Chris Hows is a seasoned Principal Security & GRC Consultant with over 15 years of experience across financial services, security consulting, and regulatory compliance. Known for his hands-on approach and problem-solving skills, Chris has consistently delivered high-quality outcomes throughout a diverse career. His journey has spanned roles from frontline banking support to executive-level positions, equipping him with a deep understanding of security, risk management, and compliance in highly regulated sectors.

Currently, Chris serves as a Principal Security Consultant at Mercury Information Security Services. In this role, he leverages his extensive background to help organisations strengthen their security frameworks, with a particular focus on threat-informed control selection and governance, risk, and compliance (GRC). Chris’s strategic insights are grounded in years of experience in both client-facing and internal security roles, where he has developed robust frameworks to manage and mitigate risk.

A certified Information Systems Auditor (CISA) and Information Security Manager (CISM) through ISACA, Chris brings recognised expertise in both auditing and managing security processes to align with global standards. His qualifications provide a solid foundation for his approach to security control selection, as he seamlessly integrates technical knowledge with risk-based strategies. Recently, Chris expanded his credentials to become an accredited IRAP Assessor, enabling him to conduct rigorous security assessments for government and critical infrastructure environments, which require the highest standards of security and compliance.

Prior to his current role, Chris spent over a decade with BT Financial Group in various positions, including Executive Manager of Risk and Compliance and Senior Risk and Compliance Manager. During this time, he was instrumental in enhancing risk and compliance frameworks across multiple business units, particularly within customer operations and business platforms. His work in these roles not only fortified BT’s security posture but also provided him with a nuanced understanding of financial services regulations and compliance requirements, invaluable experience that he continues to apply in his consultancy.

In addition to his technical roles, Chris’s experience includes service in the Australian Defence Force, where he was a member of the Corps of Signals. This experience instilled in him a strong foundation in operational discipline, teamwork, and leadership, qualities that continue to inform his approach to security today. With a unique blend of technical expertise, regulatory insight, and leadership experience, Chris Hows stands out as a well-rounded security consultant dedicated to building resilient, threat-informed security frameworks for his clients.