Summary
Overview
Work history
Education
Skills
Custom
Affiliations
Accomplishments
References
Timeline
Generic

Robert Dunn

Edinburgh

Summary

Collaborative and pragmatic risk and security consultant with a commitment to excellence, and with several years of experience. Experienced in third party risk management, information security management, business continuity management and operational risk management and looking to leverage my skills and experience to help organisations improve.

Overview

21
21
years of professional experience
3
3
years of post-secondary education

Work history

Senior Information Security Consultant

Aegon Global Technology Services
Edinburgh
11.2022 - 10.2024
  • Conducted risk and control assessments on applications, processes, projects and technologies
  • Assisted major projects to successfully identify and remediate risks
  • Created risk training material
  • Built and launched an improved intranet site
  • Developed a risk culture programme
  • Ran three risk committees

Supplier Assurance Manager

Metro Bank
09.2021 - 11.2022
  • Performed supplier assurance reviews covering information security, business continuity, fraud, supply chain, records management, and physical security
  • Assisted with preparation for compliance, reviewed methodology and toolset, integrated assurance reviews into risk framework, mentored colleagues, attended meetings with senior managers, established regular reporting on key metrics, involved in continuous improvement activities.

Supplier Assurance Manager

Lloyds Banking Group
02.2021 - 09.2021
  • Conducted supplier assurance reviews relating to information security, resilience, and technology across the supply chain
  • Documented internal processes, identified key process and risk indicators, implemented a continual assurance process.

Information Security Manager

Aegon Asset Management
02.2019 - 12.2020
  • Involved in major projects including developing an integrated operational risk management solution, IT control framework project, and identity and access management project
  • Worked closely with colleagues across different locations and lines of defence.

Sabis UK IT Risk and Control Manager

Sabis UK
06.2017 - 02.2019
  • Built and maintained a risk management and reporting framework, aligned existing frameworks, identified control issues, managed audits and audit actions, introduced a risk and control self-assessment process, took on the role of supplier risk manager, served as Data Protection Officer.

State Street

State Street
08.2015 - 06.2017
  • Improved the toolset and remodelled it to fit into a new GRC platform, mentored junior staff, carried out supplier security reviews.

Sainsbury's Bank Supplier Assurance Manager

Sainsbury's Bank
12.2014 - 08.2015
  • Performed information security reviews on key suppliers, developed the process and toolset, closed audit actions, created and delivered a schedule of information security reviews, reported and tracked issues, managed the team.

Tesco Bank Information Security Manager

Tesco Bank
07.2012 - 12.2014
  • Identified, assessed, and approved information security controls, reshaped the supplier risk management process, aligned information security strategy with business strategies, ensured risks were articulated and understood.

Tesco Bank IT Risk Manager

Tesco Bank
01.2012 - 07.2012
  • Involved in risk management, external and internal audits, information security reviews of suppliers, improved the process and procedures.

RBS Supplier Assurance Team

RBS
10.2010 - 01.2012
  • Performed security reviews of external suppliers, assessed and improved methodology and toolset, managed continuous improvement and change, involved in internal assurance program.

Information Security Analyst

AEGON UK
02.2009 - 10.2010
  • Identified and addressed weaknesses in the information security management framework, aligned policies and procedures with ISO27001/2, managed policy exceptions, carried out supplier security reviews, implemented a risk assessment methodology, created an information asset standard, established asset registers, implemented a risk-based approach.

UK Financial Services, Business Continuity & Information Security Consultant

Standard Life
01.2007 - 01.2009
  • Identified and addressed policy non-compliance, managed incidents, assessed and approved system and process alterations, provided continuity and security consultancy, involved in change advisory board and incident management.

Sales Risk, Risk Consultant

Standard Life
01.2004 - 01.2007
  • Operational risk reporting, training, control assessments, business continuity, changed control self-assessment and risk reporting functions, established business continuity management and reporting structure.

Education

SVQ Level 3 - Business Studies with French and Spanish

Napier University
Edinburgh
08.1983 - 08.1986

Certified Information Security Manager (CISM) - Information Security Management

ISACA
12.2011 - 12.2011

BCI (merit) - Business Continuity

Business Continuity Institute
05.2011 - 05.2011

ISEB – Certificate in Information Security Management Principles - undefined

Skills

  • Third Party Risk Management
  • Technology risk assessment
  • Process risk assessment
  • Business continuity management
  • Information security management
  • Operational risk management

Custom

  • Ability to see technical topics from an all-round perspective
  • Open, honest, pragmatic and approachable
  • Able to delegate where appropriate
  • Good communication and interpersonal skills
  • Experience of training, mentoring and coaching
  • Experience across governance, risk and compliance activities

Affiliations

  • I am an enthusiastic traveller who enjoys exploring new places, I also enjoy reading, walking my dog and watching football.

Accomplishments

I have recently received three company rewards and recognition of adding value from two senior managers.

References

References available upon request.

Timeline

Senior Information Security Consultant

Aegon Global Technology Services
11.2022 - 10.2024

Supplier Assurance Manager

Metro Bank
09.2021 - 11.2022

Supplier Assurance Manager

Lloyds Banking Group
02.2021 - 09.2021

Information Security Manager

Aegon Asset Management
02.2019 - 12.2020

Sabis UK IT Risk and Control Manager

Sabis UK
06.2017 - 02.2019

State Street

State Street
08.2015 - 06.2017

Sainsbury's Bank Supplier Assurance Manager

Sainsbury's Bank
12.2014 - 08.2015

Tesco Bank Information Security Manager

Tesco Bank
07.2012 - 12.2014

Tesco Bank IT Risk Manager

Tesco Bank
01.2012 - 07.2012

Certified Information Security Manager (CISM) - Information Security Management

ISACA
12.2011 - 12.2011

BCI (merit) - Business Continuity

Business Continuity Institute
05.2011 - 05.2011

RBS Supplier Assurance Team

RBS
10.2010 - 01.2012

Information Security Analyst

AEGON UK
02.2009 - 10.2010

UK Financial Services, Business Continuity & Information Security Consultant

Standard Life
01.2007 - 01.2009

Sales Risk, Risk Consultant

Standard Life
01.2004 - 01.2007

SVQ Level 3 - Business Studies with French and Spanish

Napier University
08.1983 - 08.1986

ISEB – Certificate in Information Security Management Principles - undefined

Robert Dunn