Security Operating Model - Large Retail Bank

Working in partnership with Deloitte, who delivered the core operating model, our consultant focused on process optimisation accross the 400 strong global team. Our attention to detail and focused approach ensured we built trust accross all the senior stakeholders within the organisation.

In order to facilitate the implementation of new technical security controls additional resource was clearly needed to run and operate those controls. In conjuction with Director level stakeholders, we carried out a resource modeling exercise, advising on when to outsource and where and how to build out in-house teams.

To secure a smooth implementation phase, it was critical to achieve sign off of core accoutnabilites and responsibilites accross five Directorates. These we hammered out in one to one meetings with the five Directors, and then signed off in 2 three hour workshops. Full sign off was achieved within the project deadline.

A three pronged approach was used to drive implementation. Firstly signed off accountabilities and responsibilities were written into employee balanced scorecards from Director level down. As anuual performance reviews were driven through the scorecards this ensured that personal and organsisational goals were fully aligned.

A capability maturity model was defined for the high level processes within the operating model. Regular assessments scheduled for each Directorate, the output from which was shared with executive level stakeholders on a quarterly basis. This drove buy-in and implementation through transparency and competition.

To ensure each Directorate was given the technical capabiltiy to deliver thier new accountabilities, detailed requirements were fed into individual projects within the cyber improvement programme. In addition new headcount requirements were taken to the Operating Board for sign-off, and the hiring process project managed.