IT GOVERNANCE - Key Persons

Alan Calder - Chairman, Founder

Job Titles:
  • Executive Chairman
  • Founder
  • Member of the IT Governance Management Team
Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. Alan founded IT Governance in 2002. He has written more than 20 books on cyber security, most recently revising Nine Steps to Success: An ISO 27001 Implementation Overview as well as tackling the GDPR with EU General Data Protection Regulation (GDPR) - An Implementation and Compliance Guide and EU GDPR: A Pocket Guide. Alan's work draws on his experience leading the world's first successful implementation of BS 7799 (now ISO 27001), and is also the basis for the UK Open University's postgraduate course on information security. Alan has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad on cyber security and data governance, and is a regular media commentator and speaker.

Andrew Johnston

Job Titles:
  • Member of the IT Governance Management Team
  • Head of Training
Andrew has demonstrated excellence in performance turnaround, mobilising large and complex projects, building new solutions, and leading teams to exceed service and stakeholder expectations. His previous business won the Interserve Group's Team of the Year award.

Chris Hartshorne - CFO

Job Titles:
  • Chief Financial Officer
  • Member of the IT Governance Management Team
Chris qualified as a Chartered Certified Accountant with Deloitte in 2007 and subsequently worked for PwC. In 2015, he joined MM (UK) Limited as financial controller before leaving in April 2017 to take up his position as Finance Director with GRC International Group.

Damian Garcia

Job Titles:
  • Member of the IT Governance Management Team
  • Head of GRC Consultancy
Damian is a highly experienced information security and risk management professional with more than three decades of experience in the information technology sector. He has held roles both in the UK and internationally, working with prominent organisations such as IBM and Microsoft. Damian has successfully collaborated with both private- and public-sector entities, effectively mitigating risks in on-premise and Cloud-based IT environments. With an MSc in cyber security risk management, Damian maintains various professional certifications and remains deeply committed to safeguarding organisations' information and IT infrastructures. He also conducts training courses focused on enhancing organisations' understanding and control of cyber and information security risks. Throughout his career, Damian has played a crucial role in helping clients develop robust cyber and information security management and resilience systems, aligning with government and industry frameworks and standards such as ISO 27001, ISO 22301, SOC 2, NIST, the PCI DSS and Saudi Arabia's Essential Cybersecurity Controls (ECC-1:2018).

James Pickard

Job Titles:
  • Member of the IT Governance Management Team
  • Head of Security Testing
James is an expert penetration tester with more than a decade in the field. He has a history of leading and executing penetration tests across diverse industries on a global scale. James specialises in the two key areas of infrastructure testing and authorisation bypass techniques. His understanding of the nuances of user sessions, cookies, tokens, and other important components that regulate user interactions serves as evidence of this. James excels in leadership and technical expertise. He has managed the penetration testing team since 2018, directing them through tasks, improving testing procedures and cultivating collaborative relationships with clients.

Steve Watkins

Job Titles:
  • Group Director

Sujith Parambath

Job Titles:
  • Member of the IT Governance Management Team
  • Head of PCI and Cloud Consulting Services
Sujith is a seasoned information security professional, with a strong technical background in cyber security and information technology. He has spent more than 20 years assessing IT and cyber security risk; building frameworks, policies and procedures; conducting compliance/maturity assessments; remediating control weaknesses; and advising on ways to enhance controls and manage risks. He has extensive expertise in managing and auditing enterprise-level Cloud/IT infrastructures across several industries, including financial services, payment service providers and retailers. Sujith has particular interest in raising information risks at senior leadership levels, and helping organisations mitigate or avoid information risks through industry-accepted standards and solutions.