David Lilburn Watson

David heads up the governance, risk, compliance, cyber security, information assurance, management systems and forensics practice at Assured Governance, Risk and Compliance Ltd, He is responsible for the coordination and efficient delivery of these assignments.

David began his career with British Telecom and, prior to becoming an independent security consultant in 1989, was employed in the Computer Crime & Security Unit of the British Telecom Investigation Department.

He has assisted a number of companies to achieving ISO 9000, ISO 27001, ISO 20000 and ISO 22301 Certificates of Registration as well as implementing appropriate business driven security in a number of organizations.

He is a Certified Information Security Systems Professional (CISSP), a Certified Information Systems Manager (CISM) and a Certified Information Systems Auditor (CISA) and a Certified Fraud Examiner (CFE). In addition to specialised security certifications he is a Certified Information Forensic Investigator (CIFI), a Certified Computer Crime Investigator (CCCI), and an Advanced Certified Computer Forensics Technician (CCFT).

• Auditing (Management Systems, ISAE 3402, Certification Body, SOx, HIPAA, ISMS, FSA / FCA / PRA)
• Audit non-compliance and corrective action remediation in a pragmatic and collaborative manner
• Base lining systems to security policy
• Building internal working relationships to ensure successful outcomes
• Compliance (including FCA / PRA / BoE and other regulated systems)
• Creating Security Policies, Standards, Procedures and Processes to relevant standards
• Cyber security, assurance and risk
• Data Protection Act 1998 and General Data Protection Regulation Compliance and Consultancy
• Disaster Recovery, Business Continuity & Contingency Planning including ISO 22301
• Forensic Computing and evidence recovery
• Governance, Risk management and Compliance (GRC)
• Health Insurance Portability and Accountability Act (HIPAA)
• ISO 27001, ISO 9001, ISO 22301, ISO 20000, ISO 19600 Implementation and Auditing
• Managing implementation programs to tight timescales and budgets
• Management of technical security and vulnerability testing
• Network security including pen testing and vulnerability scanning
• Outsourcing security issues including SLAs and performance
• PCI DSS (Payment Card Industry – Data Security Standards)
• Project Management (PRINCE 2, PMO) including project risk management and reporting
• Risk Assessment, Management and Treatment
• Sarbanes Oxley ComplianceSecurity (Computer & Physical)
• Security Architectures and implementation
• Training and development of training courses
• Third party auditing, compliance review (2nd and 3rd party audits) and risk management.

• Fellow, British Computer Society (FBCS)
• Fellow, Chartered Society of Forensic Practitioners (FCSFP)
• Fellow, Institute of Analysts and Programmers (FIAP)
• Fellow, Institute of Information Systems Management (FIMIS)
• Fellow, Royal Society of Arts (FRSA)
• Fellow, Institute of Management Consultants (FIMC)
• Fellow, Institute of Communications, Arbitration and Forensics (FICAF)
• Fellow, Institute of Risk Management (FIRM)
• Member, Business Continuity Institute (MBCI)
• Member, Chartered Institute of Arbitrators (MCIArb
• Member, International Institute of Risk and Safety Management (MIIRSM)
• Associate Member, International Institute of Security Professionals.

• MSc – Distributed Computer Networks (University of Greenwich)
• MSc – IT Security (University of Westminster) – Distinction
• MSc – Fraud Risk Management (Nottingham Trent University) – Distinction
• PhD – Open Source Intelligence and the CNI (ongoing).