A Chief Information Security Officer (CISO) plays a vital role in ensuring an organisation can manage its cyber security risks. They ensure organisation-wide visibility and focus on cyber security, provide strategic direction for cyber security programs and motivate and empower operational teams.
It is common knowledge that there is a skills gap in the cyber security market. Unfortunately, that skills gap is widest in the role that matters most – the CISO. Many companies find it extremely difficult to find and attract security executives with real experience in articulating cyber risk to senior stakeholders, and who can set a strategic direction and manage operations.
Our client for this engagement is a high profile Australian brand which gathers and holds very sensitive data on Australian consumers. The client unexpectedly lost their CISO to another organisation.
A Principal from elevenM took on the CISO role and supported the evolution of the client’s cyber strategy to align it with recent changes within the business. The Principal also supported the delivery of that strategy while maintaining day-to-day operational imperatives.
This support allowed the client to continue to deliver business outcomes while conducting a search for their next CISO.
Our Principal carried out the following activities:
- Engaged senior business and non-executive stakeholders to articulate the company’s threat and cyber risk profile.
- Developed a cyber security strategy specific to the company
- Built out a security operating model based upon the strategy
- Set the strategy and operational objectives with the technology teams
- Presented as to progress and pain-points to the non-executive forums
- Managed budget negotiations with senior stakeholders
- Monitored and reported on key metrics