Cyber Security Risk Management
At Nicolson Bray we know that protecting your firm from cyber security attack is an ongoing process. Business and technology risk needs to be continuously monitored and where necessary corrective actions taken. Your Board needs to be kept abreast of both the evolving cyber security threat and how vulnerable your firm is to that threat.
Large organisations have a Chief Information Security Officer (CISO) who is responsible for this ongoing risk management and who reports regularly to the Board to keep them abreast of cyber security issues. Importantly the CISO is independent of IT in order to give an impartial view of cyber risk within the IT estate.
Hedge funds and broker-dealers, many of whom rely on managed service IT providers, may not have the resource for a full time CISO. Equally Assets within the portfolio may require ongoing risk management. For these organisations Nicolson Bray has developed the Virtual CISO offering.
What we will be looking for is a ‘security culture’ in firms of all sizes – from the Board down to every employee.
- Nausicaa Delfas, Director of Specialist Supervision at the FCA
Meet your Virtual CISO
Initially your Virtual CISO will work closely with you to define a cyber security strategy and programme for your firm. Once in place they will manage the implementation of that programme and drive through delivery of cyber security improvements and risk reduction. At the same time they will proactively monitor real time threats to your organisation enabling your Board to make informed cyber security risk decisions.
In order to close some of the more common gaps found within small to medium sized financial firms, Nicolson Bray can also provide security awareness training and technical vulnerability management. And of course if the FCA or another regulator should make inquiries or wish to carry out an audit, your Virtual CISO will be able to respond appropriately and assist where necessary.
To take the first step in meeting your Virtual CISO get in touch today.