Matthew W.

Experience

• 

  Honeywell

  Aug 2009 - Dec 2011

  Security Consultant

  Provided security consultation services to industrial sector clients. Clients spanned multiple industries and included the electric utility sector who had newly enforced cyber security requirements (NERC CIP). The consultation services included system integration, network design, vulnerability assessment, and security process establishment.

• 

  ATCO Electric

  Jan 2012 - Dec 2015

  Security Specialist

  Assited ATCO Electric in the planning and execution of a cyber security program to protect critical transmission infrastructure. This included developing security policies and establishing technical capabilities which ensured that cyber and physical security risks to ATCO Electric were managed. It also included ensuring that required regulatory requirements were met.

• 

  City of Gold Coast

  Feb 2016 - now

  As the Chief Risk and Audit Officer I lead the City's consolidated assurance teams of Internal Audit, Enterprise Risk, Corporate Compliance, Enterprise Resilience, and Cyber Security. Together these teams act as the trusted advisor to the City during a time of ambitious transformation.The position also has a number of other duties that it fulfills:- acts as the Chief Audit Executive and in that capacity reports to the Chief Executive Officer and the Audit and Risk Committee. This ensures that the Internal Audit operates independently and with integrity.- acts as the Internal Incident Controller for business continuity and crisis events and in this capacity reports to the Chief Executive Officer.The multi-disciplinary aspect of the role requires that my teams and I provide thought leadership across a wide range of domains, functions, and levels of the organisation. To make this effective I champion and foster a team culture that is focused on customer outcomes, high quality delivery, and independent authoritative advice.During my time we have been able to achieve:- strategic risk advice during a period when City's management team were able to save ~$100m/year in opex.- endorsement of City's first-ever risk appetite statements by the Executive Leadership Team.- total re-design of City's risk universe starting with strategic risk.- integration of risk management into City's new internal governance regime.- support for an expanded audit program to ensure coverage during a period of high change.- improved relationships with key stakeholders ensuring that the trust placed in the Chief Risk Office is maintained.- integration of risk management into key frameworks (e.g. Asset Management, Project Management, etc.)- support for a refreshed risk-based compliance program.- multiple successful activations to crisis and disaster events (e.g. Christmas-day storms on the Gold Coast).- refresh of business continuity plans following a sizeable restructure. Show less Led a multi-disciplinary team across Service Management, Service Desk, Technology & Platforms, Contract Management, and Cyber Security. In this leadership capacity the primary role was to ensure that the teams had defined and achievable strategic and operation goals and that they delivered their services with a customer-oriented mindset. This made the team a solution focused group who was relied on by the organisation to get things done. The team was responsible for ICT operations, performance management of outsourced partnerships, solution design and operation of technology platforms, and a cyber security team who delivered defense, governance, and culture services. The role acted as both the Chief Information Security officer and Chief Technology Officer. As the Chief Information Security Officer the role reported to the City's Executive Leadership Team on cyber security risk management. During my tenure we were able to achieve:- successful closure of the Cyber Resilience Program and recognition of the benefits as a GC2018 legacy.- migration to cloud services for the majority of systems and applications.- championed DevOps adoption and development of the City's mobile application- successful COVID-19 technology response.- ~$2m/year annual savings on managed service contract renewals.- healthier partner-customer relationships leading to improved service delivery.- adoption of a new Information Security Policy and associated standards.- establishment of, and advocacy for, the Local Government cyber security information exchange. Show less As the newly established Coordinator Cyber Security (ITSA) I led the implementation of the City's Cyber Resilience Program which aimed to improve end-to-end cyber security across all domains and technology areas of the City.The position was the leader of a brand-new cyber security team that was established as part of the cyber program. I led the definition, design, and establishment of the team along with acting as the delegate-sponsor for the projects within the program.Under my guidance we were able to achieve:- significant reduction of City's cyber risk exposure through multiple successful projects.- consistent governance and reporting to the City's Executive Leadership Team.- establishment and stabilisation of a new cyber security team.- successful implementation of a managed security operations centre ahead of the 2018 Gold Coast Commonwealth Games.- signing of a strategic partnership with a trusted cyber security services provider.- integration of cyber security considerations into procurement, project management, and ICT processes. Show less Working as a member of the Internal Audit team I was responsible to plan, develop, and execute internal audits across ICT and internal controls. These audits were performed in alignment with the City's Internal Audit Policy framework ensure that the independence and quality of the reports was sound. The position had a key focus of establishing relationships with operational control and risk owners to ensure that a foundation of trust existed between Internal Audit and the business units. This foundation enabled a professional working relationship that was not overshadowed by militant compliance and simply had the goal of working together to ensure that the City's operation was well managed. Show less Led the planning and execution of the City's first-ever framework based cyber security risk assessment.The assessment positioned the City to understand it's cyber security risk across ICT and Critical Infrastructure and resulted in the establishment of a three year program to develop and embedded a green-field cyber security capability.The timing of the assessment and year one of the program was designed to be in time for the 2018 Commonwealth Games. This ensured that key cyber risks to the Games were identified and managed. Show less

  • Chief Risk & Audit Officer

    Nov 2023 - now

  • Chief Information Security Officer (Executive Coordinator Technology & Cyber Security)

    May 2019 - Nov 2023

  • Coordinator Cyber Security (ITSA)

    Sept 2017 - May 2019

  • Principal Internal Auditor - ICT

    Sept 2016 - Sept 2017

  • Project Manager Cyber Resilience Assessment

    Feb 2016 - Sept 2016