Clayton Breen

Accomplished Cyber, Information Security and GRC expert with over 25 years’ technical and top level business management experience. Proficient in developing and implementing comprehensive security policies, risk management strategies, and compliance frameworks ISO 27001, NIST ISMS, and Cyber Essentials certifications. I work with business leaders and stakeholders to advise and nurture the implementation of the most efficient and effective risk proportionate information security governance and controls.
 

PROFESSIONAL EXPERIENCE

Scottish Enterprise  

Information Security Consultant (Contract)

August 2020 - Present​

Advising, guiding and assisting multiple teams and stakeholders at all levels to achieve greatly improved cyber security maturity with a focus on the areas below.

•​Authored full suite of Policies and procedures for ISO 27001 / NIST ISMS.

•​Achieved Cyber essentials and Cyber essentials Plus certification

• ​Addressed Security Architecture and vulnerability issues in Azure infrastructure

•​Introduced a comprehensive information systems asset register and associated processes automated with Microsoft lists and Power BI.

•​Overhauled the information security risk assessment and protection requirements process for assets, tenders and procurements

•​Introduced ongoing asset and third party risk management assurance processes, contract clauses, SLA’s, KPI’s, KRI’s and reviews

Siemens Mobility.

Cyber / Information Security Consultant (Contract)

January 2019 - August 2020​

•​Implementation of ISO 27001 ISMS integrated with IEC 62443.

•​NIS CAF Cyber Assessment Framework submission to the DfT Department for Transport.

•​Cyber Security Management Plan for Siemens HS2 bid.

•​Project and product Protection Requirements Assessments and Protection Concepts.

​​

HS1 Ltd.

Cyber / Information Security Consultant (Contract)

September 2018 – November 2018

Preparing HS1 for CAF and Cyber Essentials Plus, carrying out gap analysis investigations, information gathering, scans and pen tests across their entire mixed Azure and AD WAN infrastructure.  Handing all remediation and restructuring, planning and rearchitecting wherever necessary. Writing a new information security policy and all associated documentation to aid implementation and enforcement. Security awareness training and documentation. Business impact analysis and business continuity panning.

WeSeeNow

Chief Information Security Officer (CISO)

2016 - 2018​

Helping numerous companies achieve compliance with cyber security, data protection standards with an economically risk appropriate approach. Gap analysis, building and writing compliance process documentation, risk assessments, information security policy.

IASME Gold GDPR Auditing, GDPR ICO audit preparation, Cyber Essentials Plus Auditing and Penetration Testing.

OpCenter Inc.

Interim CIO

2014 - 2016​US Software Company based in Washington DC producing and hosting software for document and information management companies.

Implementing privacy shield information security standards for hosted systems, HIPAA compliance for NHS and other health organizations. IT & digital transformation of the internal infrastructure, migration to AWS P2V, converged networks, SDWAN WAN virtualization, CRM etc.

Service Point Paragon

2003 - 2014​A global document management organisation with 43 offices and 36 facilities management locations. UK Annual sales of £40 Million with 633 employees.

Group CIO (2012-2014)

Joint MD and Board Director of UK entity and CIO for group of 8 Countries.

Focused on restructuring the entire business to cloud infrastructure, consolidating fragmented IT infrastructures inherited through acquisition & streamlining overlapping support and development.  

IT / Ecommerce Director (2003-2012)

Lead all technology, e-commerce and information security across operations and central functions including strategy, infrastructure, software, hardware and hosted services.

SPS

2001 – 2003​UK Network Manager

Recruited to implement a new UK WAN network with management of all critical server systems. Led an eight-strong team while managing a £1.6m budget.

Grupo Picking Pack

2000 – 2001​Ecommerce Manager

Focused on managing the ReproNet SaaS file transfer system supported by a team of 3 engineers.

CERTIFICATIONS & ACCREDITATIONS

CISSP Certified Information Systems Security Professional ISC2 ID 698457

Digital Operational Resilience Act Trained Professional (DORATPro) DORA  ID 364189

Cyber Essentials Assessor  License  TCAC-0126

IASME Gold GDPR Assessor  License  IATC-20170306