Andrea is an experienced information security/ assurance/ governance, risk and compliance evangelist with expertise in several disciplines in the security industry working across the public and private sector, implementing compliance programmes and information security management systems (ISMS) spanning Data Protection/EU GDPR, Privacy and Data Handling, PCI DSS, Freedom of Information, Records & Information Management, ISO27001 and related standards across multiple industry sectors.
Andrea has been an active information security industry contributor for over a decade, writing articles and blogs and presenting at conferences, seminars and workshops. Andrea has contributed to standards development and industry research and has been working on a PhD in Information Assurance through University of Wolverhampton (part-time) seeking to research the background to the development of the industry and its use of language that either inhibits or enhances tackling the barriers to implementing best practice information assurance in the context of the information society. Her work has included development of patentable enterprise governance, risk & compliance (eGRC) approach to transforming and meeting information governance needs.
Andrea’s career focus is on the intersections of business objectives and risks, compliance, information security, assurance and privacy and associated regulatory and governance concerns. In November 2008, Andrea wrote a 50,000 word report on achieving best practice in information security – which highlighted the need to focus on the umbrella view of information governance, under which sits information assurance, information security, Data