Frederick Gyebi-Ababio

Information Risk Management for HR and Corporate Business Impact Analysis for new and existing projects Communication with stakeholders to track existing information risks and controls Working with Shell Global business operation centres on information risks and incidents

I am responsible for the overall management of LawTech Europe Congress. Our aim is to make LawTech Europe Congress the premier Legal Technology Event in Central and Eastern Europe. The four main themes of the conference are: digital evidence, forensic investigations, cyber security, and law office technologies.

Governance Risk & Compliance Vulnerability Management Identity & Access Management ISO27001 Security Assessment and Auditing GDPR Consulting

• ISO27001 Risk Assessments • Creation of Project Risk Registers • Analysis of cyber security threats and reporting to management

• Security assessment for Mobile Device Management software from Blackberry • Virtualization and cloud computing technologies • Reviewing security aspects of desktop migration from Win 7 to Win10 • Qualys Web Application and PCI Scanning • Conducting a study for AG Insurance on network segmentation for enhanced security • Managing the security response for serious security breaches such as ransom-ware

• Assessing results from vulnerability scans and PCI pentests • Risk assessment in line with the client’s business objectives • Management reporting

• Running and managing Qualys scans in line with WorldPay’s Compliance policy • Assessing vulnerabilities and rating them in line with business objectives • Assessing pen-testing results • Assessing project designs for security readiness • Developing hardening policies • Managing and reviewing technical security vulnerabilities

• Project and problem management, monitoring, and maintenance • Communication to relevant stakeholders regarding deliverables • Communicating with various business areas with regard to Integration of Web applications into the SSO platform • Assisting in developing functionality to improve Single Sign On services • Managing the assessing of risk to AC information and recommending appropriate controls • Administration of Oracle Access Manager

• Analysing the Agency’s risk register and proposing effective countermeasures • Developing information security metrics for better security management • Creating security compliance reporting for senior management • Managing risks associated with new projects and reporting to the head IT Security Operations • Assessing technical vulnerabilities to servers and desktops using the qualys vulnerability management tool • Creating management reports on AV and Patching progress for the EA estate

• Developing a risk management approach to Data handling for business units within the Home Office • Assessing business unit risks on behalf of the Home Office SIRO • Assisting Home Office Information Asset Owners identify and assess risks to their information assets • Participating at, and contributing to the Home Office Information Assurance Consultation Group to discuss the progress of the Information Assurance Programme

• Developing a risk management approach to IT Security Audit within the CPS • Leading 27001 auditing exercise at CPS • Assisting Internal audit to review and evaluate CPS IT Security Infrastructure and its adequacy • Investigating the links between the risk registers at the local level and the departmental risk register • Evaluating the effectiveness of CPS’ business continuity plans • Identifying risks associated with CPS data transfers to 3rd parties

• Risk assessments using Citicus One • Policy compliance for SOX purposes • Criticality analysis and remedial action planning • Threat & Vulnerability analysis and reporting using Qualys Guard • Reviewing Standards, Procedures & Guidelines for AXA-TECH • Monitored Email that was quarantined to verify their content and impact on AXA’s network and reputation • Raised change requests to ensure that the identified vulnerabilities were patched

• Requirements Repository for NHS Connecting for Health • Rollout of strategic remote access technologies for HMRC • Providing consultancy in aspects of security architecture • Providing security thought leadership • Delivered technical solutions to support identified security, privacy and safety requirements • Worked with Customer Security Managers, Security Governance Architects, Technical Architects, and Solution Designers

• Influencing and promoting security principles • Policy compliance and security monitoring • Carrying out awareness training, and writing awareness articles • Documenting and communicating security standards to support the IT security policies of AXA-Tech • Assisting with implementation, operation and maintenance of appropriate information security controls for services delivered or used by AXA Tech UK • Ownership of problem cases till their resolution is reached

• Sarbanes-Oxley Act 2002 for the Chicago based offices • BS7799 for UK based offices • Proprietary risk management tools • Electronic market access • Identifying key IT security risks issues in the process of protecting critical trading information • Network Security Support

• Network security using Group Policy and IP Sec • Wireless security and documentation • Intrusion Detection • File backup and disaster recovery techniques • Risk Analysis • Experience with Cisco PIX 515e/ 501, Sonicwall, and Checkpoint • Windows 2003/2000/NT/Exchange server management • Cisco Networking skills, IP Telephony, TCP/IP • VPN installation, configuration, and support • IT infrastructure migration

• RPG (ILE) Skills. Visits to customer sites to train users on use of new software • Use of ICMS (Integrated Customer Management System) • Software development and database reporting for NTL • Experience with Command Line programming