Security Operating Model - Large Retail Bank

Security Operating Model - Large Retail Bank

information technology  database

Our client, a major UK bank, was part way through a three year £120 million cyber security enhancement programme.  The programme had a high amount of executive focus who were expecting to see concrete risk reduction results.

The programme roadmap had been derived from a control gap analysis and was mainly focused on the delivery of new technical controls such as Data Leakage Prevention and Encryption Technologies.  Budget had been allocated for Operating Model enhancement and Deloitte, as a trusted brand, had been chosen to develop the operating model.

Deloitte were not to be chosen as a delivery partner for implementation, and there was concern that as a result the Operating Model would become shelf-ware. This would have resulted in a large deficit of risk reduction as without the people and process elements the full potential of the three year technical investment would fail to be realised.

A solution was sought to tie together Operating Model definition and implementation, and ensure it was correctly implemented.

Our solution


Op-Model Definition

Working in partnership with Deloitte, who delivered the core operating model, our consultant focused on process optimisation accross the 400 strong global team. Our attention to detail and focused approach ensured we built trust accross all the senior stakeholders within the organisation.


Resource modelling

In order to facilitate the implementation of new technical security controls additional resource was clearly needed to run and operate those controls. In conjuction with Director level stakeholders, we carried out a resource modeling exercise, advising on when to outsource and where and how to build out in-house teams.


Op-model sign off

To secure a smooth implementation phase, it was critical to achieve sign off of core accoutnabilites and responsibilites accross five Directorates. These we hammered out in one to one meetings with the five Directors, and then signed off in 2 three hour workshops. Full sign off was achieved within the project deadline.


Accountabilites formalised

A three pronged approach was used to drive implementation. Firstly signed off accountabilities and responsibilities were written into employee balanced scorecards from Director level down. As anuual performance reviews were driven through the scorecards this ensured that personal and organsisational goals were fully aligned.


Transparency and competition

A capability maturity model was defined for the high level processes within the operating model. Regular assessments scheduled for each Directorate, the output from which was shared with executive level stakeholders on a quarterly basis. This drove buy-in and implementation through transparency and competition.


Cyber programme integration

To ensure each Directorate was given the technical capabiltiy to deliver thier new accountabilities, detailed requirements were fed into individual projects within the cyber improvement programme. In addition new headcount requirements were taken to the Operating Board for sign-off, and the hiring process project managed.


Over a 12 month engagement the following benefits were delivered:

A Global Cyber Security Operating Model made up of 142 distinct services was defined and delivered, including a 104 person headcount increase and a set of high level processes.

Close collaboration and integration with the cyber security enhancement programme ensured that the people and process elements of cyber security transformation were delivered.

Through the use of a cyber capability maturity model, rating each service from level 0 non-existent to 5 excellent, the following crucial enhancements were measured:

  • 37 entirely new service capabilities established
  • 93 services improved by 1 or more maturity levels
  • 57 services improved by 2 or more maturity levels
  • All services brought up to at least level 2 maturity

At the close of the engagement ownership of the Cyber Security Operating Model was handed over to the Group CISO function for ongoing monitoring and reporting.