David Lilburn Watson


David heads up the governance, risk, compliance, cyber security, information assurance, management systems and forensics practice at Assured Governance, Risk and Compliance Ltd, He is responsible for the coordination and efficient delivery of these assignments.

David began his career with British Telecom and, prior to becoming an independent security consultant in 1989, was employed in the Computer Crime & Security Unit of the British Telecom Investigation Department.

He has assisted a number of companies to achieving ISO 9000, ISO 27001, ISO 20000 and ISO 22301 Certificates of Registration as well as implementing appropriate business driven security in a number of organizations.

He is a Certified Information Security Systems Professional (CISSP), a Certified Information Systems Manager (CISM) and a Certified Information Systems Auditor (CISA) and a Certified Fraud Examiner (CFE). In addition to specialised security certifications he is a Certified Information Forensic Investigator (CIFI), a Certified Computer Crime Investigator (CCCI), and an Advanced Certified Computer Forensics Technician (CCFT).

Business Sectors

    David has worked in the following industry sectors:

  • Banking (Retail, Wholesale, Investment, Clearing)
  • Petrochemical
  • Professional Services Organisations
  • Insurance
  • UK Government (National and Local)
  • Utilities (Electricity, Telecoms and Water)
  • Pensions
  • Identity Management
  • Legal
  • Insurance
  • UK Police Forces
  • IT Companies
  • Publishing

Key Skills

  • Auditing (Management Systems, ISAE 3402, Certification Body, SOx, HIPAA, ISMS, FSA / FCA / PRA)
  • Audit non-compliance and corrective action remediation in a pragmatic and collaborative manner
  • Base lining systems to security policy
  • Building internal working relationships to ensure successful outcomes
  • Compliance (including FCA / PRA / BoE and other regulated systems)
  • Creating Security Policies, Standards, Procedures and Processes to relevant standards
  • Cyber security, assurance and risk
  • Data Protection Act 1998 and General Data Protection Regulation Compliance and Consultancy
  • Disaster Recovery, Business Continuity & Contingency Planning including ISO 22301
  • Forensic Computing and evidence recovery
  • Governance, Risk management and Compliance (GRC)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • ISO 27001, ISO 9001, ISO 22301, ISO 20000, ISO 19600 Implementation and Auditing
  • Managing implementation programs to tight timescales and budgets
  • Management of technical security and vulnerability testing
  • Network security including pen testing and vulnerability scanning
  • Outsourcing security issues including SLAs and performance
  • PCI DSS (Payment Card Industry – Data Security Standards)
  • Project Management (PRINCE 2, PMO) including project risk management and reporting
  • Risk Assessment, Management and Treatment
  • Sarbanes Oxley ComplianceSecurity (Computer & Physical)
  • Security Architectures and implementation
  • Training and development of training courses
  • Third party auditing, compliance review (2nd and 3rd party audits) and risk management.

Fellowships and Memberships

  • Fellow, British Computer Society (FBCS)
  • Fellow, Chartered Society of Forensic Practitioners (FCSFP)
  • Fellow, Institute of Analysts and Programmers (FIAP)
  • Fellow, Institute of Information Systems Management (FIMIS)
  • Fellow, Royal Society of Arts (FRSA)
  • Fellow, Institute of Management Consultants (FIMC)
  • Fellow, Institute of Communications, Arbitration and Forensics (FICAF)
  • Fellow, Institute of Risk Management (FIRM)
  • Member, Business Continuity Institute (MBCI)
  • Member, Chartered Institute of Arbitrators (MCIArb
  • Member, International Institute of Risk and Safety Management (MIIRSM)
  • Associate Member, International Institute of Security Professionals.

Certifications from Professional Bodies

  • Cardiff University Accredited Expert Witness (CUEW)
  • Certificate of Cloud Security Knowledge (CCSK)
  • Certified Computer Crime Investigator (CCCI)
  • Certified Computer Forensics Technician – Advanced (CCFT)
  • Certified Fraud Examiner (CFE)
  • Certified GRC Professional (GRCP)
  • Certified Identity Governance Expert (CIGE)
  • Certified Identity Risk manager (CIRM)
  • Certified in Data Protection (CDP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Forensics Investigator (CIFI)
  • Certified Information Forensics Investigator (CIFI)
  • Certified Information Security Manager (CISM)
  • Certified Information System Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Management Consultant (CMC)
  • Certified Principal ISO 20000 SMS Auditor (IRCA)
  • Certified Principal ISO 22301 BCM Auditor (IRCA)
  • Certified Principal ISO 27001 ISMS Auditor (IRCA)
  • Certified Principal ISO 9001 QMS Auditor (IRCA)
  • Certified Software Manager (CSM)
  • Certified System Security Practitioner (CSSP)
  • Chartered Fellow (BCS)
  • Chartered IT Professional (CITP).

Post Graduate

  • MSc – Distributed Computer Networks (University of Greenwich)
  • MSc – IT Security (University of Westminster) – Distinction
  • MSc – Fraud Risk Management (Nottingham Trent University) – Distinction
  • PhD – Open Source Intelligence and the CNI (ongoing).


  • Certificate in Data Protection (1998 Act) (ISEB)
  • Certificate in Information Security Principles (ISEB)
  • Certificate in Software Management (FAST)
  • Diploma in Safety Management (BSC)
  • Council for Registration of Forensics Practitioners (Assessor).