Summary
Overview
Work history
Education
Skills
Certification
Timeline
Generic

CRYSTAL DUNCAN

Croydon,Surrey

Summary

Attentive and highly capable cyber compliance professional with substantial experience in regulating transport operators and assessing cybersecurity controls across Information Technology (IT) and Operational Technology (OT) environments. Brings meticulous attention to detail and a proven track record of assuring compliance with UK Cyber Regulations, demonstrated through successful assessment of Cyber Assessment Framework (CAF) self-assessments and alignment with relevant cyber and sector-specific standards. Adept at translating complex technical risks into clear, actionable guidance for senior leaders and operational teams, strengthening organisational resilience and supporting secure system design. Underpinned by a strong auditing background, trusted stakeholder relationships and the ability to influence decision-making in safety critical and regulated environments.

Overview

12
12
years of professional experience
5
5
years of post-secondary education
1
1
Certification

Work history

Cyber Compliance Inspector

Department For Transport
Victoria, London
07.2024 - Current
  • Lead regulatory engagement with Operators of Essential Services (OES) across the transport sector, assessing their alignment with the Network and Information Systems (NIS) Regulations and the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF).
  • Provide specialist cyber security advice to OES, supporting secure system design, risk management, and implementation of appropriate and proportionate security measures across IT, OT and safety‑critical environments.
  • Conduct detailed reviews of CAF self‑assessments, Improvement Plans and supporting evidence to evaluate control maturity, identify gaps and recommend improvements.
  • Support delivery of the national Cyber Security Compliance Programme, ensuring DfT meets its statutory obligations as a competent authority and cyber regulator.
  • Develop and maintain cyber security policies, standards and guidance for transport operators, ensuring alignment with NCSC best practice, ISO 27001, NIST CSF and sector‑specific risk profiles.
  • Maintain up‑to‑date awareness of cyber threats, vulnerabilities and mitigations relevant to transport systems, including OT environments.
  • Provide high‑quality written and verbal briefings to senior leaders, policy teams and regulated entities, translating complex technical risks into clear, actionable recommendations.
  • Collaborate with internal cyber, compliance and inspection teams, as well as external Assured Service Providers. For example, the use of NCSC schemes.
  • Build strong, trusted relationships with regulators, operators, technical authorities and cross‑government cyber stakeholders to support secure and resilient essential services.

Internal Auditor

Government Internal Audit Agency
Corsham, Wiltshire
04.2023 - 07.2024
  • Built strong rapport with staff at all levels, engaging effectively with MoD stakeholders to understand business needs and risks while delivering audit work in line with International Professional Practices Framework (IPPF) standards.
  • Delivered risk‑based audits across complex defence and operational environments.
  • Managed end-to-end audit process from planning, scoping, designing testing strategies to fieldwork and report writing to meet strict deadlines.
  • Evaluated governance, risk management and control frameworks, providing clear, evidence‑based recommendations to senior stakeholders.
  • Delivered assurance activities to time, cost and quality while identifying control inefficiencies.
  • Produced high‑quality audit reports and assurance summaries for governance boards and audit committees.
  • Conducted assurance activities to time cost and quality to test and identifying control inefficiencies.
  • Read and correctly interpreted documentation to understand key details, making accurate and value added judgments about the effectiveness of the control framework .
  • Developed flowcharts and data visualisations to clarify audit findings.
  • Facilitated team members with smooth running of audits by preparing detailed, accurate audit planning documentation.
  • Balanced work and study responsibilities through strategic time management, maintaining high quality of service by developing in-depth knowledge of current and emerging audit processes.
  • Acted as Deputy Account Manager, supporting delivery of the audit programme, tracking actions and producing end‑of‑year assurance reporting.
  • Applied strong analytical judgement, professional scepticism and stakeholder engagement skills to influence secure and compliant outcomes.
  • Verified the implementation of agreed management actions, supporting continuous improvement of audit methodologies.

Internal Auditor

Ministry of Defence Audit Function
Corsham, Wiltshire
06.2022 - 04.2023
  • Conducted end‑to‑end internal audits, from planning and scoping to testing, fieldwork and reporting, ensuring delivery to time, cost and quality.
  • Built strong relationships with MoD stakeholders, understanding operational risks and advising on control effectiveness.
  • Interpreted complex documentation and technical processes to assess risk exposure and identify control weaknesses.
  • Supported continuous improvement by recommending enhancements to governance, processes and risk‑management practices.
  • Developed audit planning artefacts, flowcharts and visualisations to support understanding of complex systems.

Digital Forensic Investigator

British Transport Police
Victoria, London
06.2020 - 06.2022
  • Performed digital forensic examinations which include acquisitions, extractions as well as analysis of mobile devices/ other digital media to support law enforcement with criminal investigations.
  • Evaluated, interpreted acquisition results which also included recording findings.
  • Produced evidential reports of acquired data from mobile devices and digital media.
  • Produced well written evidential statements when required by investigating officers.
  • Trained new digital forensic investigators
  • Conducted audits to ensure competence as well as compliance to departmental procedures, ISO/ IEC 17025:2017 and the Forensic Regulator's Codes of Practice
  • Acted as Subject Matter Expert for enquiries relating to digital forensics.

Quality Officer

British Transport Police
Victoria, London
01.2019 - 06.2020
  • Developed quality improvement systems and policies by Identifying risks and opportunities.
  • Created workflows within the Quality Management System (Vivaldi)
  • Provided quality support, assurance and guidance to heads of department and Quality Manager in the implementation of ISO/ IEC 17025:2017accreditation.
  • Oversaw Quality Management System (QMS) maintenance, including change controls, non-conformances and recommendations.
  • Reviewed of corrective actions, liaising with department managers to guarantee timely completion.
  • Planned/ executed risk-based internal audits (remote and on-site) to evaluate risks putting in place controls to ensure continuous compliance with the requirements of ISO 17025 and Forensic Science Regulator (FSR) Codes of Practice and Conduct.
  • Provided department managers with written audit reports.
  • Planned and delivered Quality Management System training which included PowerPoint presentations to improve awareness.
  • Attended ISO meetings with heads of department to discuss highlighted risks along with outstanding actions.
  • Mentored new auditors to improve competence and deliver yearly audit schedule.
  • Attended quality training to maintain thorough knowledge of ISO 17025:2017 requirements and other regulatory expectations.

Submission Officer/ Volunteer Co-ordinator/ Internal Auditor

British Transport Police
Victoria, London
04.2014 - 12.2018
  • Coordinated daily activities such as allocating, vetting and prioritising CCTV download requests from stations together with other locations on the railway.
  • Provided statistics to stakeholders by completing timely accurate data entry which included generating reports to maintain and grow effective working relationships.
  • Acted as Subject Matter Expert for CCTV-related investigations.
  • Acknowledged and replied to all internal and external CCTV enquiries in timely, professional manner.
  • Conducted internal audits including writing detailed audit reports in relation to ISO/ IEC 17025:2017 and Forensic Science Regulator's (FSR) Codes of Conduct.
  • Met with department managers to maintain volunteer opportunity within the department by highlighting gaps in recruitment.
  • Worked with leadership staff to developed volunteer policies, procedures as well as standards to define volunteer tasks.
  • Interviewed and hired volunteers to fill volunteer positions.
  • Supervised, supported volunteers which included reviewing completed work.
  • Recorded and updated the Lesson Exploitation Centre (LXC) database with current lessons learned from departments at my location to promote learning from experience and encourage improvements.

Education

Master of Business Administration - Internal Audit Professional Apprenticeship- MSC

Birmingham City University
Birmingham
09.2019 - 07.2024

BSc Hons - Forensic Science & Investigative Analysis

Kingston University
Kingston upon Thames
07.2013

A-Levels - Science

Crossways Academy
London
07.2006

GCSE -

Catford Girls Business & Enterprise College
London
07.2004

Skills

  • Analytical, problem solving and communication skills; collaborative team player
  • Regulatory expertise in NIS Regulation and CSRB expectations
  • Cybersecurity advisory, including governance, risk management and assurance activities
  • On-site and remote audits end-to-end delivery: audit planning, interviewing and report writing
  • Stakeholder engagement and clear technical communication
  • Understanding of critical essential service systems across IT and OT environments
  • Project management and delivery
  • Digital forensics and evidence reporting
  • Data analysis, data visualisation and documentation
  • ISO Quality process implementation; managing QMS controls, recommendations, non- conformance and continuous improvement activities
  • MS Office knowledge (Word, Excel, PowerPoint, Outlook, Teams)

Certification

2024

  • Certified ISO/IEC 27001 Lead Auditor Course
  • SANS Introduction to Cyber Security Course


2019

  • Chartered Member, Chartered Institute of Internal Auditors
  • ISO 9001:2015 Lead Auditor (QMS) Training Course incorporating ISO 17025:2017 requirements
  • Internal Audit Course with special reference to ISO/IEC 17020/25 Forensic Application
  • ISO/IEC 17025:2017 Awareness


2016

  • Internal Auditors Course


2015

  • BTEC Level 2- CCTV operator (Public Space Surveillance) within the Private Security Industry (QCF)
  • Springboard BTP; Women's development programme

Timeline

Cyber Compliance Inspector

Department For Transport
07.2024 - Current

Internal Auditor

Government Internal Audit Agency
04.2023 - 07.2024

Internal Auditor

Ministry of Defence Audit Function
06.2022 - 04.2023

Digital Forensic Investigator

British Transport Police
06.2020 - 06.2022

Master of Business Administration - Internal Audit Professional Apprenticeship- MSC

Birmingham City University
09.2019 - 07.2024

Quality Officer

British Transport Police
01.2019 - 06.2020

Submission Officer/ Volunteer Co-ordinator/ Internal Auditor

British Transport Police
04.2014 - 12.2018

BSc Hons - Forensic Science & Investigative Analysis

Kingston University

A-Levels - Science

Crossways Academy

GCSE -

Catford Girls Business & Enterprise College

Similar Profiles

Create profile
CRYSTAL DUNCAN