Tomorrow's Security, Today - Championing Audit & Compliance Excellence
Information Security Manager and Compliance Expert

Roland Elyon Arthur-Kingsley

Information Security Consultant | PCI DSS | IT Audit | GRC Expert

CISA | CISM | CC | MSc | BBA

Hey There 👋🏿

I'm an Information Security Consultant with 10+ years of experience delivering PCI DSS v4.0.1 compliance, IT Audit, and GRC programs across fintech, cloud, and regulated sectors. Specialized in PCI-DSS Compliance roles, IT Audit positions, and IT Audit, Risk & Compliance roles. Adept at protecting businesses by improving cybersecurity posture and reducing the likelihood of breaches through comprehensive security audits, third-party risk frameworks, and governance strategies.

  • Leading security assessments and implementing effective compliance frameworks
  • Developing robust governance frameworks and managing third-party risks
  • Facilitating technical growth through mentoring, documentation, and knowledge sharing
  • Driving innovation whilst maintaining operational excellence and security compliance

Target Job Roles & Expertise

My career is focused on securing positions and delivering excellence in these specialized areas:

PCI-DSS COMPLIANCE ROLES

PCI DSS v4.0.1 Expert | QSA Collaboration | Compliance Management

IT AUDIT ROLES

Strategic IT Auditor | Security Assessments | Control Evaluation

IT AUDIT, RISK & COMPLIANCE

GRC Specialist | Risk Management | Third-Party Risk

INFORMATION SECURITY MANAGEMENT

COMPLIANCE & GOVERNANCE FRAMEWORKS

Key Achievements

Security Leadership

Successfully led and implemented PCI DSS assessment projects and established comprehensive third-party risk management programmes. Developed enterprise-wide security frameworks and compliance roadmaps for sustained organisational resilience.

Technical Excellence

Currently leading third-party risk governance initiatives and implementing enterprise-wide vendor evaluation frameworks. Established comprehensive TPRM programmesand KRI/KPI frameworks to enhance supplier risk management and compliance monitoring.

Core Competencies

Governance, Risk & Compliance (GRC)

  • Risk Management Frameworks (ISO, NIST)
  • Regulatory Compliance (ISO 27001, CIS)
  • Third-Party Risk Management (TPRM)
  • Security Policies & Awareness
  • Business Continuity & Risk Treatment

PCI DSS Compliance & Audit

  • PCI DSS v4.0.1 Scope Definition & SAQs
  • Report on Compliance (ROC) Documentation
  • Audit Lifecycle Management
  • Gap Analysis & Remediation Tracking
  • PCI DSS Program Development

Cybersecurity & IT Audit

  • Information Security Assessments
  • Risk-Based Audit Planning
  • Internal Controls Evaluation
  • Vulnerability Management & Risk Analysis
  • Security Architecture Review

Professional Experience

Third Party Risk & Compliance Manager

Current

Tia Cloud UK Limited, Saunderton, High Wycombe, UK (Hybrid) • Aug 2024 - Present

  • Develop third-party risk governance frameworks to implement consistent vendor evaluation practices.
  • Prioritised supplier reviews using a tiered risk model, resulting in a 30% increase in assessment efficiency.
  • Instituted TPRM programme to strengthen supplier risk identification and mitigation strategies.
  • Established KRIs and KPIs to boost visibility into third-party security performance and compliance trends.

IT Auditor/Compliance Program Manager

Eretmis Inc. New York, USA (Remote) • Mar 2021 - Jul 2024

  • Led PCI DSS assessment projects, managing compliance readiness, gap analysis, and remediation planning.
  • Developed detailed PCI project plans, enhancing cross-functional alignment by mapping responsibilities, milestones, and deliverables to improve project visibility and on-time audit completions.
  • Improved assessment boundary definitions through strategic segmentation advisory, reducing scope creep and audit complexities whilst enhancing overall network security.

Projects Manager - IT Security & Compliance

KASANT CONSULT LIMITED, London, UK (Hybrid) • May 2016 - Feb 2021

  • Defined, maintained, and enforced enterprise-wide information security policiesfollowing ISO 27001, NIST CSF, CIS Controls, and PCI DSS.
  • Spearheaded PCI DSS segmentation and scope reduction initiatives, achieving sustained annual compliance certification.
  • Created and implemented a scalable risk management framework, enhancing governance consistency across business projects.

Frequently Asked Questions

What is PCI DSS v4.0.1 compliance?

PCI DSS (Payment Card Industry Data Security Standard) version 4.0.1 is the latest standard for organizations that handle credit card information. Compliance involves implementing security controls to protect cardholder data, including network security, access control, regular monitoring, and maintaining security policies.

What does an Information Security Manager do?

An Information Security Manager oversees an organization's information security program, including developing security policies, implementing controls, managing risk, ensuring compliance with regulations, responding to security incidents, and leading security awareness initiatives.

What is Third-Party Risk Management (TPRM)?

Third-Party Risk Management is the process of identifying, assessing, and controlling risks presented by third-party vendors and service providers. It involves due diligence, ongoing monitoring, and establishing controls to mitigate risks associated with outsourcing and vendor relationships.

What certifications are important for Information Security Professionals?

Key certifications include CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), and specialized certifications like PCIP (Payment Card Industry Professional) for PCI DSS expertise.

PCI DSS Expertise

As a PCI DSS v4.0 Specialist, I've led numerous projects implementing and assessing compliance with the Payment Card Industry Data Security Standard across various industries. My expertise spans the entire compliance lifecycle from scoping and gap analysis to implementation and formal validation.

Compliance Validation

Extensive experience preparing Reports on Compliance (ROC) and Self-Assessment Questionnaires (SAQ) for organisations of various sizes. Expert in evidence collection, documentation, and QSA coordination for successful validation.

Scoping & Segmentation

Specialised in PCI DSS scoping optimisation through effective network segmentation, data flow analysis, and zero trust principles. Proven track record of reducing compliance scope and costs while maintaining security.

Featured Projects

Enterprise PCI DSS Compliance Framework - Information Security Project
Enterprise PCI DSS Compliance Framework

Developed a comprehensive PCI DSS v4.0.1 compliance framework for a major financial services company, reducing audit scope by 40% through effective network segmentation.

Third-Party Risk Management Program - Information Security Project
Third-Party Risk Management Program

Designed and implemented a scalable TPRM program for a global healthcare organization, standardizing vendor risk assessment processes and improving compliance visibility.