Steve Knight

Cybersecurity Risk Management

I’ve been improving and innovating in technology, security and privacy for 20 years, across multiple sectors including media, finance, and professional services.

I started my career working in IT infrastructure, messaging architecture, operating systems and networks, where I gained a thorough understanding of computing technology – including hardware, software and communications.

My career in security started as an infrastructure security tester, before I undertook management roles where I focused on cyber risk management and strategic security transformation.

I’ve worked with a large range of security risk frameworks, tools, technologies and solutions, and I’m comfortable dealing with complex technical details as well as building and leading high-performing teams.

I have chosen to take sabbatical breaks from full-time work:

looking after my two young sons as their primary stay-home parent
supporting and fundraising for a local charity
during diagnosis, treatment, and recovery from cancer

I am now keen to commit long-term to a senior individual contributor role, to maintain and grow my technical knowledge.

CAREER EXPERIENCE

Head of Cyber Security and Infrastructure
Holman Fenwick Willan (2024 – 2025)

Member of the firm’s IT Leadership team, deputy for the Head of IT, and managing the Infrastructure and Cyber Security teams in a global law firm.

Oversight and delivery of major investment programmes, including a global infrastructure refresh and security monitoring service
Reviewed and revised the firm’s cyber security strategy, and implemented a new operating model for key functions and capabilities

Volunteer IT Lead & Fundraising Events Planner
Friends of Tolworth School (2022 – 2024)

Voluntary support to the fundraising charity arm of a large London primary school federation.

Providing tech support to fundraisers and committees, identifying requirements, finding and deploying the best low-cost solutions possible.
Charity event planning and delivery, including ticketing, marketing, event set up and pack down, and ensuring the maximum profit is returned to the charity.

Cyber Strategy Senior Manager
Deloitte UK (2020 – 2022)

Providing consulting services to clients, specialising in strategy and risk management.

Closing four workstreams of a multi-year regulatory audit, assessing the cybersecurity investment strategy, portfolio governance, and operating model of a global financial services institution.
Leadership, content and delivery of the firm’s CISO leaders’ development programme, raising Deloitte’s industry leadership and profile, and growing relationships with highest value clients.

Interim Divisional CISO
QBE Insurance (2018 – 2019)

The most senior cybersecurity leader within the European division of an Australian insurance group, and member of the Global Cybersecurity and European IT Leadership teams.

Stabilised and grew the regional teams, aligning a new operating model to global capabilities, ensuring work in progress remained on plan, and closure of historic audit issues.
Drove the development and delivery of the regional services into the global portfolio.
Led the redefinition the regional services, improving supplier and third-party security assessment, incident response and escalation, and technical security assessment.

Global Information Security Manager
Clyde & Co (2017 – 2018)

Responsible for all cyber risk and information security at a global law firm – reporting to the Global CIO, member of the IT Management team; and managing the Security team. Working with senior stakeholders to initiate and deliver the firm’s new strategic cybersecurity objectives.

Developed and implemented a new security and business risk management strategy, providing the board and management teams with improved oversight of security risks.
Provided leadership for major security and privacy programmes, implementing the GDPR and improved data protection frameworks, new technical controls and processes, and estate-wide security monitoring.
Stabilising and growing the security team, realigning roles to the firm’s strategic plans.
Led the firm through multiple cyber major incidents, providing clear communications to top management.

Managing Director & Risk Manager
Bank of New York Mellon (2012 – 2016)

Primary member of the regional Information Risk Management (IRM) team, providing information security risk management and assurance to suppliers and owners of applications, infrastructure, and third parties for a global investment services institution.

Supporting the growth of the regional team, from 3 to 25, through new roles and also re-organisation, enhancing the in-region capabilities and profile of the group, and providing country-level management in every jurisdiction, through growth of teams with new roles, and consolidation of existing functions.
Delivery of the regional operating model for the technology risk and compliance function, providing consistent risk management services to all internal and external stakeholders.
Coordination and delivery of internal and external communications and events, raising the profile and reputation of the bank to clients and regulators.
Devising and deploying regional awareness and management briefings, across all key European locations, maintaining business focus on cyber risks and impacts

Information Security Officer
Aspen Re, London (2010 – 2012)

The first Information Security Officer for a multinational insurer, leading the development and integration of security capabilities into the IT teams and the wider organisation, delivering new monitoring, vulnerability management, and risk management services and processes.

Information Security Officer
Herbert Smith LLP, London (2005 – 2010)

The first Information Security Officer for a top 10 City law firm, delivering the security strategy and transformation within the IT function and across the business, providing new security services including, monitoring, incident response and resolution, vulnerability management, platform infrastructure and end-user clients.

Security Operations Lead
Sky TV (2003 – 2005)

I was a founding member of the new Security Operations team, developing the group’s profile, processes, and remit, and recruiting and onboarding of new members, and delivering security architecture, assessment, and remediation of critical infrastructure.

QUALIFICATIONS & EDUCATION

BSc Information Systems Design
International Coaching Federation/Henley Business School Executive Coaching
ISACA Certified Information Security Management / CISM
ISC2 Certified Information Systems Security Professional / CISSP

Cybersecurity Risk Management

Head of Cyber Security and InfrastructureHolman Fenwick Willan (2024 – 2025)

Volunteer IT Lead & Fundraising Events PlannerFriends of Tolworth School (2022 – 2024)

Cyber Strategy Senior ManagerDeloitte UK (2020 – 2022)

Interim Divisional CISOQBE Insurance (2018 – 2019)

Global Information Security ManagerClyde & Co (2017 – 2018)

Managing Director & Risk ManagerBank of New York Mellon (2012 – 2016)

Information Security OfficerAspen Re, London (2010 – 2012)

Information Security OfficerHerbert Smith LLP, London (2005 – 2010)

Security Operations LeadSky TV (2003 – 2005)