Mechatronic products.

As a company whose parent organization is listed on the Japanese stock market NSK are required to comply with the requirements of the recent J-SOX- legislation, which includes strict controls over business and financial information and reporting.

Using the structure provided by ISO27001 I am helping NSK to achieve compliance with the specific requirements of J-SOX and to implement an ISO27001 compliant Information Security Management System across their European operations.

This project is starting from first principles and the role includes :

Evaluation of their current status,
Determination of effectiveness of existing controls,
Identification of control requirements,
Policy development,
Implementation,
Audit and Remediation.

BT is the National Application Service Providers ( NASP ) for the NHS Connecting for Health program, also known as the National Program for IT.

The role involved :

Developing internal security audit processes and policies.
Planning, managing and performing security audits
Technical security reviews and recommendations.
Producing security recommendations based on the audit findings.
Tracking implementation and compliance across the NHS project.-
Transitioning from BS7799 to ISO/IEC 27001

The Coal Authority is a Non Departmental Public Body affiliated with the DTI.- They manage the legacy of coalmining activity in the UK including management of subsidence incidents and provision of reports on ground stability and mining activity to businesses via secure online communications and private individuals via credit card.- Turnover on this business was around -9m per year and projected to be -20m by 2010. Project Management tasks were performed under Prince II, working in partnership with the Authority-s outsourced IT provider Cap Gemini.

Projects included :

The Adoption and implementation of ISO/IEC 27001 across the organization.-
Implementation of PCIDSS in respect of processing storage and transmission of customer PAN-s and other card details.

- Development and implementation of a corporate wide Information Risk Management methodology.

- Development and implementation of a new network infrastructure to provide a modern, secure and resilient network to support the business in its future development.

- Development and implementation of a new server environment to host the expanding services needs of the business.

- Proposing, developing, implementing and enforcing IT related policies related to Acceptable Use and Information Security.

Provided operational security for the university network and systems supporting over 27,000 students and 3000 staff spread across four campuses and a number of associated colleges throughout the south west of England.

Wellcome Department of Imaging Neuroscience, Institute of Neurology,

The Wellcome department is an independently funded research department within the Institute of Neurology conducting research into human brain function. I provided hands on support for 150 research staff and academics in a mixed environment of Macintosh, Windows and Unix based systems.- This included network design work, security design and implementation and firewall deployment and support.