Andy is an experienced Chief Information Security Officer, with 17 years of managing cyber risk within the Oil & Gas sector and Financial sectors. He is currently the CISO at the Financial Conduct Authority, where he holds strategic responsibility for information and cyber security, data privacy and information governance within the organisation. In his current role, Andy ensures that the FCA is protected from the growing cyber security threat, as well as leading the FCA’s GDPR compliance programme.
Prior to joining the FCA, Andy was the Chief Information Security Officer for Corporate Functions at BP PLC, where he set the strategic direction and provided full oversight of information security and cyber security for BP’s twenty-one Corporate Functions.
In addition to his full-time role at the FCA, Andy is also a Director of the Institute of Information Security Professionals, and a keen advocate of professionalization of the UK’s Information Security industry. As the Chair of the Institute’s Corporate Representatives he actively lead the Institute’s corporate agenda for 6 years and was instrumental in driving the latest revision of the IISP Skills Framework. He has also represented the Institute on the steering boards for the National Cyber Apprenticeship Schemes launched by the UK Government.