Intelligent CIO Europe Issue 44 | Page 64

CASE STUDY

cCan you explain your role at refresh

Brewin Dolphin and the scope of your responsibility ?
As Head of Privacy and Information Security , my primary role is to ensure the security of both our client and company data . I work closely with the Head of IT Security to identify potential and real threats to the firm and mitigate these where possible My team creates the core security policies and ensures that they are effective and relevant to the firm . They also provide governance , guidance and incident support when required .
How important is the protection of client data to your organisation and what security procedures do you have in place to ensure / monitor this ?
The protection of client data is critical to Brewin Dolphin . Our clients trust us with their financial well-being and core to that is the protection of their personal data . We have robust technical and physical solutions in place to provide data security and while we are confident in these systems and processes , we are regularly testing them and improving them where necessary .
How do you manage the security of a workforce which is split across different locations ?
While the COVID-19 pandemic has presented some challenges to Brewin Dolphin , fortunately , the firm had been through a complete end-user technology prior to 2020 . During that project , every enduser was issued with their own laptop , enabling them to securely connect to the firm ’ s network .
We have a two-pronged approach to security whereby we are able to push vulnerability updates to enduser devices , which works hand-in-hand with our awareness programme for all staff .
Can you share insight into the typical threats facing an organisation in your industry ?
The threat of ransomware presents our biggest challenge , but as with many organisations , insider threat also has the potential to disrupt the business . A growing challenge is our relationship with our thirdparties , most of whom are not regulated in the same way we are .
What approach do you take to communicating risk and security strategies to the wider C-suite and board ?
The firm has various committees , forums and groups which provide a necessary framework for communication . It is always important when communicating with these groups to have some understanding of other risks which the business is facing . It ’ s helpful to understand the language used by other areas of risk and frame the cyber / privacy risks in the same way .
64 INTELLIGENTCIO EUROPE www . intelligentcio . com