Chris is a Senior Consultant at URM who has worked in IT for over 30 years, with more than 14 years’ experience in information security. For the last 6 years, Chris has been focused on the provision of consultancy and auditing services to a wide range of private and public sector organisations. He is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Payment Card Industry Qualified Security Assessor (PCI QSA), ISO 9001 Certified Lead Auditor and an ISO 27001 Certified Lead Implementer. Chris has managed information security risk and compliance across the technology departments of a major multinational organisation, as well as the ongoing compliance of numerous public service network services. Chris has extensive experience initiating and managing major ISO 27001, Sarbanes-Oxley, CAS(T) and ND1643 certification projects and also has a comprehensive knowledge of PCI DSS and SOC.
Blogs
Podcasts
InfoSec Insider
Season
2
, Episode
38
Business Approaches to Risk Management
In this episode of InfoSec Insider, Wayne Armstrong and Chris Heighes, both Senior Consultants at URM, offer key advice on effective approaches to cyber and information security risk management from a business perspective. Chris and Wayne draw upon their combined 45 years of experience in information security and risk management to discuss:
- What good, risk-based decision-making actually looks like in practice, and where it most commonly breaks down
- The most concerning information security risks of today that do not get enough attention at the board or executive level
- How organisations can move away from checklist-driven compliance and towards meaningful cyber risk management that supports business objectives
- How organisations should rethink ownership and accountability for information security risk in light of growing dependence on cloud services and third-party providers
- The capability or mindset they believe information security leaders must develop now to remain effective risk advisers in the coming years.
InfoSec Insider
Season
1
, Episode
31
SOC 2 Explained
In this episode of InfoSec Insider, Chris Heighes, Senior Consultant at URM, breaks down the System and Organization Controls 2 (SOC 2), an information security framework aimed at providing assurance to a service provider’s clients that their data is stored and processed in a secure manner. Chris leverages his 15+ years of experience in the information security space to discuss:
- Which organisations should be considering a SOC 2 audit
- What a SOC 2 audit involves
- The benefits of having a SOC 2 report
- The challenges an organisation may face when preparing for their first SOC 2 audit.
InfoSec Insider
Season
1
, Episode
21
DORA - EU Cybersecurity Legislation for Financial Organisations
In this episode of InfoSec Insider, Chris Heighes, Senior Consultant at URM, takes a deep dive into the Digital Operations Resilience Act (DORA), a new EU regulation for financial entities and their key suppliers to improve their digital operational resilience, which comes into force on 17 January 2025. Chris Leverages his 30 years of IT experience and 15 years’ experience in information security to discuss:
- What DORA is
- Which entities are in scope of the Act
- How DORA’s requirements differ from those of ISO 27001, the International Standard for Information Security Management Systems (ISMS)
- The timelines for implementation of DORA and how it will be enforced.