Data Protection Officer & Senior Security Consultant with expertise spanning academic research, regulatory compliance, and industry consultancy. Specialising in ISO 27001, DORA, NIS 2, and NCSC CAF frameworks.
I am a cybersecurity and governance, risk and compliance (GRC) professional with experience spanning academic research, regulatory compliance, and industry consultancy.
I have a proven ability to operate effectively in time-critical environments, combining strong analytical skills with practical delivery across security, privacy, and resilience programmes.
My background includes peer-reviewed cybersecurity research, regulatory and standards-based assurance, and leading client engagements, supported by experience in teaching and communicating complex technical and regulatory concepts to diverse audiences.
From academic research to industry leadership in cybersecurity and GRC.
Sapphire | United Kingdom
Appointed DPO providing independent oversight and strategic advice on data protection compliance. Responsible for ensuring adherence to UK and EU data protection legislation including GDPR. Lead privacy governance design, implementation, and monitoring including policies, training, audits, and records of processing. Own breach management and incident response, and lead delivery of DPIAs and DSARs.
Sapphire | United Kingdom
Senior consultant within the GRC practice, leading complex client engagements across regulatory compliance, security assurance, and risk management. Product owner for Third-Party Risk Management services. Provide vCISO and vISM services across healthcare, finance, and industrial sectors. Lead successful tender responses across ISO 27001, ISO 27701, ISO 22301, ISO 22237, ISO 42001, and regulatory frameworks including GDPR, DORA, NIS 2, NCSC CAF, and NIST CSF.
Sapphire | United Kingdom
Delivered GRC consultancy as SME in DORA and NIS2 Directive. Led engagements covering ISO 27001, ISO 22301, and ISO 27701 across gap analysis, implementation, internal audit, and certification support. Delivered security awareness training, business continuity planning, and regulatory readiness across transport, logistics, education, healthcare, manufacturing, and finance sectors.
Heriot-Watt University | Edinburgh
Research role on the SECRIOUS project investigating how new-code and non-traditional entrants engage with cybersecurity concepts in software engineering. Focused on enabling individuals to understand attacks, defences, and vulnerabilities. Contributed to innovative, human-centred approaches to cybersecurity education working across cybersecurity, games research, and HCI disciplines.
Peer-reviewed work in robotics security, side-channel attacks, and IoT privacy.
arXiv preprint
Digital Threats: Research and Practice (DTRAP)
ACM WiSec 2022
arXiv preprint
arXiv preprint
ACM WiSec 2021 — Abu Dhabi, UAE
ICISS 2020 — 16th International Conference on Information Systems Security
ACM WiSec 2019
arXiv preprint
ICDCN 2019 — International Conference on Distributed Computing and Networking
Comprehensive skills across compliance, security, and technology.
University of Strathclyde
2018 – 2022
Thesis: "Security of Robotic Workflows" — Research focused on security of robotic, cyber-physical, and safety-critical systems, with emphasis on calibration security and operational privacy. Explored passive side-channel threats, access control, and blockchain-based approaches using machine learning and signal processing techniques.
Heriot-Watt University
2014 – 2018
Strong focus on software development, networking, and cybersecurity. Final-year project designed and implemented a tool to identify and remediate IoT devices vulnerable to Mirai malware in real time. Advanced coursework in network security, AI, machine learning, and distributed systems.
Interested in discussing cybersecurity, GRC, or potential collaborations? Reach out through Sapphire or connect on social media.