Description

Hiring a full-time CIO or CISO in 2026 is an 𝗲𝘅𝗽𝗲𝗻𝘀𝗶𝘃𝗲 𝗰𝗼𝗺𝗺𝗶𝘁𝗺𝗲𝗻𝘁.

A £150,000 base salary is just the 𝘀𝘁𝗮𝗿𝘁𝗶𝗻𝗴 point.

When you account for:

• Employer National Insurance

• Pension and private healthcare

• Executive bonuses

• A £30,000+ recruitment fee

Your total investment exceeds £𝟮𝟭𝟬,𝟬𝟬𝟬 𝗽𝗲𝗿 𝘆𝗲𝗮𝗿.

Most SMEs and scale-ups don’t have 40 hours of "strategic" work every week. They have 40 hours of work, but only 4–8 hours of it requires a board-level head.

I provide that executive leadership for a 𝗳𝗹𝗮𝘁 𝗿𝗮𝘁𝗲 𝗼𝗳 £𝟴𝟱𝟬 𝗽𝗲𝗿 𝗱𝗮𝘆.

Whether you need a Fractional CIO to drive digital transformation or a Fractional CISO to manage cyber risk and compliance, the model is the same.

𝗬𝗼𝘂 𝗴𝗲𝘁 𝟭𝟬𝟬% 𝗼𝗳 𝘁𝗵𝗲 𝗲𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲 𝗮𝘁 𝟮𝟬% 𝗼𝗳 𝘁𝗵𝗲 𝗰𝗼𝘀𝘁.

𝗧𝗵𝗲 𝗜𝗺𝗽𝗮𝗰𝘁:

At one day per week, your annual spend is £44,200.

That is a £165,000+ s͟a͟v͟i͟n͟g͟ compared to a traditional hire.

Stop paying for executive "availability."

Start paying for executive 𝗶𝗺𝗽𝗮𝗰𝘁.

Phenomlab. Fractional CIO & CISO Leadership.

𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝗲𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲. 𝗦𝗠𝗘 𝗲𝗰𝗼𝗻𝗼𝗺𝗶𝗰𝘀.

Industry field of expertise

Languages

English
Native or bilingual

Workplace preferences

Can work on-site

London (up to 50km)

EnTrust Global Ltd
Global alternative investment manager
BANKING AND INSURANCE
January 2006 - October 2025 (19 years and 9 months)
London, United Kingdom
Progressed internally over 19 years from Assistant Manager to Director, Information Technology & Chief Information Security Officer, reflecting sustained expansion of enterprise, regulatory, and operational accountability within a globally regulated financial services environment.
IT Service Management IT Strategy Cybersecurity Incident Management IT Project Management CIO
EnTrust Global
Director, Information Technology & Chief Information Security Officer
January 2017 - January 2025 (8 years)
Appointed in 2017 to establish internal security governance and the firm's first integrated IT and security leadership function. Provided board-level reporting to UK and Singapore regulated entities as an FCA Material Risk Taker. Reported to the CFO, CCO, and Executive Committee as Head of IT and primary security adviser.

## Scope and Accountability

Led a six-person security and infrastructure team providing governance and technical oversight.
Managed hybrid infrastructure across AWS multi-region VPCs and on-premise services supporting 30 production servers.
Governed AWS estate with $50,000 monthly spend, balancing resilience with cost discipline.
Owned MSSP selection, contract governance, SLA management, and telemetry integration.

## Key Contributions

Designed an enterprise security operating model aligned to SOC 2, ISO 27001, FCA SYSC, NIST, and DORA.
Led SOC 1 and SOC 2 Type I/II audits for 8 consecutive cycles with no material findings.
Reduced outstanding audit observations by 40% through structured remediation.
Improved incident detection and response times by 50% via MSSP restructuring and telemetry integration.
Rationalized SaaS vendor landscape from eight to three strategic providers, reducing systemic risk.
Introduced board-level cyber risk reporting with defined ownership and tolerance thresholds.
Directed executive response during security incidents to maintain operational continuity.
Prioritized multi-million-pound investments against exposure reduction and commercial constraints.
Led annual penetration testing and quarterly vulnerability scanning across the network estate.
Directed quarterly reviews for network configurations and role-based access controls.
Managed annual Business Continuity table-top testing with stakeholders and the board.
Deployed a centralized ISMS to ingest logs from all network devices and manage governance.
Developed OS hardening standards for Windows and Linux to reduce the attack surface.
EnTrust Global
Senior Vice President, Information Technology
January 2015 - January 2017 (2 years)
London, United Kingdom
• · Entrusted with expanded executive responsibility for enterprise infrastructure, control maturity, and technology risk as the organization increased regulatory complexity and international scale.
• · Strengthened formal governance structures across IT and security operations.
• · Introduced measurable operational KPIs aligned to resilience and audit expectations.
• · Enhanced documentation, change control, and evidencing standards in preparation for sustained regulatory analysis.