Fintech Service Provider requires Interim CISO
Industry: Fintech
Location: Toronto, Ontario, Canada
Size: 10,000 employees
Reason: CISO departure - Interim CISO while firm searches for new full time CISO
Effort: 6 months - 3 days/week
The Story:
The Canadian arm of a large global Financial Services company, this company is a global payments and lending technology provider serving nearly 8,000 financial institutions, specialty lenders, community banks, credit unions, governments and corporations. After several successful mergers and acquisitions, their tenured CISO had decided to move on to newer challenges. The company knew that hiring a new full time CISO would take time, and that several Cyber Security projects were in various stages of development and would need guidance and management in the interim.
In partnership with a large Canadian Channel Partner, TeamCISO accepted the Interim CISO challenge, and spent 6 months managing the company's existing Cyber Security program until the newly onboarded CISO was ready to take over.
The First 30 days:
Our Interim CISO was placed onsite immediately for three days a week, to do a transfer of knowlege from the current outgoing CISO. A list of all current projects, along with team introductions, and documentation was provided. A solid weeks worth of Interviews with relevent subject matter experts, and we were immersed. Network Diagrams, policy framework, project schedules, sharepoint and Teams access... Ramp up was a success.
The two most significant projects at the time were a CyberArk and Sailpoint Privileged Access Management/Governance implementation, and an assessment and review of the current VPN groups and profiles.
The Next 60 days:
Once our Interim CISO was comfortable with the various projects in fly, and had developed working relationships with the various team members, both executive and operational, we could take a stronger role in leading the development of both projects. Fortunately, our Advisor had significant experience and contact working with the chosen solutions. They were able to work directly with the vendors and architects to ensure that implementation was appropriate for the client's infrastructure and population. Our Channel Partner also had technical resurces available to provide feet-on-the-ground implementation.
A regular cadence was put in place to review and provide guidance on the various Cyber Security programs
Beyond the 90 days:
Although each project lasted longer than the six months we were onboard, we had overseen the successful infrastructure implementation of both Cyberark and Sailpoint, along with the integration of several Active Directories and SaaS tools.
A new hire was onboarded around the five month mark, and we stayed onboard for another few weeks to help smooth out his integration.
After almost 6 months of effort, we successfully handed the Cyber Security reins over to the new full time CISO.
Benefit to Client:
Previous Case Studies in this Series:
Case Study #1 - Cellular Communications Provider in Merger & Acquisition
Case Study #3 - Software Startup requires Governance on a Budget
Case Study #4 - Wealth Management Company with Poor MSSP Contract
Case Study #5 -Small Family Law Firm concerned about Privacy Breaches