CASE STUDY
How do you foster and maintain a strong security culture within your organisation ?
Brewin Dolphin has a comprehensive awareness strategy which combines compulsory e-learning , targeted learning for specific teams , external speakers – for example , City of London Police – and regular news updates on internal communication platforms .
Talking about security is also key – if we are talking about it , it ’ s at the forefront of our consciousness and that is always a good thing ! Finally , tone from the top is key to any cultural success – if the boss is talking about it then all levels of the business will take note .
Financial services is a highly regulated industry – How do you manage compliance and adherence with regulations ?
One of the challenges is the fact that we are governed by both financial and data regulations , and these can sometimes appear to be competing with each other . that may pertain to the business and talk about the day ahead . It is an excellent opportunity for the different teams to share relevant business updates . It ’ s also an opportunity to check on morale which is important in lieu of any traditional office contact .
Throughout the day , I will likely attend several project board meetings relating to general business change .
I will also meet with key senior stakeholders around the business to understand what their priorities are and identify how security / privacy must be incorporated into those plans .
I am a member of a number of external peer groups who meet regularly during the working day to discuss security and privacy challenges . Group members hail from a variety of different industries and as such , are an invaluable resource .
We discuss common challenges and share best practice methodologies . In addition , we have the opportunity to hear valuable presentations from both regulators and security services . Committee meetings are also a significant part of my day .
I work closely with the teams responsible for the financial regulation to provide guidance on data regulations to ensure that both regulatory pathways are working in parallel for the benefit of the business .
What are your priorities when planning your security strategy for the year ahead ?
First and foremost , we must all understand the strategic aims of the firm . We must also consider any regulatory changes and be prepared to adhere to them when they come into force .
We will take a look at any present-day threats and those that are on the horizon , to identify gaps in systems or awareness . Finally , we must consider any risks that have been identified within the business and determine if there are solutions or processes that can be implemented which will mitigate or remove them .
Can you describe a typical day for you in the role of Head of Information Security and Data Privacy ?
Generally , I will meet with my team first thing in a morning . This meeting is as much a well-being conversation as it is a daily agenda , particularly since the increase in remote working due to the pandemic . We discuss any relevant security / privacy news items
Outside of work , I hold the position of Chair of Governors at a Westminster primary school . I have been a school governor for over three years now and find it very rewarding . It provides me with development opportunities and I would recommend it to anyone as a great way of giving some time back to the community .
On the weekends , I enjoy time with my family , dog walking and rebuilding my 1967 Series 2A Land Rover . It ’ s safe to say that I ’ m a Green Oval addict ! p
WHILE THE COVID-19 PANDEMIC HAS PRESENTED
SOME CHALLENGES TO BREWIN DOLPHIN ,
FORTUNATELY , THE FIRM HAD BEEN THROUGH A COMPLETE END-USER
TECHNOLOGY REFRESH PRIOR TO 2020 .
www . intelligentcio . com INTELLIGENTCIO EUROPE 65