Xcina Case Study

Virtual Chief Information Security Officer (vCISO) for UK Wholesale Sharia Bank

The client

UK-based wholesale Sharia’a Bank

The work

Our Client engaged us to assess their Information Security controls framework and drive the changes necessary to align them to ISO27001 industry standards. The role involved providing Information Security leadership, working with the Head of IT and the COO to position Information Security as a critical area for focus with the executive leadership team and the board of directors. The main aim was to raise the profile of Information Security and ensure ongoing support of the Client’s initiative to improve Information Security controls.

How we helped

The first step was to ensure that the executive team of the bank gained a thorough and realistic appreciation of the nature and ramifications of the threats to the security of their data and business operations, as well as, the need to act to ensure an appropriate and demonstrable response. We undertook a comprehensive review of Information Security controls across the bank. This resulted in a detailed gap analysis and remediation plan to mitigate control gaps and align policies and working practices to ISO27001. At the request of the Head of IT we led the communication of the findings and recommendations to the executive and secured their sponsorship to execute the remediation plan in full. Under the supervision of our virtual CISO a new Information Security Manager (ISM) was recruited. We worked collaboratively with the ISM to define, implement and communicate new policies and procedures. Our virtual CISO provided guidance and mentoring to the ISM until the role gained credibility and was adequately established within the bank’s governance framework.

Value added

From a position of low visibility, Information Security risk and control awareness was raised to board level and became a standing agenda item for the Executive Management Committee. An ISO27001-aligned policy set was implemented with a new role of Information Security Manager created to own and maintain Information Security risk management. The result was a step change in Information Security management capability at the bank.

Industry and sector:

Financial Services

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>