Tomorrow's Security, Today - Championing Audit & Compliance Excellence

Roland Arthur-Kingsley

Information Security & Compliance Leader

CISA | CC | MSc | BBA

Hey There 👋🏿

I'm a seasoned Information Security & Compliance Executive with 10+ years of experience driving enterprise-wide PCI DSS v4.0.1 compliance, risk management, and cybersecurity initiatives to strengthen regulatory alignment and safeguard organisational assets within financial services, cloud, and nonprofit sectors. Known for delivering precision-driven security audits, third-party risk frameworks, and GRC strategies to mitigate exposure and enhance operational resilience.

•Leading security assessments and implementing effective compliance frameworks
•Developing robust governance frameworks and managing third-party risks
•Facilitating technical growth through mentoring, documentation, and knowledge sharing
•Driving innovation while maintaining operational excellence and security compliance

Career Focus

I seek to FOCUS on these areas throughout my professional career exploration in attaining expertise and skills to become an SME:

GRC SPECIALIST

PCI DSS EXPERT

STRATEGIC IT AUDITOR

THIRD-PARTY RISK MANAGEMENT

INCIDENT RESPONSE & DISASTER RECOVERY

Key Achievements

Security Leadership

Successfully led and implemented PCI DSS v4.0.1 assessment projects, managing compliance readiness, gap analysis, and remediation planning. Developed client-specific compliance roadmaps for risk management and sustained security maturity.

Technical Excellence

Instituted TPRM programme to strengthen supplier risk identification and mitigation strategies. Established KRIs and KPIs to boost visibility into third-party security performance and compliance trends.

Core Competencies

Governance, Risk & Compliance (GRC)

Risk Management Frameworks (ISO, NIST)
Regulatory Compliance (ISO 27001, CIS)
Third-Party Risk Management (TPRM)
Security Policies & Awareness
Business Continuity & Risk Treatment

PCI DSS Compliance & Audit

PCI DSS v4.0.1 Scope Definition & SAQs
Report on Compliance (ROC) Documentation
Audit Lifecycle Management
Gap Analysis & Remediation Tracking
PCI DSS Program Development

Cybersecurity & IT Audit

Information Security Assessments
Risk-Based Audit Planning
Internal Controls Evaluation
Vulnerability Management & Risk Analysis
Security Architecture Review

Professional Experience

Information Security Auditor/Consultant

Current

Eretmis Incorporated, New York, NY, USA (Remote) • 2021 - Present

•Led PCI DSS v4.0.1 assessment projects, managing compliance readiness, gap analysis, and remediation planning.
•Developed detailed PCI project plans, enhancing cross-functional alignment by mapping responsibilities, milestones, and deliverables to improve project visibility and on-time audit completions.
•Improved assessment boundary definitions through strategic segmentation advisory, reducing scope creep and audit complexities while enhancing overall network security.

Third-Party Risk & Compliance Manager

Tia Cloud Ltd., London, UK • 2018 - 2021

•Prioritised supplier reviews using a tiered risk model, resulting in a 30% increase in assessment efficiency.
•Instituted TPRM programme to strengthen supplier risk identification and mitigation strategies.
•Established KRIs and KPIs to boost visibility into third-party security performance and compliance trends.

Frequently Asked Questions

What is PCI DSS v4.0.1 compliance?

PCI DSS (Payment Card Industry Data Security Standard) version 4.0.1 is the latest standard for organizations that handle credit card information. Compliance involves implementing security controls to protect cardholder data, including network security, access control, regular monitoring, and maintaining security policies.

What does an Information Security Manager do?

An Information Security Manager oversees an organization's information security program, including developing security policies, implementing controls, managing risk, ensuring compliance with regulations, responding to security incidents, and leading security awareness initiatives.

What is Third-Party Risk Management (TPRM)?

Third-Party Risk Management is the process of identifying, assessing, and controlling risks presented by third-party vendors and service providers. It involves due diligence, ongoing monitoring, and establishing controls to mitigate risks associated with outsourcing and vendor relationships.

What certifications are important for Information Security Professionals?

Key certifications include CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), and specialized certifications like PCIP (Payment Card Industry Professional) for PCI DSS expertise.

PCI DSS Expertise

As a PCI DSS v4.0 Specialist, I've led numerous projects implementing and assessing compliance with the Payment Card Industry Data Security Standard across various industries. My expertise spans the entire compliance lifecycle from scoping and gap analysis to implementation and formal validation.

Compliance Validation

Extensive experience preparing Reports on Compliance (ROC) and Self-Assessment Questionnaires (SAQ) for organizations of various sizes. Expert in evidence collection, documentation, and QSA coordination for successful validation.

Scoping & Segmentation

Specialized in PCI DSS scoping optimization through effective network segmentation, data flow analysis, and zero trust principles. Proven track record of reducing compliance scope and costs while maintaining security.

Featured Projects

Enterprise PCI DSS Compliance Framework

Developed a comprehensive PCI DSS v4.0.1 compliance framework for a major financial services company, reducing audit scope by 40% through effective network segmentation.

Third-Party Risk Management Program

Designed and implemented a scalable TPRM program for a global healthcare organization, standardizing vendor risk assessment processes and improving compliance visibility.