1. 1
Christopher Shinh
Wincroft, Perry Lane, Bledlow, Bucks. HP27 9QS
cshinh@hotmail.com
(h) 01844 761 344 (m) 07711 912 065
PERSONAL PROFILE
A professional and highly experienced IT Auditor and Technology risk manager with a wealth of
technology and global management experience in the Financial Services sector. Earned a
reputation as a confident, reliable and approachable team player who is pragmatic and proactive.
A resourceful, experienced and motivated self-starter who is both positive and persuasive.
Committed to delivering an excellent service to all stakeholders in a changing, challenging
environment.
KEY SKILLS
Leadership, management and motivation of teams and individuals
Trusted advisor to senior management, staff and other stakeholders on IT controls
Effective communicator and negotiator at strategic and operational levels
Service focused and resourceful
Adaptable and responsive to rapidly changing organisational needs
Security standards specialist
Experienced systems auditor
Technology risk assessment
Excellent interpersonal skills and ability to build and maintain relationships at all levels
Ability to shift priorities and adjust to changing business demands
Effective decision maker with the ability to handle problems quickly and efficiently
Exceptional planning and implementation abilities
French speaker
CAREER HISTORY/ACHIEVEMENTS
Credit Suisse (CS) September 1997– present
CS Group
Architecture Processes and Controls January 2013 – present
Determined the IT security control implications for operating banking services in a Cloud
environment
Defined and implemented a quantitative method for assessing and reporting the quality of IT
security standards
Defined and agreed the IT engagement approach for reviewing IT security standards and
guidelines
Provide security standard and guideline development, maintenance and awareness services
Co-ordination with technology Services functions to develop and enhance IT security controls
applicable to their processes
Advising risk analysts on the interpretation of security controls in operational scenarios
Communication of corporate engineering technical events to the global engineering community
2. 2
IT Risk Manager January 2008 – December 2012
Developed the combined Group security policies and detailed security standards
Developed the IT security standards’ development and maintenance processes
Contributed to the development of a threats’-based holistic corporate-wide IT risk
management model
Delivered new or revised IT policies and standards
Led induction courses for new employees in information security
Advised on IT aspects of business policies
Provided guidance to the business on end user computing
Reported to top IT management and regulators on IT security policies and standards
Evaluated tools used for risk assessment
Trained new team members
Negotiated policy changes with top management and operational level expert staff
CS Investment Bank
Head of Security Policies and Tools January 2005 – December 2007
Trained and managed a central team supporting IT security policies, standards and guidance
Supported the central IT security compliance management tool
Developed the security standards’ assessment method for assessing prospective network
service providers in a major outsourcing exercise
Delivered periodic global security awareness notifications and security alerts
Coordinated with risk assessment teams to ensure methodology alignment with security policies
and standards
Developed and supported baseline standards for strategic platforms
CS Asset Management
Head of Information Security and Global Risk Management October 2000 – January 2005
Set-up and managed a new global security management function
Supported the Group effort for IT security at policy development forums, representing Asset
Management
Reported directly to the Chief Information Officer
Designed securitymanagementprocesses and coordinated their implementation through a globally
dispersed team
Reviewed commercial solutions for compliance scanning and event monitoring
Designed and managed central governance over security processes in each location through
performance indicator reporting
Provided senior management visibility over security compliance
Introduced quarterly network penetration testing
3. 3
CS Group
Information Systems’ Auditor September 1997 – October 2000
Planned annual audit programmes based on business risk
Led and participated in global infrastructure audits across all business divisions against
tight deadlines
Supported business auditors with business system reviews requiring systems reviews
Performed follow up reviews
Interviewed prospective auditors during recruitment episodes
EARLIER CAREER
Handelsbanken
IT Auditor December 1994 – August 1997
Rural Payments Agency
IT Auditor October 1992 – December 1994
Technical Assurance Officer February 1990 – October 1992
Systems’ Programmer January 1989 – February 1990
IT Operations’ Manager October 1987 – December 1988
EDUCATION
Certified Information Systems Security Professional
CISSP (not renewed after 2008) 2005
Chartered Institute of Internal Auditors
CMIIA 1996
City University Business School, London Barbican (UK) 1992 – 1996
MSc Internal Auditing and Management
University of Reading (UK) 1984 – 1987
BSc Geochemistry
John Hampden Grammar School, High Wycombe (UK) 1977 – 1984