David Levitt@yahoo.com

Royal Borough of Kensington and Chelsea 11/03/2025 - 04/15/2025

IT Risk Manager

IT Risk Manager for RBKC, supporting its responsibilities in providing enabling support, housing, and other services to the community. Successes include implementation of a complete risk management framework for the Technology division in a green field environment. Designed the risk register and related charts which were later used to configure our cloud risk tool. Created risk metrics reporting and led the monthly IT leadership review meetings for assistant directors & director with analysis and insights to guide risk reduction activities. Embedded a culture of risk management aligned with organizational goals. This included capturing non-technical risks within IT which could impact mission objectives. Planned and initiated new tool migration across all 7 council directorates. • Designed the Excel-based risk dashboard and PowerPoint report used across 20 departments within IT • Wrote business case to secure funding for IT risk tool acquisition • Created supporting documentation and executed rollout activities • Implemented a comprehensive IT risk management framework, adding over 100 new risks in the first 6 months • Participated in the organizational DR/BCP readiness committee • Developed risk introduction training resulting in a ~30% improvement in initial risk definition

Computacenter, Plc. 09/01/2022 - 12/22/2025

IT Risk Analyst

IT Risk Analyst for a global U.K. IT services provider with a presence in EMEA, North America and Asia, coordinating risk capture and analysis for key internal systems to protect the company. This included driving risk identification and assessing impact and likelihood. Initiated risks and tracked control test results in SureCloud. Liaised with the threat team and vulnerability management team for additional risk insights. Other activities included documentation reviews, collaborating in team quarterly planning for the risk team strategy roadmap and milestones. • Coordinated risk capture and analysis for 4 key internal departments • Improved business stakeholder relations resulting in increased new risk identification • Managed risk identification, assessment, control selection and identified risk insights • Executed team documentation reviews, planned strategy roadmap and calendar milestones 

Unipart Group, Ltd. 07/01/2021 - 08/31/2022

IT Risk Analyst for a large global logistics company with disparate businesses across various continents, added improvements and rigor to the current framework. Drove regular risk meetings for each technology and business owner. Tracked, guided and reported on risk reduction activities. Proactively pursued risks by expanding meeting audience to include relevant non-IT external department stakeholders. Updated parent/child risk associations and added focus to non-technical gaps in strategy, people, process, and policy. • Created new ISO27001 risk register implementation for ISMS supporting ISO27001 certification path • Increased technology risk identification for 4 multi-million GBP businesses by 10% • Added new metrics and insight to CISO monthly report, improved monthly reporting to board • Completed a full re-assessment of all security risks for CIA impact rating and threat/condition details • Evangelized risk identification and collection within and beyond IT to protect the business and services

Forth Ports, Ltd. 10/01/2019 - 06/30/2025

IT Security & Disaster Recovery Analyst

IT Security and Disaster Recovery Analyst for one of the largest multi-modal ports in the UK. Responsibilities and achievements included new risk register implementation, DR plan framework refresh for 2 primary and 4 secondary locations in England and Scotland, IT policies review, JML process update and User security training campaigns. • Designed and implemented risk management framework where none existed • Reduced phishing failures by 30% via IT security awareness training • AD file share permissions review and clean up • Contributed to third party assessment template