Tom Stewart MBCS

Experience

• 

  Mercantile Credit Company

  Jan 1982 - Sept 1985

  MVS Systems Programmer

  IBM MVS/370 Systems programmer responsible for IBM System maintenance and system security product evaluation and implementation (IBM RACF).

• 

  Amdahl (UK) Limited

  Sept 1985 - Dec 1992

  Senior Systems Engineer/TerritoryCoordinator

  Senior Systems EngineerLooked after all the customer service and support needs for a range of customers in the London Area initially and then further out to the North West of London. Clients included British Telecom, Thomson Holidays, Kodak, University of London, P&OCL.Territory CoordinatorScheduled and planned all the customer service and support activities in the East England region. Account included Tesco Stores, British Telecom, Norwich Union, British Aerospace and Sainsbury's Stores. Show less

• 

  Synstar (UK) Limited

  May 1995 - Dec 1999

  European Support Specialist

  Responsible for support and training for site based engineers. Locations were European wide and included British Airways, Swissair, Aer Lingus, GKN Westland and Telecom Italia. Manufacurers systems I specialised in were Amdahl (processors, front end processors, and disk systems), IBM (processors, disk, cartridge and robot cartridge,IBM operating systems, NCP and VTAM), Storagetek (disk, cartridge and robot cartridge), EMC2 (Raid disk systems)

• 

  AIB Bank (CI) Limited

  Jan 2002 - Jan 2013

  Information Security Officer
• 

  Datacom

  Jun 2014 - Jun 2021

  This role was internally facing and supported the security requirements of Datacom's international businesses.Focuses for this role: • Develop and maintain risk based security controlled environments• Responsibility for oversight and governance of security standards and policies• Provide security risk assurance to Datacom Divisions and Business Units.• Identify, develop and implement processes, standards and policies • Work closely with our internal Divisions and business units to ensure the application of security controls that meet Datacom and business requirements, and align to the Datacom New Zealand Information Security Plan• On-going auditing, monitoring and improvement of security controls • Providing guidance, education and training to ensure adherence and compliance (people, processes and technology)• Building and managing relationships with internal teams to ensure consistency and effectiveness of security processes • Undertaking risk assessments, reporting and recommendations (including working with executive teams)• Working closely alongside our existing client facing Security Services teams to stay abreast of industry changes (technology, legislation etc.) Show less Providing ISSM related services to government and private sector clients. The services include: Provision of security related advice as required by clients and IT operational staff Assessment of security risk and policy compliance Management of technical vulnerability with the IT systems Management of security improvement plans  Monitoring of the security control environments Assistance with response to major information security incidents Support for internal and external audits Maintenance of IT system resilience and recovery plans Oversight of any security-related tools that are provided as a service to the customer Oversight of personnel security Security awareness and advisory Reporting and assurance Show less

  • Group Security Manager

    Jun 2015 - Jun 2021

  • Senior Information Security Consultant

    Jun 2014 - Jun 2015
• 

  Reserve Bank of New Zealand

  Jun 2021 - Jul 2023

  Security Advisor

  Reporting to the Banks Chief Information Security Officer (CISO), my role provides risk and information security expertise to business and technology stakeholders for the delivery of projects and programmes, by providing design advice and guidance to ensure adoption of,and adherence to, information security architectures, strategies, policies, standards and guidelines. As Security Adviser, l ensure that controls are implemented to protect the confidentiality, integrity and availability of information, systems and that infrastructure isthoroughly assessed and operates as designed by utilising the Certification and Accreditation process.Many of my activities drew on (and enhanced) my Microsoft 365, Windows and Azure knowledge. My work revolved around the Banks cloud adoption strategy while, at the sametime, ensuring that security was deployed and maintained across the hybrid environment in a manner that supported the organisational business aims. Show less

• 

  Achilles Cybersecurity Limited

  Jul 2023 - now

  Managing Director

  Offering Cybersecurity consulting services to organisations in New Zealand and around the world.