Chris Mclaughlin

Full Profile

Chris is a Principal, Cyber Risk in the Sydney office with more than twenty years’ experience in information security and risk management. He is a recognised leader in the cyber security space and has advised some of Australia’s largest companies.

Chris’ practice focuses on strengthening clients’ readiness for, response to and recovery from cyber incidents. He works closely with clients to offer information and operational technology risk assessments, breach compromise and threat assessment, cyber strategy development and related advisory services.

Having started his career as an intelligence operator in the British Army, Chris has been involved in cyber security for more than two decades and has held senior leadership roles at PwC, Gartner, EY and IBM. Prior to joining Clyde & Co, Chris was Head of Cyber Solutions at Aon Australia.

Experience

• Cyber impact analysis: advising an ASX listed telecommunications company on the development of a cyber risk quantification model to identify the cyber scenarios that would lead to significant financial loss to the organisation.
• IT & OT security maturity assessment: independently assessed one of the largest utility providers in Australia against the international better practice standards for information technology and operational technology security, and advised on the development of an associated improvement plan and roadmap.
• Security strategy and roadmap: assisting a global manufacturer to develop a security strategy and roadmap covering operations in the APAC region, and undertaking a risk assessment of the manufacture’s regional assets and operations.
• Security policy development: developing a security policy framework for one of Australia’s largest diversified property groups and advising them on the build out of an associated security control framework and strategy.
• Vendor risk management: seconded to a global bank to manage the international workstream for vendor and supplier risk management, which involved developing a risk-based approach for the identification of the top two hundred suppliers and applying supplier risk assessment criteria.
• Identity and access management: advising a global investment bank on the development and implementation of a framework for appropriateness of access and toxic combinations across the trade lifecycle.
• Security operating model: seconded to the UK Financial Services Authority to advise on security requirements for regulatory reform, and to develop a target operating and supplier engagement model for the prime supplier.
• Chief information security officer: seconded to a UK government executive agency to manage the day-to-day security operations of a twelve-person team, re-organise the IT security function, re-negotiate the security schedule for the prime supplier, and develop and execute an internal security strategy.
• Information security management system: advising a large global manufacturer on the creation of an effective information security management system and associated governance functions covering more than one hundred geographically dispersed locations.
• Security operations: partnering with the Chief Information Officer of a UK government executive agency to develop a protective monitoring solution and associated security framework, and organised and facilitated the vendor selection process for the security information and event management solution.