Ralph is a trusted advisor on Global Privacy and Security compliance, practices and management. He believes good information governance adds business value to achieve business objectives and return on investment. His role includes acting as a senior level "translator" between IT, business and compliance professionals, thought leadership, business development, partnerships and product development. His experience includes strategic GDPR adoption programmes, advisory services and assurance delivery in global multinational environments.
Prior to that, he has been an experienced Product and Services business development lead, Principal Consultant and Manager, delivering training, consultancy and audit of data protection, business continuity and information security - Management of consultancy and audit teams across multiple topics, responding to tenders and delivering solutions proposals. He is a BSi lead assessor and BCS/ISEB lead tutor in information security management.
He has worked in a wide variety of industry sectors including the with a focus on Defense, Public Sector, Pharma and Financial Services, representing both multinational corporations and boutique specialist consultancies.
He continues to be a hands-on practitioner, combining business level consultancy with training and technical experience. He has implemented the ISO 27002 code of practice and has repeatedly both assessed and implemented ISO/IEC 27001, BS 10012-2, ISO 9001 and BS25999-2 standards through to certification. He was responsible for the first global joint 27001/25999 management system to be certified.
With a focus upon business processes and the protection of information, and an ethos of management assurance, risk management and knowledge transfer he continues to ensure effective protection of assets appropriate to the business needs of the client.
(2020) CDPSE, Certified Data Privacy Solutions Engineers, ISACA
(2016) Fellow of Information Privacy, International Association of Privacy Professionals
(2015) CIPT, Certificate in Privacy Technologist, International Association of Privacy Professionals
(2014) CIPM, Certificate in Privacy Management, International Association of Privacy Professionals
(2013) CIPP Europe, Certified Privacy Professional, International Association of Privacy Professionals
(2011) ISO 27002 Implementation Exin course and ISO 27001 Lead Implementer IT Governance
(2010) BS 25999-2 Implementer, IT Governance (now ISO 22301) and ISO 27001 Lead Audit, IT Governance
(2006) Information Security Management Principles, British Computer Society, ISEB (Distinction level)
(2006) Lead Tutor for ISEB CISMP course, British Computer Society
(2006) Planning and Documenting DBsy Risk Assessments, QinetiQ
(2005) BSi Registered Lead Auditor ISO 9001 and ISO/IEC 27001, British Standards Institution
(2004) Diversity Training, Advisory Conciliation and Arbitration Service (ACAS)
(2003) CRAMM IS Risk Management, Mentis Consultancy
(2003) Data Protection Audit Manual Techniques & Methodology, Privacy laws & Business international
(2002) Project Management skills, Design Basics, Human Rights Act for supervisors
Key Achievements
Participated in the assessment of Gap Analysis and subsequent creation of Privacy management programmes for global organisations through to small and medium enterprises
Assisted organisations to improve their information governance as part of sustainable management systems across global enterprises
Advised and assisted global businesses with projects including; international transfer frameworks, data inventories, rights requests, privacy notices and more.
Strong Information Security specialism in ISO/IEC 27001, assisting over 30 organisations to successfully certify to the standard, and was a BSi assessor to decide if organisations can attain accredited certification
Develops/delivers bespoke training materials for privacy and security, is an IAPP approved trainer, and BCS ISEB course director for Information Security and Data Protection Management courses
Utilises and creates governance frameworks including writing Codes of Practice, the ACPO Data Protection Audit Manual, and standards Committees such as ISO 27001, ISO 27701, BS 10012 etc.