Click on any of the photographs of our Team members to learn more about them, their skills and experience.
Conor FlynnManaging Director
Sinéad McDonaldHead of Compliance & Regulatory Affairs
Martin KerriganHead of Risk & Assurance Services
Julian SmithData Protection Specialist
Tom GilliganSenior Data Protection Specialist
Stephen BreenSenior Information Security Consultant
David HickeySenior Data Protection Specialist
Mandy NicollCloud Systems Security Specialist
David CrawleySenior Information Security Consultant
Alec DolanSenior Consultant
Vivienne MeeForensics and eDiscovery Specialist
John MooneySales Director
Conor Flynn founded ISAS in 2011, after nearly 20 years in the InfoSec consulting field, and has grown it to be one of the leading Independent InfoSec and Data Protection consultancies in Ireland. At a time that many organisations are undertaking transformation projects, and sometimes radical ones, the requirement for Cyber and Data Governance oversight has never been higher. Conor has developed a team that are known to work with, and enable business, to deliver strategic objectives and not be seen as “blockers”. Conor’s deep technical knowledge from an IT perspective, but specifically from an InfoSec technology perspective is considered unique among senior consultants. Examples of this include PKI design and the oversight of an ePassport solution, architecture and design of many on-premise and Cloud based security infrastructures, design of collaboration and mobility oriented working environments with security as the enabler and handling incident response when things do go wrong.
Sinéad is Head of Compliance & Regulatory Affairs at ISAS. Sinéad has over 16 years’ experience working in a large global financial services company in a variety of compliance, regulatory and client facing roles. Sinéad is a qualified solicitor and holds a BA (Hons) and a LLB (Hons) from National University of Ireland (UCG). Sinéad also holds Diplomas in Data Protection Law, Commercial Law, Applied Finance Law and Company Direction from the Kings Inn, Law Society of Ireland, University College Dublin and the Institute of Directors respectively. Sinéad is a Member of IAPP, the Association of Compliance Officers of Ireland, the Association of Data Protection Officers and the Institute of Directors. Sinéad currently acts as Data Protection Officer for a number of organisations in both private and public sectors, in areas such as FinTech and social media sectors.
Martin is a highly experienced information security and data protection adviser, capable of working at practitioner level or board level with a wide range of organisations from fast growing start-ups to large multinationals, Government departments and Public Sector Bodies. Martin holds Bachelors and Masters degrees in Engineering and an MSc in Digital Investigations (First class honours). He holds CISA and CISSP certifications, is a Certified Data Protection Practitioner and holds the Certificate in Data Protection Practice from the Law Society of Ireland. Martin can understand and articulate both technology and business issues, resulting in his pragmatic approach to advising clients.
Julian joined ISAS as a Data Protection Specialist in early 2018, just before the GDPR came into force. He is both a Certified Data Protection Practitioner and a European Certified Data Protection Officer from the Irish Computer Society. His data protection work for ISAS includes a number of "Data Protection Officer as a Service" roles for international companies with other assignments involving the development of Records of Processing Activities, Data Processing Agreements, Joint Controller Arrangements, Data Sharing Agreements, Transparency Statements/Privacy Notices, procedures for addressing Data Subjects Rights' Requests and handling Data Breaches as well as training client staff on site. Previously, he had responsibility for ICT systems in Bord Bia/Irish Food Board and Córas Tráchtála/Irish Export Board.
Tom Gilligan provides a range of compliance consultancy services. These services include data protection, GDPR transition, privacy, data governance, information security, business resilience and Pensions Act compliance. Tom chairs the Registered Administration Working Group of the Irish Association of Pension Funds (IAPF). Tom was a Principal at Mercer Ireland, where he was the Data Protection Officer. Tom was responsible for data protection compliance, Pensions Act compliance, information security and business resiliency management for Mercer Ireland. Previously, Tom held positions within Mercer as Operations Manager, Financial Controller and Financial Project Manager. Tom is a Fellow of the Institute of Chartered Accountants in Ireland, holds a Bachelor of Commerce Degree from NUI Galway and a Professional Certificate in Data Protection from UCD (Institute of Bankers). Specialties: data protection, information security, Pensions Act compliance, risk management, compliance, business resiliency, crisis management, project management, change management, system implementation, operations management, shared services, accountancy.
Stephen has more than twenty years’ experience in ICT, 18 of which have been focused on Information Security from both technical and non-technical perspectives. Throughout his career, Stephen has gained experience in various business sectors such as government, financial, telecommunications, gaming, retail, automobile and aircraft leasing. Over the past 10-15 years, Stephen has managed and provided technical leadership to security teams with varying skillsets. These teams included application and infrastructure security, data security, and security operations. Stephen also has extensive experience providing leadership and management to teams with responsibility for information security governance, specifically third party assurance, regulatory engagement, and external audit & compliance engagement.
David is a highly experienced information technology and data protection consultant with over 35 years experience - working strategically at Board level as well as hands-on as a practitioner. He has worked with technology companies, commercial organisations as well as Public Sector Bodies and Government departments. David has worked in the USA, the Netherlands as well as in Ireland. David holds an Honours Degree in Engineering, a Certificate in Corporate Governance from the Institute of Directors, is a Certified Data Protection Practitioner and holds the Certificate in Data Protection Practice from the Law Society of Ireland. David can translate between business needs and technology solutions, which has helped position him a trusted advisor to many varied clients over the years.
Mandy joined ISAS in 2017 as a Cloud Information Security Specialist. She works in both private and public sectors to help clients maximise the security posture of SaaS platforms such as Microsoft Office 365 and Google G Suite. Mandy assists organisations to identify the risk-appropriate security controls and capabilities of their chosen cloud service and through the application and configuration of their built-in security and compliance features helps improve security and return on investment. She has taken part in Security Incident Investigations that involves business email security compromise and in the compliance reviews of companies seeking ISO 27001 accreditation. Mandy has third level qualifications in IT from Aberdeen College of Commerce and Dublin Institute of Technology. Previously Mandy worked in Software Quality Assurance and Technical Administration for a variety of multinationals and small businesses in the IT, Utilities and Oil & Gas sectors.
A commercially and results focused Information Security consultant with over twenty years experience over such diverse sectors as banking, pharmaceutical, shipping, ICT, insurance and the public sector. David originally qualified as an accountant and brings a risk management perspective to his information security assignments. He is certified in Risk and Information Systems Control (CRISC) and is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM) as well as in a number of proprietary technologies such as Microsoft and Check Point. His experience has ranged from data governance, information security frameworks and compliance, through security design for new systems to business continuity/disaster recovery. He has also been involved in remediation of personal data protection issues identified by the Data Protection Commission for a multinational.
Alec is an experienced practitioner in all aspects of data (or information) governance. He has provided assurance on the quality of projects in the private and public sectors, developed data and records management strategies and lectures on "Big Data" for the Analytics Institute. Alec had been the Chief Information Officer in the Department of Justice and Equality and while there had been involved in ICT (introducing Managed Service Providers and providing Shared Services to other public service bodies), Data Protection (established a specialist function and laid the ground work for GDPR compliance) and Procurement (establishing Frameworks available to entire public service) amongst other responsibilities in his time there.
Dr. Vivienne Mee of VMGroup has been a long-term member of the ISAS team. Vivienne and her team of forensic specialists have worked with ISAS in the investigation of many Data Protection, Cyber Security related breaches and the subsequent recommendations on preventing reoccurrence. Vivienne has over 17 years’ experience, being the highest qualified expert in the field recognised globally. Operating globally, Vivienne and her team offer the highest calibre of forensic advisory and support services to ISAS clients. Vivienne has successfully completed cases for all types of clients, from multinational financial companies, large public bodies, government departments, small businesses, to private individuals. Some of these cases have been pivotal in the direction of Discovery Law in Ireland and United Kingdom. Vivienne co-authored the Good Practice Guide to Electronic Discovery in Ireland – April 2013 and is actively involved with many of the research and developments in Discovery in Ireland which changed the approach and delivery of electronic discovery engagements to Irish courts of law. Vivienne has been pivotal in acting as the digital forensic expert and acted as expert witness for many financial institutions and government departments, providing forensic investigation services when required.
John is an experienced business professional with over 35 years in Information Security. He is well-practiced as a relationship builder with a successful track record of direct touch and channel sales management. Experience gained through Account Management, Sales & Marketing Management, Support Management and Sales in, Hardware, Software, Services and Cloud Solutions. He has a broad and in-depth knowledge of the global IT security market and solution offerings. Specialties: Information Security, Data Protection and Governance, Data Encryption, Sales Processes, Sales Management, IT Start-ups, Business Development, Channel Management, Mentoring & Leadership, Effective PR Spokesperson, Channel & Client Relationship Management, Cloud Environments, Networking and Data Leakage, Firewalls, Wireless Connectivity, SCRM. Network Security, IPAM, GDPR, NIS Directive, NIST, Cloud Security.