Anthony Tatum - CISA, CISM, PCI ISA

Experience

• 

  Bux Corrugated Containers

  Sept 1988 - Dec 1990

  Trainee Engineer
• 

  NORWICH UNION LIFE & PENSIONS LIMITED

  Jan 1991 - Dec 2000

  • Project Manager

    Jan 1999 - Dec 2000

  • IT Support Specialist

    Jan 1993 - Dec 1998

  • Customer Service Representative

    Jan 1991 - Dec 1992
• 

  Aviva plc

  Jan 2001 - May 2006

  IT Auditor

  - Qualified as an ISACA Certified Information Systems Auditor (CISA).- Identifying key business and IT risks and conducting related audit assurance reviews.- Responsible for a wide range of audits, but specialising in IT. - Reviews included IT change, application development, asset management, physical security and business continuity. - Nominated member of the FAST (Federation Against Software Theft) accreditation steering group.- Secondment to Aviva Finance during 2004 to aid with a major risk and compliance project. Show less

• 

  Norwich and Peterborough Building Society

  Jun 2006 - Dec 2007

  Working within a team of Audit and Fraud Investigation professionals, my key responsibilities were:- Identify key business and IT risks and conduct related audit assurance reviews as well as Branch inspections. Sole responsibility for IT assurance.- Reviews conducted included data security; IT access; change management; and two significant IT project developments. Also conducted business process reviews of underwriting and mortgage administration.- Point of contact for relationship with external IT audit teams.- Nominated representative for the UK Computer Auditors Management Group. Show less

  • Data Security Manager

    Mar 2007 - Dec 2007

  • Internal Auditor

    Jun 2006 - Mar 2007
• 

  BGL Group

  Jan 2008 - Aug 2017

  I managed ongoing Payment Card Industry Data Security Standard (PCI DSS) compliance for the BGL Group, delivering PCI v3.1 in January 2016 and v3.2 in January 2017. I also had a key role in delivery of GDPR compliance. My responsibilities included: - Sole responsibility for the governance and compliance testing of 300 MOTO and eCommerce security controls at a Level 2 PCI Merchant- Providing assurance reporting to the BGL C-Level and Acquiring Bank- SME for all PCI matters within BGL- Writing and updating of Policies and Standards- Maintaining key relationships with the Acquiring Bank, Service Providers and QSA's as well as numerous internal relationships with business and IT teams- BGL representative at the UK Insurer PCI Working Group.- Security role on an internal GDPR compliance programme. Show less Delivery of Payment Card Industry Data Security Standard (PCI DSS) v3.0 compliance for the BGL Group in January 2015. Included qualifying as a Payment Card Industry Internal Security Assessor (PCI ISA). Key responsibilities included:- Identifying payment card data security control gaps- Agreeing actions and timelines to address these gaps, providing PCI expertise to action owners- Tracking and managing actions, progress, risk and priority- Assessing and recommending supporting tools and techniques- Assessing and maintaining evidence of controls implemented- Representing BGL at UK Insurer PCI Forum, key contact for BGL's Acquiring Bank and Qualified Security Assessors (QSA's)- Reporting of Compliance status to the BGL Executive and Acquiring Bank Show less I worked alongside Risk, Compliance and Legal specialists within a Professional Services function, reporting into Director level. Included qualifying as an ISACA Certified Information Security Manager (CISM) to provide assurance oversight of a Data Security Programme. Key responsibilities included:- Planning and delivering IT assurance reviews for the Groups business units including Comparethemarket, Budget Insurance, Bennetts Bike and Fusion Contact Centres.- Reviews conducted included Physical Security; Website Security; IT Service Management; as well as numerous IT system reviews. - Sole assurance oversight of a two year, group wide Data Security programme that included PCI DSS.- SME for a Group wide Business Continuity & Disaster Recovery programme. - Professional Services representative on various project, charity and social event steering and working groups. Show less

  • PCI Compliance Manager

    Jan 2015 - Aug 2017

  • PCI Internal Security Assessor

    Jun 2013 - Dec 2014

  • IT Audit Manager

    Jan 2008 - Jun 2013
• 

  Comparethemarket.com

  Aug 2017 - now

  I manage key risk and control processes that apply to the Comparethemarket business.- Defining and agreeing risks and controls with business owners, and documenting these in a clear and measurable format- Ongoing assurance testing that the controls are designed and operating effectively- Tracking and reporting of risks and controls via the organisations Kairos risk management software- Specific focus on Cyber Security and Data Security controls, and aligning these with Centre for Internet Security standards- Key role in the Due Diligence of partners/suppliers Show less

  • Technology Risk & Resilience Manager

    Nov 2021 - now

  • Risk & Assurance Manager

    Aug 2017 - Oct 2021