Summary
Overview
Work history
Education
Skills
Custom
Affiliations
Timeline
AdministrativeAssistant

Amanda Munro

Governance & Regulatory
Edinburgh

Summary

Energetic employee well-versed in strong communication and organisation skills. Seeks solutions to problems and applies extensive analytical knowledge to findings. Adept at multi-tasking, leading group discussions and managing projects. Hard-working professional with strong organisational skills. Achieves company goals through exceptional planning and prioritisation. Experienced with multi layered regulatory and compliance disciplines over 15 years in GDPR & InfoSec industry. Excellent reputation for resolving problems and improving customer satisfaction. Offers flexible schedule to deliver on team goals. Passionate professional in data accuracy and management. Independent problem-solver focused on customer service and product development. Works well under tight deadlines. Secures team success through hard work, attention to detail and excellent organisation.

Provide SME consultancy for projects and initiatives to safely traverse the GDPR, Info Sec, regulatory and compliance space, including networks, cloud platforms, AI & ML, 3rd parties, vendors & contractors within a GDPR, DLP, AI, SOX, PCI, Zero Trust, NIST & OWASP space taking a risk based approach. Attend exception and risk meetings to attach a value and manage and mitigate the risks associated with the group functions.

More recently delivered a strategy for a secure development lifecycle and associated coaching & development. Responsible for driving compliance to policy, data governance, regulation and legislation e.g. GDPR, PCI, HIPAA, TSA through providing leadership, driving behavioural and cultural shift left and best practice policy. Demonstrating compliance several elements such as STRIDE threat modelling, contribution to policies, risk and exception processes, ensuring that stakeholders and data users are familiar with policy and creating multiple customer-facing documentation such as information wikis, crib sheets, websites and offline forms.

Overview

32
32
years of professional experience

Work history

Cyber Security Consultant

Sky UK
Hybrid
01.2024 - Current
  • Design & delivering cyber security strategy, aligning it to business objectives across a wide platform base including BI, Cloud and networks.
  • Monitored use of data files and regulated access to protect secure information.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Recommend improvements in security systems and procedures.
  • Developed plans to safeguard computer files against modification, destruction or disclosure.
  • Maintained system compliance with legal requirements and company security standards.
  • Conducted ongoing threat monitoring and targeted audits on systems.
  • Define and deliver a group wide SDL programme, continuously improving staff development, encouraging learning, and identifying areas where capabilities need to be improved
  • Deliver coaching in a non-tech format
  • Support the definition, delivery and implementation of programmes delivering compliance with regulatory requirements such as EU AI, NIST, TSR, GDPR, ISO27001, CISSP, etc
  • Knowledge and understanding of cybersecurity threats and associated attack techniques
  • Assessing and recording cyber security risks
  • Significant experience in assessing technical designs across multiple IT/AI/ML/IOT/Vendor disciplines and consulting on appropriate security controls within policy & standards
  • Continuous improvement and promotion of Cyber Security
  • Awareness and respond to the rapid changes in the Cyber space.
  • Promoted and trained systems users in security awareness to maintain system security.
  • Drafted security governance policies and procedures for company assets.
  • Worked with application teams in applying secure practices to software implementation.
  • Led data privacy campaigns to promote information security.

Senior Cyber Security & Compliance Analyst

Sky
01.2019 - 01.2024
  • This role involved consulting on different elements of security, risk, compliance, and data governance.
  • Identifying risk from planned or in-flight deliverables, including tracking risk, projects, exemptions, risk assessments and attending compliance calls where required
  • Providing compliance advice and guidance whether that be regulatory, safeguarding, marketing, data governance, legal, AI and ML.
  • Consulting and performing threat models which assess the risk on the design and operation of some of the most important projects as well as platforms systems that handle Sky’s most sensitive information and provide some of the most critical functions
  • Advising stakeholders & technical leaders at all levels on which best course of action to take to become secure & compliant
  • Cascading best practice frameworks
  • Evangelising and promoting best practise at an early stage and to be front footed on compliance
  • Creating share-point web pages and adding to the Cyber Agile Academy documents and policy operational support where other compliance routes may be required
  • I create and deliver documentation to drive behaviours across the business, I also make use of other channels such as workshops and roadshows to raise awareness
  • Exemplary at looking at a project or plan holistically and identifying compliance needs
  • Superb at networking and have many contacts in key business areas to support compliance
  • Attending Project review boards and peer review calls
  • The translation of policy to how that works “on the ground”
  • My heart sits in compliance and “doing the right thing”
  • Working with the GRC teams to assess risks and attach a value and where possible help deliver mitigation of the risk
  • Support the delivery of Sky policy as a reviewer, also establish the policy for DLP
  • Support and develop the new team members using in house training workshops and materials and establish better ways of working within the team
  • Deliver threat model workshops to a wide and varied audience.
  • Drafted reports on compliance measures, potential vulnerabilities and corrective action plans.
  • Reviewed current legislation and regulatory requirements to address issues of non-compliance.
  • Worked to quickly and effectively resolve identified compliance issues, uncovering root causes and implementing swift action plans.
  • Identified and mitigated potential risks with comprehensive risk assessments.
  • Championed company initiatives related to anti-bribery and corruption, anti-money laundering and combating financing of terrorism.
  • Responded to control, audit and regulatory requests within established timelines.
  • Delivered presentations to stakeholders, detailing complex compliance data in digestible terminology.
  • Delivered financial oversight and advice to corporate stakeholders, improving strategic planning.
  • Advised management teams and Board of Directors regarding compliance-related issues to reduce corporate risks.

Data Governance Analyst

Sky UK
01.2017 - 01.2018
  • Experience in creating top-down and bottom-up data governance framework
  • Assisted with continuous improvement initiatives, applying data findings to address underperforming areas.
  • Automated tasks to increase efficiency and reduce department workload.
  • Drafted procedure manuals, work definitions and standard operating procedures by job title or work area.
  • Data Quality framework
  • Creating & delivering training new and cascading compliance messaging
  • DLP
  • Create department Risk register
  • Consulting on projects
  • Experienced in creating and promoting metadata via delivery of a reusable framework of processes and methods
  • Creating best practise in the transit, storage and auditable logging of PII data
  • Provide Data governance knowledge in relation to the transition of data from Netezza and BO universes to Hadoop, data lakes and more recently cloud platforms
  • Assist in the team Data Governance strategy
  • Been part of the development team for tagging system that identifies the use of any PII or PCI data
  • EU AI regulations
  • Has a detailed knowledge of applicable legislative and regulatory requirements and a strong knowledge of current data governance 'Best Practice' within BI/MI environments
  • Experienced in defining and delivering Data Quality/Audit solutions with a proactive approach to the measurement of key metrics
  • Tracking governance, data quality, and qualitative related measures and taking appropriate action
  • Perform assessments of policy compliance across all deliverables of data to business users
  • Understanding of relational databases structures, theories, principles and practices and knowledge of capture, update, usage and other core business processes that influence the data life cycle
  • Deliver effective communications, on a personal & wider company level that cascade best practise governance, especially in the lead up to GDPR
  • Contribute to policy standards and mandatory ICO regulations e-learning courses in line with business practice
  • Assist with audits
  • Communicates effectively with both technical and business stakeholders at all levels
  • Provide data governance leadership
  • Record and track risks to conclusion
  • Project Management Compliance
  • Ability to lead & facilitate workshops and training
  • Excellent and proven problem-solving skills
  • Excellent and proven negotiation and influencing skills
  • Ability to work with cross-functional teams
  • Excellent presentation and reporting skills
  • Understands how to manage risk and escalate
  • Proficient in MS Office applications (Word; Excel; Power Point etc)
  • Comfortable with the use of off-the-shelf or bespoke IT applications.

Data Quality Executive

Sky
01.2013 - 01.2017
  • Working as a member of the data governance team at Sky, my role involves creating and promoting metadata via a reusable framework of processes and methods
  • Data Quality & Audit solutions and measurement of key metrics
  • Providing & maintaining valuable information to the Share Point site
  • Supporting wiki and ensuring best practice is applied to data
  • Ensuring good processes and detailed communications are cascaded to project teams to ensure compliance in safe-guarding the data
  • Ensuring 3rd party contracts are in place
  • Providing admin support for the team.
  • Defined and implemented quality standards across production processes, enabling improved outcomes.
  • Directed recruitment activities to select and hire talented workforce.
  • Identified factors in social, political and economic trends with potential policy impacts.
  • Collaborated with cross-functional teams to develop and implement new policies.

Shared Services Executive

01.2011 - 01.2013
  • Timebound MI & BI reporting for the exec and teams across the business
  • Managing and deliver small projects within the team from scoping requirements to positive outcome
  • Provide support and assistance where necessary
  • Manage Senior Stakeholder communications including risks, issues and progress to conclusion
  • Supporting the team in a leadership capacity and this has involved ensuring stakeholders expectations are managed accordingly, and that the team are working together for consistent outcome and delivery times exceeded within the agreed SLA’s
  • Optimise team efficiencies and matching work stacks to individual strengths and at the same time providing support where development is required
  • My role involves timely delivery of BAU reporting, whilst also seeking continuous improvement
  • Excellent documentation and communication of working process via multiple media
  • Ensuring data protection best practices are adhered to.

Report Developer

01.2002 - 01.2011
  • Collation, analysis and presentation of clear and precise information relating to Key Performance Indicators for the Supply Chain and Finance areas of the business
  • Management and delivery of the BAU tasks to the Shared Services Exec Team
  • Using advanced office packages and business objects
  • Developing reports for key stakeholders that are easy on the eye with creative flair
  • Excellent management of stakeholders setting realistic expectations with good working practices and communication styles
  • Working to deadlines and right first time delivery
  • Management of own work stack and change requests
  • Arranging and facilitating meetings with stakeholders and organising work deadlines to accommodate requests in priority order
  • Ensuring documentation practices are up to date and sense checked on a regular basis for consistency
  • Assessment of delivery, accuracy and best practice methods for business as usual tasks
  • Ensuring governance issue and implemented checks to ensure that the data I use is compliant
  • Building and maintaining great stakeholder relationships.

Performance KPI Analyst

01.2000 - 01.2002
  • This was the first team to provide a central base for reporting throughout BskyB with the provision of KPI data
  • Production and identification of trends and performance for telephony team managers
  • Effective management of stakeholders.

Nightshift Viewing Cards Team Manager

01.1997 - 01.2000
  • Team manager within viewing cards for the launch of digital, including tight stock control, reconciliation and liaising with VIP customers
  • Staff reviews and regular appraisals, identifying and executing training
  • Ensuring that the team are uniform in their direction and working practices
  • Management and resolution of customer complaints via letter or email
  • Managing the nightshift team which consisted of large volume stock control and tight security and organisational skills and effectively manage any issues which arose from that
  • Manage staff rotas and prioritise tasks efficiently
  • Crisis management arising prior or during Box Office/PPV events of VIP accounts
  • Clear and concise handovers
  • Role ended due to redundancies.

Technical Department

01.1993 - 01.1997
  • Joined Sky as a temp in 'Quick start', progressing through to a permanent role, Experienced Operator then Senior Operator within technical department
  • Writing a descriptive manual that provided key elements of technical information for the old style boxes that was used as a bible until the launch of digital.

Assistant Manager

Ratners Jewellers PLC
01.1993 - 01.1997
  • Progressed through to Assistant Manager managing a small daily team and increasing to over 35 staff during the festive periods
  • Responsible for staff training, stock, delivery, key holder and cash handling, and directly responsible for management
  • Delivery of daily figures & watch sales
  • This role ended due to collapse of company.

Education

James Gillespies high school
Edinburgh

Skills

  • Communication skills
  • Resourcefulness
  • Strategic planning and review
  • Business process mapping
  • Stakeholder management
  • Analytical
  • Best practices and standards

Custom

  • Golf
  • Travel
  • Glamping
  • Project management of local events and social gatherings

Affiliations

  • Golf
  • Holidays

Timeline

Cyber Security Consultant

Sky UK
01.2024 - Current

Senior Cyber Security & Compliance Analyst

Sky
01.2019 - 01.2024

Data Governance Analyst

Sky UK
01.2017 - 01.2018

Data Quality Executive

Sky
01.2013 - 01.2017

Shared Services Executive

01.2011 - 01.2013

Report Developer

01.2002 - 01.2011

Performance KPI Analyst

01.2000 - 01.2002

Nightshift Viewing Cards Team Manager

01.1997 - 01.2000

Technical Department

01.1993 - 01.1997

Assistant Manager

Ratners Jewellers PLC
01.1993 - 01.1997

James Gillespies high school

Similar Profiles

Create profile
Amanda MunroGovernance & Regulatory