The client
A UK authorised and registered wholesale bank, offering a range of banking products and services in corporate and correspondent banking.
The work
Capture, document and agree the Bank’s strategy related to Cyber Risk, aligned with the bank’s products, services and business units.
How we helped
We worked with the Head of Operations and Head of IT, with additional input from the CEO, to establish the bank’s objectives, goals and risk appetite in relation to information and cyber risk.
We started with developing their ability to identify emerging risks and respond to the evolving threat landscape.
A framework was defined across a number of domains, comprising:
- Governance
- Steering committee
- Roles and responsibilities
- Policies
- Reporting
- Risk Management
- Controls Management
- Key Risk Indicators (KRIs)
- Legal, Regulatory and Standards Compliance
- Security testing of infrastructure and applications
- Third Party Management
- Incident Response
- Business Continuity
The framework was supported by a detailed but pragmatic delivery roadmap. Which was presented to the Executive and Board for approval.
Value added
By working closely with management to understand the business and technology goals in detail we were able to provide a focussed and pragmatic strategy with an achievable and progressive roadmap which builds capability and maturity over time in a transparent and measurable way. Each milestone enabling a step up in maturity