1. 1
Christopher Shinh
Wincroft, Perry Lane, Bledlow, Bucks. HP27 9QS
cshinh@hotmail.com
(h) 01844 761 344 (m) 07711 912 065
PERSONAL PROFILE
A professional and highly experienced IT Auditor and Technology risk manager with a wealth of
technology and global management experience in the Financial Services sector. Earned a
reputation as a confident, reliable and approachable team player who is pragmatic and proactive.
A resourceful, experienced and motivated self-starter who is both positive and persuasive.
Committed to delivering an excellent service to all stakeholders in a changing, challenging
environment.
KEY SKILLS
 Leadership, management and motivation of teams and individuals
 Trusted advisor to senior management, staff and other stakeholders on IT controls
 Effective communicator and negotiator at strategic and operational levels
 Service focused and resourceful
 Adaptable and responsive to rapidly changing organisational needs
 Security standards specialist
 Experienced systems auditor
 Technology risk assessment
 Excellent interpersonal skills and ability to build and maintain relationships at all levels
 Ability to shift priorities and adjust to changing business demands
 Effective decision maker with the ability to handle problems quickly and efficiently
 Exceptional planning and implementation abilities
 French speaker
CAREER HISTORY/ACHIEVEMENTS
Credit Suisse (CS) September 1997– present
CS Group
Architecture Processes and Controls January 2013 – present
 Determined the IT security control implications for operating banking services in a Cloud
environment
 Defined and implemented a quantitative method for assessing and reporting the quality of IT
security standards
 Defined and agreed the IT engagement approach for reviewing IT security standards and
guidelines
 Provide security standard and guideline development, maintenance and awareness services
 Co-ordination with technology Services functions to develop and enhance IT security controls
applicable to their processes
 Advising risk analysts on the interpretation of security controls in operational scenarios
 Communication of corporate engineering technical events to the global engineering community

2. 2
IT Risk Manager January 2008 – December 2012
 Developed the combined Group security policies and detailed security standards
 Developed the IT security standards’ development and maintenance processes
 Contributed to the development of a threats’-based holistic corporate-wide IT risk
management model
 Delivered new or revised IT policies and standards
 Led induction courses for new employees in information security
 Advised on IT aspects of business policies
 Provided guidance to the business on end user computing
 Reported to top IT management and regulators on IT security policies and standards
 Evaluated tools used for risk assessment
 Trained new team members
 Negotiated policy changes with top management and operational level expert staff
CS Investment Bank
Head of Security Policies and Tools January 2005 – December 2007
 Trained and managed a central team supporting IT security policies, standards and guidance
 Supported the central IT security compliance management tool
 Developed the security standards’ assessment method for assessing prospective network
service providers in a major outsourcing exercise
 Delivered periodic global security awareness notifications and security alerts
 Coordinated with risk assessment teams to ensure methodology alignment with security policies
and standards
 Developed and supported baseline standards for strategic platforms
CS Asset Management
Head of Information Security and Global Risk Management October 2000 – January 2005
 Set-up and managed a new global security management function
 Supported the Group effort for IT security at policy development forums, representing Asset
Management
 Reported directly to the Chief Information Officer
 Designed securitymanagementprocesses and coordinated their implementation through a globally
dispersed team
 Reviewed commercial solutions for compliance scanning and event monitoring
 Designed and managed central governance over security processes in each location through
performance indicator reporting
 Provided senior management visibility over security compliance
 Introduced quarterly network penetration testing

3. 3
CS Group
Information Systems’ Auditor September 1997 – October 2000
 Planned annual audit programmes based on business risk
 Led and participated in global infrastructure audits across all business divisions against
tight deadlines
 Supported business auditors with business system reviews requiring systems reviews
 Performed follow up reviews
 Interviewed prospective auditors during recruitment episodes
EARLIER CAREER
Handelsbanken
IT Auditor December 1994 – August 1997
Rural Payments Agency
IT Auditor October 1992 – December 1994
Technical Assurance Officer February 1990 – October 1992
Systems’ Programmer January 1989 – February 1990
IT Operations’ Manager October 1987 – December 1988
EDUCATION
Certified Information Systems Security Professional
CISSP (not renewed after 2008) 2005
Chartered Institute of Internal Auditors
CMIIA 1996
City University Business School, London Barbican (UK) 1992 – 1996
MSc Internal Auditing and Management
University of Reading (UK) 1984 – 1987
BSc Geochemistry
John Hampden Grammar School, High Wycombe (UK) 1977 – 1984