Stephen Randles

Alvermere is led by Stephen Randles, who spent his career as a Group Chief Information Security Officer — most recently with global responsibility for a $350 million software business, accountable to the board for security, data and regulatory risk across its operations in the UK, United States and Europe.

Over more than a decade in security, six of them at its most senior level, he has built security and compliance functions from nothing, taken organisations through certification, stood up security and AI governance at board level, and carried security through acquisitions and regulatory scrutiny. He has reported to boards rather than merely briefed them — turning technical exposure into the decisions directors actually have to make.

He has also led an organisation through a data breach with the potential to make the front pages and end the business, and steered it to a quiet resolution. The measure of that work is that it never became a story you read. Composure of that kind is not a line on a CV; it is what a board is really buying.

His regulatory experience is hands-on, not theoretical. He has designed and run programmes against ISO 27001 and ISO 42001, PCI DSS, SOC 2, HIPAA, GDPR and Cyber Essentials Plus for organisations across the UK, US and Europe. He advises with equal currency on the newer regulatory frontier — NIS2, DORA, and the widening patchwork of US state privacy law and the federal direction of travel — precisely where most boards now find themselves least prepared.

His deepest experience is in regulated software businesses, including complex global structures, and in healthcare, financial services and education.

He holds the CISSP, is an ISO 27001 Lead Implementer and a GDPR Practitioner, and serves on the board of the Writhlington Trust, a UK health and wellbeing charity. His full background is on LinkedIn.