william d. patterson - curriculum vitae 01224316569/07892893687

8/14/2019 William d. Patterson - Curriculum Vitae 01224316569/07892893687

1/7

3

WILLIAM D. PATTERSON - CURRICULUM VITAE01224316569/[email protected]

R

SPECIALTIES Business Continuity/Disaster Recovery Emergency Management Risk Management Management of large, complex projects within rigid time, resource, and budget constraints Security(both physical and IT) Training

INDUSTRY EXPERIENCEFinance/Banking/Insurance Telecommunications Government Training

QUALIFICATIONS: B. Sc. Economics (Hons)

INSTITUTION: Institute of Civil Defence and Disaster Studies (Fellow), Emergency Planning SocietyInstitute of Management and Production

Brief outline of what I can offer the client Extensive knowledge of industry best practice and standards re risk management throughout the world Strong business(originally an Economist) and technical focus ensuring cost effective IT solutions for my clients Adept at dealing with multicultural environments Extensive experience in fields of Finance, Government, and Telecommunications Experienced in dealing at Senior Management, Board and Ministerial Level An ability to communicate on the same wavelength as finance depts

Proven track record in staff motivation . Excellent knowledge project management methodologies, controls, tools & techniques.

Thorough knowledge of Corporate Governance, Risk, resilience and reporting legislation throughout EU, UK, and USA Extensive Crisis Management experience Twenty plus years with responsibility for Business Continuity/Disaster recovery strategy and design . Many years experience setting up and running datacentres I have developed and delivered training courses on:

Business Continuity and Disaster Recovery Corporate Governance Risk Resilience and Reporting(addresses FSA, Basel II, SOX, NYSE446, Combined code etc) Ensuring resilience in investment banking infrastructure and practices Risk Management(12 modules) Project Management Negotiation Skills Management of Data Processing organisations

Which I have delivered throughout the world. I am willing to make these available on a none exclusive basis to my employer .

1


2/7

CAREER HISTORYFeb 2010 Advising UAE client with respect to salvaging major fixed price disaster recovery contract that they

are committed to in the oil and gas sector in Abu Dhabi which is many months behind schedule andcurrently loss making.

Dec 2009 Developed resilience service marketing strategy and Business Plan for major UAE based professional servicesgroup. The business objective is their becoming competitive vis-a-vis the big 4 and major hardwarevendors(EMC,HP,IBM etc) in the resilience sector of the Middle Eastern market within a three year period

2009 Turkcell ConsultantProvided off site Contingency planning for Pandemics advice to Turkcell (largest mobile telephonyoperator in Turkey). Produced Pandemic Planning Guide for Telecomms Carriers

2009 Jephson H.A. Consultant/Manager

Conducted Business Impact Analysis on business critical systems In conjunction with regional directors and business system owners determined Jephsons IT and

departmental work area requirements in the context of corporate medium term planFull costing analysis and creation of business case

Audited the resilience of Information Technology systems, throughout the JHA group

Developed new BC/DR strategy consistent with a Recovery Time Objective of one hour and recovery point objective of 20 minutes.Conducted RFI process and contract negotiations with shortlisted suppliersDeveloped Project Management and Implementation Plans.Designed datacentre conversion at Northern Regional OfficeEvaluated existing third party DR strategy, hosting contract and alternative suppliersAdvised on contingency planning for pandemicEnvironment Sun mid range, EMC Clarion, Citrix, Dell Poweredge, Wintel , Cisco. VMware, Navisphere,

Oracle Financials, MPLS, BS25999,ITIL

2008 HMRC - Aspire Programme ConsultantAs part of the Security, and Risk Management function:

Undertaking risk assessments on the Contact Centre Telecommunications Support Function, HR,Communications, and Contract Management departments.

Carrying out Business Impact Analyses and developing Business Unit Recovery Plans for critical HMRC systems (HR, Communications, Telecommunications support to28 Contact Centres, Solutions Delivery Operations, Commercial and Contract Management)

plus other less critical development and support functions. Plan development had to comply withBS25999

Advising on testing procedures including migration of staff/ equipment between production andDisaster Recovery locations. Heavily involved in test .

Developed Enterprise Wide Location Recovery PlansDeveloped BC/DR awareness presentations to be implemented throughout Her Majestys Revenue

and Customs DepartmentEnvironment IBM Z990, HDS 9800, 9600 San, EMC SAN, Cisco, DMX, SRDF, MPLS, Mid range, Sun, Unix. Oracle

Financials, Websphere, Test Director, ITIL,BS25999 OGC

Feb 08 Dec 2008 CITC - Saudi Arabian Telecommunications Authority, Riyadh, Saudi Arabia(Oct-Dec offsite)Role Subject Matter Expert - Business Continuity/Disaster Recovery Consultant/Security

As a result of action by the Ministry of the Interior(MoI), in 2007 CITC, decided to define the obligations of thetelecommunications licence holders with regard to Disaster Recovery; Business Continuity; and compliancewith world standards( ISO27001/27002, BS17999, and BS25999) It consequently awarded a contract to A. D.Little who assigned W.D.Patterson as SME to :

Benchmark 12 countries as regards industry best practice in emergency situations. Benchmark Telecommunications best practice in War scenarios. The Saudis understandably are

extremely conscious of the risk of middle eastern wars. Hence the benchmark which examined theimpact of Hezbollah- Israeli war on Lebanese telecom, Wars in former Yugoslavia, and the Gulf wars,addressed telecomms usage in wartime; network resilience; and physical security of key buildings.

Analyse worldwide risk management and BC/Service continuity regulations/guidelines (SOX, BaselII,BS25999,NYSE Rule 446,combined code,FSA, ITIL). Conduct Gap Analysis of current status of Saudi Telecommunications against same.

Conduct BC/DR/Security audit of existing and new Telecommunications operators in theTerrestrial, Mobile, IP and Satellite sectors of the Telecommunications industry

2


3/7

Create industry best practice guidelines (to be translated into legislation) on risk and disaster Management to apply to the Saudi Arabian Telecommunications Industry.

Advise Saudi Arabian Interior Ministry and CITC on emergency communications in natural disasters.This included secure wireless access, TETRA, IP communications, first level responder interoperability, and Telephony prioritisation.

With the dependency of the growing Saudi finance sector on IP services, specifically address resilienceof IP telecommunications in this sector.

Advise on flexible resilient telecommunications to be made available to humanitarian and relief Organisations in the immediate post disaster situation

Develop Standards on physical security to be applied to all key buildings in the carriersnetwork(offices, MSC, BSC, Data Centres, Earth Stations, Data Centres, Exchanges etc). This was toaddress all critical threats including natural disasters(notably earthquakes, Dust storms and flooding),civil unrest, terrorism and war

Advise on the appropriate technological solutions to ensure network resilience Provide guidelines as regards industry best practice on Information Security and Risk Management to

apply to the Telecommunications Industry at enterprise level Advise on ensuring compliance with ISO27002 and ISO 17799 by the Telecommunications industry

and supply chain. Advising CITC re resilience and security of its own web based systems Advise on setting up Enterprise Security Programme, Enterprise Security Strategy, and Computer

Security Incident Response Team across CITC Advise on physical security and counter terrorism. Ensuring that it was incorporated in

Network rollout Advise on infrastructure resilience for networks and datacentres in the telecommunications industry Advise CITC(Board Level and Senior Technical Level) on Crisis Management and Business

Continuity Planning practice and structure to be applied within CITC itself

The report has been translated into legislation which now applies to the Saudi Telecommunications industry

July- December 07 Developed Corporate Governance, Risk, Resilience and Reporting training course. This course incorporatesan analysis of the key Governance regimes in the UK(addresses Combined Code, FSA, Corrigan3,Turnbull, Smith

and Cadbury), EU(Basel II), USA(SOX,NYSE446) both from a theoretical and hands-on perspective.

January 07-Jun 07 National Commercial Bank. Jeddah, Saudi ArabiaRole Business Continuity/Disaster Recovery Expert/Manager

EMC are one of the world's largest storage Area Network Specialists. They have a contract with the NationalCommercial Bank to develop a comprehensive business continuity platform for the bank. I was a senior consultant.Specific responsibilities included:

Developing Disaster Recovery and Business Continuity plans for the Treasury Divisionof the National Commercial Bank of Saudi Arabia. These were compliant with the Basel II HighLevel Principles on Business Continuity and the draft BS25999 standard. They involved relocationof staff to Disaster Recovery offices that I had managed the fitting out and testing of.

Advised NCB Business continuity Dept on implications of draft BS25999 in context of SAMA regulations

In charge of testing Treasury division DR/BC plans both desktop exercises and actual tests Developed resilience solution for Treasury division call recording and CTI service . Reviewing information security Conducted in depth Risk Assessment of HR, Facilities, Telecommunications and IT support

functions . Advised on data centre design security and safety Advised on counter terrorism Audited voice telephony and VOIP as part of Risk assessment of Telecommunications Audited Saudi and Bahrain call centres from a resilience perspective

Audited Wide Area Network, LAN and third party Satellite services. Conducted in depth Risk Assessment of HR; Facilities;and Information Technology ;Security; &Telecommunications.

The facilities assessment focussed on the buildings, infrastructure(power, air handling,space, floor loadings , equipment monitoring etc) logistics and safety.Given the middle eastern situation much attention was paid to security against terrorist

attack. In depth building(and surrounds) security design guidelines were providedto NCB based on a combination of worldwide standards, and the authors personal experience.

For the Information Technology assessment analysis was undertaken of systems and procedures.Focus was given to. project risk management(using tops down approach), changeand incident management.

3


4/7

A key component of the audit related to IT Security. The areas of greatest concernwere mobile computing, internet security, interface to change and incident ,managementand external customer focussed systems. With regard to the latter giventhe dependence of the NCB on E- Commerce considerable attention was given tosecurity of their portal based systems(online banking etc).The review highlighted major exposures which could have allowed fraud totake place on a massive scale. Remedial actions were recommended which should

prevent future fraud. Developed Disaster recovery strategy re data telecommunications networks

(terrestrial, Satellite) and voice( Avaya PABX, Some terrestrial, IVR, VOIP) basedon the results of a risk assessment. This was complicated by the Reuters satellitemarket data services which used proprietary hardware and software with support outof Austria. The report highlighted major exposures as regards single points of failure and where possible(not always as Saudi Arabia has a single Telecoms supplier)provided costed and resourced solutions

The review highlighted the need for Risk Management and Business Continuity to be embedded in theculture of the organisation.

Advised on security and emergency response at branches of NCBs retail arm Project Managed resilience awareness campaignEnvironment Superdome, Mid Range UNIX, Windows NT, EMC Symmetrix DMX, SRDF, Evergreen(BCplanning tool) ,

Oracle Financials, Websphere, Veritas Netbackup Kondor,Reuters, Blomberg, ITIL, Basel II, BS25999, BS17999, ISO27002

November 2006 Co Host ,Main Speaker and Facilitator at Pandemic Planning Conferenceheld in Belfast which was attended by senior management(up to Asst Director level)representatives from Office of the First Minister, Northern Ireland Housing Executive,Belfast Resilience, and Social Welfare Department.

Jan 2006 - Nov 2006 HVR Consulting ServicesRole Senior Principal Consultant Risk Management Practice

Key activities were:Training :

For the National Standards Institute of an EU country developed a Course on

Risk Management which addressed the subject from a hands on perspective but alsofocused heavily on the extension of regulatory scrutiny (Sarbanes Oxley, NYSE446, Basel 2 Principles, Combined Code etc) in relation to risk managementin the financial sector

Developed training courses tailored to regional Fire Service DR/BC requirements Developed training courses for local authorities re their obligations under the Civil Contingencies Act

20. Developed a 12 module Project Management course on behalf of the Ministry of Commerce of an EU countryDeveloped Risk Management training course(using REMIS and ARM) for Shetlands Islands Council

Consultancy Developed a generic disaster recovery/business continuity strategy for a major European

mobile Telecommunications carrier(GSM,GPRS) addressing all aspects of business includingretail outlets and Call Centres.

Reviewing the Plans prepared by a major shipping company for Business Continuity andDisaster Recovery at their worldwide offices(45 in total).

Advising defence client on Disaster Recovery and Security implications of VOIP Reviewing Major Emergency Response Plan for Northern Ireland Housing Executiv

Business Devt Undertook business development with commercial and Government clients in the EU providing

Consultancy expertise in Business Continuity, Project Management, and Risk Management. Arranged security consultancy for 50+ off-shore oil rigs in the UAE

Environment IBM A/S400, Unix, Windows 2000

2005 European Patent Office Consultant/Programme ManagerConcurrent with my role at RBoS I won contracts at the European Patent Office (EPO).The objective of theinitial contract was a resiliency audit of critical systems, datacentres and communication hubs at the Rijswijk and MunichThe audit report incorporated an in depth risk analysis of the EPO's datacentres, networks, infrastructure, andculture highlighting exposures and proposing solutions (along with their associated resource/time commitment).

4


5/7

The Audit Report was presented to selected Board members in September 2005. It confirmedtheir belief that the existing DR strategy was severely flawed. Consequently I was commissioned to produce anew Disaster Recovery Strategy for the EPO with specific focus on the Rijswijk and Munich operations. Anintegral part of the strategy was the sourcing of a third Dutch data centre and the migration from the existinginadequate Rijswijk DR centre to this centre. The strategy incorporated a major change in wide area network toeliminate distance issues with replication.. Radical solutions were proposed re storage management, X seriesvirtualisation, and networking across the three main sites (Rijswijk, Munich and Vienna). In addition todeveloping the strategy the report provided a tactical level guide, including, as appendices, detailed data centremigration plan , revised WAN(before and after), logistics plan for supply/distribution chains and applicationmigration schedules. The report, in a sanitised form was presented to the EPO's Administrative Council. A high

proportion of the strategy has been acted upon

The scale of the assignment, can be assessed from: The internet based filing and search systems of the EPO generate revenue in excess of 400millionEuro per annum

The annual operating budget for Disaster Recovery/ Business Continuity related activities Network of sites in 20+ countries with major data centres in Rijswijk, Munich, Vienna

Although the technical component of the role was very significant, at least as critical was stakeholder Management given the multi ethnic and highly political nature of the EPO board

Environment IBM Z990, IBM P Series, X Series, Windows NT, Multiple HDS9980 SAN(92 terabytes),IBM3494VTS, GDPS/PPRC,GDPS/XRC, Oracle, Websphere,Netbackup, Legato, ITIL ,Prince

2004 2005 Royal Bank of Scotland Consultant/Project Manager

Prior to a successful integration of RBoS and Churchill's systems an audit/gap analysis of theDR/BC/Security capabilities of Churchills systems against RBS Standards and Operating Principlesand FSA Regulations/Guidelines was required. Where gaps were identified I:

Developed the technical disaster recovery/business continuity solutionProject Managed solution implementation into the RBS Insurance Service environment.Tested BC and DR solutions prior to their being accepted into productionEnvironment IBMZ990, Compaq Mid Range, multiple EMC,&HDS 9800 SAN, Cisco, MPLS, Unix, Windows NT, SRDF,

Netbackup, ITIL

2003 KBR Programme Manager/Technical Architect - Infrastructure

Duties KBR were appointed Programme Manager for the NPfIT programme. I was recruited as aProgramme ManagerWith the lack of technical expertise within KBR , I additionally undertook the roles of:

Technical Architect for the Infrastructure Group (MPLS, IP, plus legacy ATM, SDLC,X25network architecture, Call Centre/NHS Direct).

Project Manager on the Electronic Booking and Electronic Prescription projects Advising on information security( application or network level encryption)

CRAMM threat/risk analysis of the Electronic Booking and Electronic Prescriptions project As part of the central spine(National Customer Database) tender creation team I provided a risk

management, security (BS7999 compliance )evaluation and DR/BC consultancy function. Co Programme Managed(with NHS Manager) upgrade of network to 3,000 doctors surgeries.

This upgrade involved a significant logistics planning component because of the physical

number of surgeries, the need to minimise risks to the doctors surgeries and patients(as part of theimplementation strategy a thorough risk management process using CRAMM was undertaken). Evaluated tenders for a new Email system for NHS Advised on system resilience and disaster recovery

2001 2003 Orange Netherlands Programme Manager/Business Continuity/Disaster Recovery ExpertDutchtone is the third largest GSM network provider in the Netherlands.Project Management Methodology PRINCE. Service delivery to ITIL standards.My main achievements were:

Project Managed the 22 million Eu Network Quality Improvement Project with responsibilityfor improving quality of BSS, NSS, MSC, and Access Network Services.

Developed a disaster recovery strategy addressing GSM,GPRS(Nokia/Nortel), core networks,call centres and extending to IT systems including the BSCS billing system. This was

developed after undertaking a risk management assessment of Dutchtones commercially criticaland politically sensitive systems.

Developed Crisis Management Strategy and procedures. Set up Crisis Management Commandand Control Centre

Developed Disaster Recovery/resilience strategy for Dutchtone Call Centres Netherlands representative at Orange Group(25 countries) Business Continuity Centre of Excellence

5


6/7

Developed Business Continuity strategy and plans for Billing(BSCS), Mediation, andCustomer service(Vantive( system

Conducted disaster recovery tests at the Den Haag MSC and Computer centres of IT systems,Mobile Network Switching and environmental hardware( Generators, UPS, Air Handling etc).

Implemented remote working for my department and for key Dutchtone executives tofacilitate continuity of service in a disaster which denied access to the datacentres and offices

Advised on consolidation of data centres across the Orange Telecom GroupDutchtone delegate at the Nacotel joint Government- Telecoms industry working partyEnvironment Mid Range Unix, Windows NT, Ericsson MD110, Alcatel & Nortel GSM switches, Nokia 3G switches

Cisco IP Switches, Prince 2, ITIL, PRINCE, Primavera, MS Project,BSCS ..

1994- 2000 Omega Project Management Managing ConsultantMajor assignments were:2000 Telstra - Project Director PlanIT

The replacement for Telstras Cable Plant Record System which addressed maintenance and fibreInstallations was in crisis when I took control. It was 18 month behind schedule and significantly over budget.I pulled the project round to a level where it could be handed over to IBM(Telstra's had outsourced inThe interim) to finish the rollout.

1999 2000 Vodafone Australia Disaster Recovery/Business Continuity ManagerDeveloped and implemented the DR/BC Strategy and plans for the Billing and Customer care system of

Australias largest GSM operator. The BC component of the design was critical as the Amdocs Billing system wassupported out of Israel. On site support was on occasions withdrawn at minimal notice as a consequenceof the Middle East situation.

The role involved: Audited Vodafone's Datacentres and NOCs from a risk, resiliency and physical security perspective.

Advised major improvements which have proven themselves during periodic bushfire alerts( the VictoriaCentres are particularly exposed)

Conducted a Threat Analysis and Business Impact Analysis on the Billing and Customer Care systems. Set up a crisis management strategy, organisation, and Command/Control centre Developed a comprehensive Disaster Recovery Plan for the Billing and Customer Care systems Sourced and fitted out a second NSW datacentre for use as a hot standby DR Centre. This allowed

a long term triangulation strategy to be followed incorporating the Melbourne Datacentres Conducted formal DR/BC tests of applications, datacentre recovery, and call centres Developed DR plan for Vodafone call centres.

1997- 1998 Advantra Programme/Senior Project ManagerManaging a programme of 17 projects for IBM and outsourced clients.Achievements:

Replacement of Ericsson MD110 PABX at sites throughout Australia with Lucent Definity 15 of 17 Projects were delivered to time and under budget The two that failed to meet the timeframe weredelayed as a result of IBM's insistence on using RS6000 hardware for firewalls even though they had a five month lead time.

Joint PM on implementation of SAP across IBM and Lend-Lease Conducted information security penetration tests at Mercantile Mutual, and ENZ Australia Evaluated Project and Risk Management practices. Mentored staff on industry best practice Savings in excess of $1,000,000 as a result of mentoring on Negotiation Skills

1996 1997 Optus Communications, Programme Manager Managing digitisation of Optus satellite services($19.6 million budget). Advising on pre contract procurement process for new military/civil satellite.

1994- 1996 Qantas Senior Project ManagerIntegration of Finance subsystems(OLAS, EDI, etc) of the former Australian Airlines

with the MVS production subsystems of Qantas. Managing the communications component of the $150 million Qantas Universal Business

Environment world wide rollout.

1992 1994 Sabre Systems Project Management Consultancy - ConsultantMain assignments were:1994 - 1994 New Zealand Employment Service -Project ManagerProject management of the Employment Subsidy Management System

1992-1994 Telecom New Zealand -Project Manager

6


7/7

Managing the implementation of the Vision 0800 project. This encompassed billing,customer care and management reporting Controlled the extension of Vision 0800 to cover

Toll 0900 customers.

1993 Radiola (formerly AWA New Zealand) - Project Manager Managing time critical development of Meatworks control system

Sep 91 - Nov 92 Equipment Remarketing AustralasiaA computer broking and consultancy company which I was CEO.ERA carved a market niche as a supplier of usedUnisys computer equipment. It also supplied clients with gas turbine generators and specialist negotiating skills

Aug 90 Dec 91 Department of Social Welfare Senior Technical Services ManagerI was brought into DSW charged with bringing commercial logic into IT, improving the quality

of end user services, improving departmental productivity and reducing costs.As a divisional manager I ensured that all the high priority objectives of the division were achieved

within budget.I was able to save DSW in excess of $3,000,000 in those negotiations I personally conducted on behalf of theInformation Technology Service Centre and a further $600,000 on behalf of other sections of IT within DSW.Although divisional manager I took personal responsibility for :o Project managing the design sourcing and fitting out of DSW Disaster Recovery centre. This

Included ensuring that physical security was compliant with worldwide best practiceo Implementation of comprehensive risk management practiceso Development of comprehensive Business Continuity Plans for all key DSW information

Technology systemso Enhancing security of IT systems to reduce opportunities for benefit fraudo Selection of Network Hardwareo Rationalisation of DSW Networks . This resulted in annual savings of $600,000o Whilst fitting out the DR Centre with hardware I negotiated what was then the world's

largest second user Unisys A series contract (circa $8,000,000)o Resilience / Disaster Recovery of DSW Call Centres

Oct89-May90 Databank Systems (NZ Clearing Bank) Project ManagerManaging the automation of MVS, CICS, and IMS subsystems; Creation of Project Management

Methodology

NORTHERN HEMISPHERE

From 1976 1989 I managed major programmes and projects for

ICI(2 projects); Midland Bank; National Bank of Kuwait (UK and Kuwait); IMSData (Germany);Xerox(2 projects)UK Post Office;Hadeed(Saudi Arabia); National Housing Trust (Jamaica) .These were regularly achieved on time and budget.

william d. patterson - curriculum vitae 01224316569/07892893687

Documents