Governance, risk & compliance for organisations operating across borders.

An information security professional with a proven experience in stakeholder engagement, cross-functional collaboration, and regulatory liaison — specialising in safeguarding organisations through risk assessments, internal controls, compliance monitoring, and coordinated audit response across international financial services.

Start a conversation → Download resume ↓

01Professional profile

Governance, risk & compliance specialist with a cross-border focus.

A GRC specialist with five years of experience managing compliance obligations across demanding regulatory environments in international financial services. At Zepz, this means coordinating ten regulatory regimes simultaneously — from DORA and PCI-DSS to NYCRR 500 and RMiT — while maintaining the third-party risk programme, driving audit readiness, and keeping policy aligned with operational reality.

A Postgraduate Certificate in Cyber Security from Harvard University and a Distinction-graded International Master's in Security, Intelligence and Strategic Studies underpin a genuinely analytical approach to governance — producing a practitioner who assesses risk accurately, communicates clearly at every level, and builds controls that work in practice.

Specialisation

GRC · Information Security

Years of experience

Current sector

International financial services

Academic foundation

Master's Degree

02Regulatory coverage

Regulatory experience spanning multiple jurisdictions.

Global jurisdiction footprint

UK & Europe

7 frameworks

DORAPSD2PSREMRITRQEBA Outsourcing

Americas

3 frameworks

NYCRR 500MultistateRPAA

Asia-Pacific

2 frameworks

RMiTBAC

Cross-industry

5 standards

PCI-DSSISO 27001NIST CSFSOC 2SWIFT CSP

03Case studies

GRC delivery in action.

03.01 / Third-party risk management

Operationalising security controls at speed

Performing security risk assessments on third-party vendors to evaluate supply chain exposure, scoring inherent and residual risk, reviewing vendor security questionnaires, and tracking remediation of identified gaps. Managing the full vendor risk lifecycle from onboarding through continuous monitoring, ensuring contractual security obligations are met and evidence is maintained for audit.

03.02 / Organisational resilience

Building resilience through structured teamwork

Coordinating cross-functional compliance programmes across engineering, legal, and operations to close control gaps and strengthen organisational resilience. Conducting gap analyses against regulatory baselines, developing remediation roadmaps with measurable milestones, and ensuring business continuity planning aligns with framework requirements such as DORA and NIST CSF.

03.03 / Stakeholder Management

Driving policy change through evidence and influence

Engaging stakeholders at every level — delivering security awareness training to operational teams, presenting control effectiveness and risk appetite reports to senior leadership, and coordinating with regulators on formal compliance communications. Translating complex regulatory requirements into actionable policy documentation that embeds compliance into daily operations.

04Service lines

Core competencies.

04.01 · RISK

Risk Management

Performing due diligence and security risk assessments on third parties to assess and evaluate potential supply chain impacts. Managing vendor risk lifecycle from onboarding through continuous monitoring.

TPRMDue diligenceVendor managementSupply chainIAMRisk appetiteGap analysisRisk register

04.02 · CONTROLS

Internal Controls

Designing and recommending internal controls to minimize information security risks. Driving continuous improvement of the control environment through remediation planning and effectiveness testing.

SOC 2PCI-DSSControl designRemediationContinuous monitoringEvidence collectionControl testingRisk mitigation

04.03 · REGULATORY

Regulatory Compliance

Reviewing and assessing organisational compliance with international financial regulatory obligations. Leading cross-functional stakeholder engagement to translate regulatory requirements into operational controls.

Cross-borderFramework alignmentRegulatory liaisonEU AI ActChange managementObligation trackingStatutory adherence

04.04 · AUDIT

Audit & Policy

Preparing and coordinating responses to internal and external audits and regulatory communications. Managing the full policy development lifecycle and delivering security awareness training across the organisation.

Audit readinessPolicy developmentEvidence packagingBoard reportingTrainingControl narrativesStakeholder workshops

05Experience

Professional experience in information security and technology.

2023 — Now

Governance, Risk & Compliance Analyst

Zepz · Remote

● Current

Performed security risk assessments on third-parties to assess and evaluate potential supply chain impacts.
Recommended directions for internal controls to minimize the likelihood of information security risks.
Reviewed and assessed organisational compliance with international financial regulatory obligations.
Refreshed policies and procedure documentation in addition to ensuring adherence with these.
Prepared and coordinated responses to internal and external audits and regulatory communications.
Supported payment operations across international boundaries connecting to multiple payment partners.
Led cross-functional stakeholder engagement with engineering, legal, and operations teams to embed compliance into business processes.
Contributed to board-level risk reporting on control effectiveness, risk appetite, and remediation progress.

2021 — 2022

Computer Science Teacher

Two Secondary Schools · London

Planned, designed, and delivered computer science lessons to students aged 11 to 18.
Assessed students' subject knowledge progression against internal and national standards.

2017 — 2019

Information Technology Services Graduate

Babcock International Group · Portsmouth

Conducted placements across multiple different departments within IT corporate services.
Onboarded hundreds of users onto the corporate network after a company acquisition in Canada.
Migrated and implemented a new content management system for the corporate website.
Identified aims, objectives, functional, and non-functional requirements for upcoming projects.
Ensured security compliance with technical assets and their incorporation into technical solutions.

2015 — 2019

Military Armed Forces Reserve Soldier

British Army · Across the United Kingdom

Completed military training to become a soldier and received specialist aviation communication training.

2016 — 2017

IT Support Specialist

Lancaster University · Lancaster

Managed hardware and software upgrades on endpoint technology assets during large scale changes.

06Credentials

A foundation in theoretical and practical knowledge.

Education

Postgraduate Certificate in Cyber Security
Harvard University · 2022–2023
Postgraduate Certificate in Education (PGCE), Computer Science
King's College London · 2021–2022
International Master's in Security, Intelligence & Strategic Studies
University of Glasgow / Dublin City University / Charles University Prague · 2019–2021
Bachelor of Science (Honours) in Information Technology Management
Lancaster University · 2014–2017

Certifications

CompTIA

Advanced Security Practitioner (CASP+ / SecurityX)Cybersecurity Analyst+ (CySA+)PenTest+Security+Cloud+Network+A+Project+

ISC2

Certified in Cybersecurity (CC)

Microsoft Certified

Security, Compliance and Identity Fundamentals (SC-900)Azure Artificial Intelligence Fundamentals (AI-900)Power Platform Fundamentals (PL-900)Dynamics 365 Fundamentals

Microsoft Office Specialist

ExcelWordPowerPoint

07Differentiators

What sets this profile apart.

07.01 / Communication that drives compliance

Translating complexity into action

Effective GRC depends on stakeholder buy-in — from engineering teams embedding controls to board members approving risk appetite. A proven ability to make regulatory complexity accessible to every audience, turning policy into operational reality rather than shelfware.

"Controls only work when the people they govern understand why they exist."

07.02 / Composure under regulatory pressure

Calm delivery when it matters

Regulatory deadlines don't move. Whether preparing evidence for an external audit, coordinating a multi-jurisdictional compliance response, or managing overlapping framework obligations against a fixed timeline, the work demands clarity under constraint. A structured, methodical approach — built through years of operating in high-stakes environments — ensures that rigour doesn't drop when timelines compress.

"Good governance under pressure is the result of preparation, not temperament."

07.03 / Strategic foresight on emerging risk

Ahead of the regulatory curve

AI governance, operational resilience under DORA, the evolving EU AI Act — the next generation of GRC challenges requires practitioners who can see beyond the current compliance cycle. Academic research on emerging strategic risks and offensive cyber capability provides the strategic depth to anticipate what frameworks haven't yet codified.