Archie Scott CRISC CISM

Providing Interim and Virtual Chief Information Security Officer (CISO) services to help Hedge Fund Managers and their service providers win more clients.We've helped them show demonstrable good governance of business risks, especially Cyber and Continuity. Recent projects include: Hedge Fund Manager Helped them address the security and continuity concerns of a potentially large US inflow • Risk based security and continuity reviews o Critical security and continuity gaps flagged o Concise, clear English non jargon notes and suggested remediation (For COOs, CFOs and CEOs) • Investor style Due diligence on critical (typically IT Hosting/support ) service providers o Critical gaps in security/procedures and proof of continuity readiness o DDQ for annual completion of critical metrics (change of ownership, dependence on key clients, proof of security training and patching etc) o Suggested additional controls to be implemented by service provider (to achieve the level of protection needed for client) • Information Security Management Programme o Security Policy rewrites to achieve behavioural change, rather than wordy documents. o Suggested periodic reports for review and sign off by senior management o Security awareness and training regime o Evidence based exception reporting (unpatched machines, list accounts with multiple failed logins, password ages etc) o Incident management plans (initial, golden hour reaction while security experts address the compromise etc) • Platform/IT Strategy reviews o Done for some clients who want an experienced pair of eyes to question their current platform. o Independent advice on service provider selection (we only get fees from clients, not from firms we suggest) Asset Allocator - Working with asset allocator on enhancing their due diligence to include greater scrutiny on the security and resilience of their existing and prospective asset managers.