Who we are – Associates

Paul Williams, Associate

As former Head of Division for Operational Risk and Resilience at the Bank of England, Paul brings unique experience having played a pivotal role in developing the UK’s operational resilience regulations, building on his extensive career in financial services resilience and continuity. 

Read more about Paul

  • As Head of the Operational Risk & Resilience Division, Paul drove and supported various initiatives, mostly notably: development and implementation of the ground-breaking operational resilience policy; oversight of cyber assessment programme (CBEST) and associated regulatory assessment approaches.  His work involved close collaboration with finance sector firms as well as domestic and international public authorities.
  • Paul was the founding chair of the Bank of England’s Cross Market Operational Resilience Cyber Collaboration Group. Whilst at the Bank, Paul was also co-Chair of the G7 Finance Ministers & Central Bank Governor’s Cyber Expert Group and also founding Chair of the European Central Bank’s Systemic Cyber Group.
  • Paul now provides private client advisory services on operational resilience and cyber and continues to advise the European Systemic Cyber Group. 
  • Paul is also a Commissioner on the UK’s National Preparedness Commission whose mission is to promote better preparedness for a major crisis or incident.

Maggie Titmuss, Associate

Maggie is a  senior leader who has successfully transitioned from the public to private sector. A multilingual stakeholder with international experience in intelligence, investigations, capability building, security, cyber and risk management.  Skilled at management of government relations and capacity and capability building.  Maggie was awarded an MBE in 2011 for making a difference in the fight against serious and organised crime.

Read more about Maggie

  • Maggie was previously Director of Intelligence and Incident Response for one of the UK’s largest retail banks with responsibility for implementing a common intelligence operating model and intelligence response.  She led a threat modelling and engineering response to support and shape the control environment and chaired responses to incidents.
  • In her role as Head of Financial Crime Threat Mitigation for a leading UK retail bank, Maggie was responsible for briefing the CEO on financial crime threats and mitigation activity. She shaped new position linking into matrix structure – Financial Crime Compliance and Threat Mitigation.
  • Maggie was the UK lead in the British Embassy, Washington DC, for serious and organised crime, with responsibility for the Western Hemisphere. She briefed Ministers on key topics, such as child sexual exploitation, cyber, drugs & firearms smuggling and modern-day slavery/human trafficking. She was the key interlocutor with all relevant agencies including the FBI, Homeland Security and DEA.
  • Maggie sits as a Non-Executive Director on the Board of the Scottish Business Resilience Centre; acts as a special advisor to various organisations; and mentors through Women in Banking & Finance, Mind the Gap and Empowering Women to lead in Cyber Security.

Anna Somaiya, Associate

Anna is a highly experienced strategic technology leader, with a strong commercial mindset and repeated success leading ROI-backed enterprise IT transformations, operational excellence in day to day operations, developing architecture, driving security first and delivering data insights.

Read more about Anna

  • Anna has extensive experience leading cross-functional teams, working with business leaders to drive business strategy forward by using disruptive and leading-edge technology solutions.
  • She is an expert at launching and delivering technology programmes that safeguard data, streamline operations, drive innovation, improve cost efficiency and advance business strategy.
  • Anna is a seasoned team builder focused on acquiring and developing high-performing leaders passionate about diversity and an inclusive leader fostering a diverse and inclusive working environment and culture where colleagues of all backgrounds and experiences are valued and developed to reach their full potential.
  • Anna currently sits as a Non-Executive Director within a technology start-up company advising on equality, diversity and inclusion

Richard Preece, Associate

Richard is an experienced consultant working at the intersection of strategy, governance, risk and capability development (culture, leadership, people, process, data and technology).  His focus is upon joining the dots, to transform organizational agility and resilience.

Read more about Richard

  • He achieves this through a multidisciplinary collaborative, discovery driven and integrated decision-making approach that cuts through complexity, to achieve innovation, outcomes and objectives.   This is based upon over 30 years of experience developed initially in the British Army, then over 9 years working across multiple sectors in the UK and internationally. complexity, to achieve innovationRichard’s commercial experience includes working in Financial Services, Oil and Gas, Energy, Telecoms, Education, Recruitment, Marketing, Strategic Communications, 2014 FIFA World Cup, Law Enforcement and Defence sectors. 
  • Provided strategic and operational advice at CEO, COO, CPO and CTO level for the response to and recovery from Covid-19, including developing new hybrid ways of working.
  • On-going Operational Resilience regulation subject matter expertise for different financial service company programmes, covering pensions, mortgages, debt management, finance and foreign exchange trading, including the development of impact tolerances and capability self-assessments.
  • Crisis and incident management support to organisations in the real world including cyber enabled fraud; malware; malicious insiders; technology-based service interruptions; and personal data breaches.
  • Designing and running severe but plausible scenario exercises from board level to operational teams.
  • Sitting on several British Standards Institute (BSI) governance and risk management standards committees, with a particular focus upon information security, digital transformation and organisational risk and resilience.
  • Henley Business School Executive Fellow teaching on the GDPR Integration Programme.
  • A UK National Cyber Security Centre (NCSC) Certified Training Scheme Trainer.
  • Author of several cyber security book chapters.

Stewart Mclaren, Associate

Stewart is a pragmatic, experienced and flexible Operational Risk, Resilience and Cyber professional with a diverse career spanning Banking, Insurance and Engineering. Entering Banking and Financial Services at a highly dynamic period of change enabled Stewart to establish himself as a trusted senior advisor and internal consultant working across all front office, operations and technology functions, as well as interacting with many global regulators.

Read more about Stewart

  • Stewart has worked with consultancy clients to support 1st line operational resilience & technology risk management teams, 2nd line operational risk initiatives and 3rd line internal audit engagements.
  • Developed a pilot Operational Resilience framework for the newly merged Prudential and M&G entities in response to PRA/FCA PS6/21 & SS1/21. Undertook current state Risk Assessment covering Cyber, IT, Data, Third Parties, Premises, People & Process. Built and operationalised an Enterprise Process Management CoE leveraging ServiceNow and MetricStream.
  • Chief Operating Officer for the Barclays Capital offshore service centre with responsibility for overseeing the controlled migration of global Technology, Operations and Finance processes into Singapore. Represented Asia within the Global Rightshoring/Outsourcing programme and undertook detailed process outsourcing analysis across Asia in support of the global Barclays strategy and coordinated several global banking regulatory reviews of the firms offshored service centres.

Jash Needs, Consultant

Jash is passionate about building operational resilience by engaging people in the entire process and developing capability to navigate major incidents. She is a highly experienced operational and cyber resilience practitioner with a strong track record of implementation and facilitating C-suite engagements to derive the required outcomes.

Read more about Jash

  • Having worked in two of the largest global consulting houses and within a top 10 Fortune 500, Jash is an expert in her field and adept in many skills including:  programme management,  governance, design and strategy development, stakeholder management, exercise design development and delivery, structured assurance and audit, IT service continuity and resilience, business impact analysis, risk assessment, incident response and crisis management.
  • A cyber recovery project manager in banking sector focussing on exposure and vulnerability of critical economic functions and data vault design. Cyber program manager for oil and gas firm, including delivery of board level exercises. Lead assurer on cloud implementation focusing on ISO 22301 compliance.                  
  • As the technical authority on organisational and cyber resilience, Jash was responsible for the strategic direction, governance, compliance activities and risk monitoring and reporting across all major segments globally, in addition to this Jash also acted as the Crisis Advisor to the Executive Team, providing directional support, advice and guidance during real incidents affecting the whole group.
  • At Deloitte Jash’s main area of focus was on the consulting delivery across a portfolio of clients and projects. Typical projects included business continuity and crisis management (BC & CM) programme assessments, BC & CM planning and testing and recovery strategy analysis and development. In addition to leading project delivery, she also supported the strategic sales efforts and business development, functioning as a subject matter expert in understanding client requirements and qualifying opportunities.
  • Jash’s primary responsibility at Marsh was project delivery, her role also focused on working closely with the industry sector leads to provide the industry depth and knowledge to develop and grow the BCM service line practice through delivering BCM across the industry sectors.    

Akanksha Mohan, Associate

Akanksha is a highly experienced security risk professional with extensive experience in leading the design and implementation of cross-functional risk and compliance  frameworks. She is an expert in Operational Resilience, Information & Cyber Security, Business Continuity, Operational Risk Management and GDPR.

With strong stakeholder management skills, she has successfully spearheaded several change, regulatory and continuous improvement projects to drive organisational efficiencies at both strategic and detailed levels.

Read more about Akanksha

  • Successfully delivered core methodology and operating model framework approach for a leading UK insurance company. Led design and documentation of process maps, impact tolerance statement, scenario testing and operational resilience target operating model.
  • Enhanced and streamlined process mapping of Important Business Services for a global life assurance company. Delivered “future state” core key reporting metrics and mobilised workshops and sprint sessions to drive Category B requirements for core areas in line with the Target Operating Model.
  • Developed and embedded principal and evidence-based policies and strategies for a UK retail bank. Worked with stakeholders in leading and delivering scenario/simulation test exercises to effectively lead the formation od sustained resiliency and disaster recovery playbooks. Embedded operational resilience and business continuity plans; led BIAs and developed work area recovery sites in line with evolving threat landscape.
  • Structured target operating model and new risk taxonomies relating to cyber and security pillars for a leading UK retail bank.  Developed gap analysis and leveraged funding for technology transformation of critical business processes which resulted in elimination of single point of failure.

Thomas Croall, Associate

Thomas is an award-winning risk and resilience professional with the proven ability to develop and lead operational resilience programmes and ISO 22301 certified business continuity programmes that are fully aligned to the needs of the customer, the Board and regulators.  He has a successful track record across multiple sectors including, financial services, outsourcing, local government and the rail industry.   A recognised subject matter expert that has held multiple industry leadership positions and leads impactful projects that have advanced the profession.

Read more about Thomas

  • Thomas co-authored “Rail Resilience Review” – a resilience-based assessments/gap analysis of integrated emergency management capability across all UK rail infrastructure and train operating companies. He designed the Rail Resilience Programme plan leading to a Department of Transport funded 3-year programme of cross-industry improvements.
  • Co-chaired the multidisciplinary COVID-19 Task Force for one of the UK’s top online travel companies and led the risk assessment and forecast that supported the COVID-19 work from home policy.
  • Designed and developed the Operational Resilience framework and policy for a UK retail bank to meet its customer strategy and FCA/PRA regulatory requirements.  Designed and piloted “impact over time analysis” to set the disruption tolerances for the Bank’s most critical end-to-end important business services and associated customer outcomes. Coordinated the operational components of the Bank’s financial recovery and resolution planning in line with PRA and EBA requirements.
  • Developed Coventry University’s first online Masters module in Risk, Crisis and Continuity Management as well as lecturing part-time.
  • Provided expert guidance on approaches to crisis management exercising and command and control structures for one of Canada’s largest pension investment managers.
  • Overall ownership of business continuity and crisis management for one of the UK’s largest business process outsourcers. Achieving full ISO 22301 certification within five months of commencing role.