Graeme has proven experience in successfully implementing information risk management frameworks and in developing effective management systems for risk and governance. His main focus is to ensure that cyber security delivers business benefit and is aligned to business strategy. He has conducted numerous risk assessments using a variety of methods, lead security improvement projects, lead due diligence exercises when selecting and assessing outsource contracts, developed security architectures, implemented and tested business continuity plans, managed penetration tests and security investigations. His experience has been gained with clients across multiple sectors including IT Services, Financial Services, Central Government, Manufacturing, Legal, Healthcare, Retail, Outsourcing, and the Charitable Sector. In addition to consulting, he is a certified trainer working with clients worldwide along with developing course material. These courses include ISO 27001 Lead Auditor and Implementer, ISO 22301 Lead Auditor and Implementer, Certified Lead Privacy Implementer, CISA, CISSP and Risk Management courses. His international experience includes UK, USA, Canada, Sweden, Ireland, Netherlands, Germany, Indonesia, Thailand, Croatia, Portugal, Romania, Qatar, Nigeria, Kazakhstan and Turkey.