Case Studies

Company; Investment Management, Global footprint, c$650bn AUM
Reporting; to COO (EMEA) and Group CISO (US)

• Subsidiary company of 50,000 employee US Financial Services Group.
• Client had had an external cyber audit, and it highlighted several areas for concern including the need for a more senior Information Security appointment.
• The new role was moved out of the CTO directorate with a direct report (and accountability) to the COO and CRO. In addition, a dual reporting line was created through to Group CISO of the parent group in the U.S
• Following an extensive International search process, an experienced CISO was appointed from a global investor services background (last 5 years) with wider experience gained in MNC’s across Telecoms and FMCG sectors.

Company; c£20bn Real Estate and Infrastructure Asset owner (UK and Mainland Europe)
Reporting; to CTO (EMEA)

• Several cyber incidents across the year resulted in the need for an Interim CISO to be appointed immediately for 9-12mths in a caretaker and short-term assurance role.
• Reporting to the CTO, the interim set out a roadmap the organisations cyber strategy – the plan, budgets and resourcing the internal and internal team.
• In conjunction, a search was launched to identify the permanent solution. An individual was hired from an industrials/infrastructure background and was onboarded allowing for a transfer of knowledge with the interim.  

Company; Company; UK Research & Innovation campus with high performance computing requirements
Reporting; to CIO

• Reporting to the CIO, an Interim CISO was required to create an Information Security function and provide greater governance and assurance to the Board.
• An independent interim consultant was identified and appointed to deliver the strategic elements (3-6 month stint) whilst preparing for a BAU appointment.
• A permanent search was conducted alongside, and a successful appointment made from outside of the sector to fulfil the longer term role.

Company; Financial Services Client (Confidential)
Reporting; to CTO 

• Increasing regulatory pressure in the sector, coupled with zero to low maturity in relation to cyber security led to need for a first-time permanent appointment.
• Headcount of the organisation was less than 1,000 employees so needed an individual to deliver appropriately devised solutions.
• A swift search drew a shortlist of candidates from regulatory environments (principally financial and professional services).
• The client selected a highly capable individual in a no.2 role within a larger institution.

Company; UK University, 16,000 students, £350mn Income.
Reporting; to CIO 

• Security was embedded into service delivery and design and a new, stand alone role was created – reporting to the CIO and setting up an InfoSec department.
• Due to budgetary challenges, an interim was identified to help address “needs must” projects and create a roadmap of policies.
• Following a search process, a permanent InfoSec lead was appointed, someone stepping into their first leadership role but coming from a best practice, bigger team environment.
• Security was embedded into service delivery and design and a new, stand alone role was created – reporting to the CIO and as an independent InfoSec department.