Profiles search

David Wormald

Experienced Cyber Security and IT Professional
United Kingdom
View resume Unlock resume

Skills

Information & Cyber Security
• ISO/IEC 27001 implementation and audit readiness
• Risk assessment and control design
• Supplier and third-party security assurance
• Policy, standard, and procedure development
• Cyber Essentials / CE+ preparation and remediation
• Governance, compliance, and regulatory alignment (GDPR, CNI, Export Control)
Architecture & Technology
• Enterprise and solution security architecture
• Secure infrastructure and network design (on-prem and hybrid)
• Cloud security
• Endpoint, server, and network security controls
• Virtualisation, VDI, and Citrix environments
• Experience with SOC and MSSP engagement and oversight
Processes & Management
• Risk management, issue tracking, and remediation planning
• Business continuity planning and IT disaster recovery
• Security operations, incident response, and process governance
• ITIL-aligned service management
• Supplier management and contract transition support
• Audit support and internal control frameworks
Tools & Frameworks
• NIST 800-53, ISO/IEC 27001 and 27002, SOC2
• EBIOS RM, CRISC methodology
• Microsoft 365 and Azure security tooling
• Experience engaging with vulnerability scanning, SIEM, and protective monitoring solutions
• Familiar with DevOps/Agile environments and cloud-native security models

About

Experienced and hands-on IT and Information Security professional with a strong track record in delivering practical, risk-based security solutions across complex and regulated environments. With over 25 years specialising in IT and cyber security, I’ve supported organisations in the nuclear, energy, and financial sectors through ISO/IEC 27001 implementations, supplier assurance programmes, and infrastructure security initiatives.
I bring a broad mix of technical knowledge and business awareness, with experience ranging from policy development and risk assessments to operational controls and project delivery. Comfortable working with both technical teams and senior stakeholders, I focus on aligning security with business needs — helping organisations strengthen their security posture, manage third-party risks, and improve resilience without overcomplicating the approach.