The Asset Management Division of one of the Largest French Insurance Groups

Corix Partners (in collaboration with local associate firm ArsiaMons and its teams) assisted the incoming Head of Legal and Compliance in the assessment of the security maturity of the organisation

Working closely with all stakeholders across the firms and its parent organisation, we benchmarked existing security practices against industry standards, measured maturity and risk posture, and proposed ameliorative scenarios based on our findings. We analysed the strenghths and weaknesses of the pre-existing organisational arrangements and made recommendations on how to evolve the team structure to match the challenges the company was facing.

We were subsequently retained in an ongoing engagement to supervise the resulting programme of work and develop the leadership capabilities of the team.

A Leading Public Investment Authority in France

Corix Partners (in collaboration with local associate firm ArsiaMons and its teams) assisted the Head of Compliance and Internal Controls in the definition and implementation of a “second line of defence” control function focused on Information Security

Working closely with the IT and Compliance teams, we first performed an assessment of the IT security maturity of the firm. We led the definition and validation of a controls plan for the IT department, and its first application through a full annual controls cycle. We remained directly involved for over two years; we assisted the Compliance department in the structuring of its IT Controls function and the recruitment - and ongoing coaching - of a team leader.

One of the Largest Listed Leading Alternative Investment Firm and Global Hedge Fund

Corix Partners assisted the Group CIO in the full strategic restructuring of the Firm’s Information Security practice and the definition & delivery of a 3 years strategic transformation programme. We remained involved throughout the period at different levels, enabling the Head of Information Security to deliver operational and organisational stability in his area, in the context of growing cyber threats and a complex merger that drove very significant management and strategic changes.

At the request of the CIO and the COO Technology Group, we performed a top down assessment of the Group Information Security practice against published FSA Good Practices in that domain, and positioned the risk posture of the Firm against a number of key risk scenarios. We presented our results to senior management and were asked to define a 3 year strategic plan to transform the practice towards greater maturity.

We provided direct assistance in structuring the team and setting in motion a number of key technical initiatives. We remained involved for over 3 years in very close cooperation with the Group Head of Information Security, providing staff assistance in the field on key topics (including critical technical areas such as Identity & Access Management), supervising the overall delivery of the security transformation programme, making sure it stayed on track, and mentoring the Information Security team.

The Trading Division of a Major UK Retail Bank

Corix Partners assisted the division CIO in the restructuring of part of the Bank’s Information Security practice in a complex post-merger context.

Working for the CIO of the Wholesale Markets & Treasury Trading division and a senior member of his management team, we performed a review of the departmental Information Security organisation in a post-merger context, and examined strengths and weaknesses of the Information Security practice in terms of activities, staffing levels, culture, governance and integration within the Group. We proposed a number of key directions to improve Security operations at large across the division, assisted in the recruitment of new staff members, and were called back to define a new Target Operating Model and Organisational Structure for the Information Security departmental team.

A Global Leader in Commercial Real-Estate

Corix Partners (in collaboration with a leading US technology firm) assisted IT Management and advised the US partner firm, with the evaluation of the GDPR compliance implications, as part of a broader redefinition of the Client's Data Management Strategy and Roadmap.

A Fast Growing European Leader in Contract Logistics

Corix Partners (in collaboration with local associate firm ArsiaMons and its teams) assisted the CIO and his teams in the assessment of their GDPR readiness

Working closely with all stakeholders across the IT, Legal, HR and the business, we benchmarked existing privacy-related practices against the GDPR requirements, measured the capability and maturity posture of the firm around those aspects, and proposed ameliorative scenarios based on our findings. Those scenarios were then analysed further in terms of timeframes and costs, validated in collaboration with key stakeholders and finally offered to executive management as a number of options in the definition of their GDPR compliance roadmap.

A Major UK domestic Logistics Group and Historic Sector Leader

Corix Partners assisted the newly appointed Head of Information Security in restructuring her team and building a strategic framework and vision for her practice (including the definition of a Threats & Controls based Information Risk Management Methodology, and a model for embedding the Information Security practice in the broader Group Security & Privacy context)

Working for the newly appointed Head of Information Security, we examined the current Information Security strategy, purpose, organisation, projects & priorities. In a context of complex internal inter-actions, we proposed recommendations to develop a Group-wide Governance Model for Information Security and a revised mission statement & organisational backbone for the Information Security practice, together with short & mid-term strategic objectives.

We remained involved in the delivery of short-term organisational objectives and in defining a Threats & Controls based Information Risk Management Methodology. We provided direct ongoing staff assistance to the Head of Information Security in terms of Business Management, external recruitment of new staff, and the technical Security coaching of part of the team.

A Global Technology and Software Leader

A FTSE100 Global Software Firm

Corix Partners assisted both firms in the definition, validation and piloting of an Information Risk Management Model in response to senior stakeholders concerns at C-level.

Working closely with IT, Security, Risk, Privacy and Assurance teams, we defined a set of controls catalogs covering all key aspects of the organisation's information assets, and matched those to a pre-existing set of key threats.

We then assessed a selected set of key systems against those controls catalogs, measured the associated risk profile and reported results to senior management. We were subsequently retained in separate engagements to conduct similar assessments of major systems.

A Global Leader in Strategy and Management Advisory Services

Corix Partners assisted the firm in the evaluation of organisational and operating model options in relation to its internal cyber security and cyber risk practices.

One of the largest mutualist Health Insurance Group in France and leading national provider of care and support services

Corix Partners (in collaboration with local associate firm ArsiaMons and its teams) assisted the Group CIO and his teams in the analysis of the cyber security posture of two of the smallest subsidiaries of the Group, and the definition of an ameliorative roadmap for each.

Working from the basis of key recommendations from the French national cyber security agency, we reviewed the security posture of each entity through direct interviews with key stakeholders, presented results to senior management and defined a targeted action plan for each organisation.

We were retained to supervise the delivery of the action plan by one entity.

The UK division of a Global Healthcare Group

Corix Partners assisted the CISO and his team in the redefinition of an information security strategy for the UK business units.

We analysed pre-existing security assessments to build a cyber security risk posture for the business and worked with the CISO and his team to restructure activities underway and make them fit within a strategic framework. We also redefined the organisational model for the team and proposed a set of roles and responsibilities that would form the base of an operating model.

A FTSE 100 Global Leader in the Travel & Leisure Industry

Corix Partners assisted the newly appointed Head of IT General Controls, Security & Compliance in the definition and communication of a new Target Operating Model for his Information Security practice.

Working for the newly appointed Head of IT General Controls, Security & Compliance, we defined and validated a Target Operating Model for Information Security, including a detailed functional architecture for the function across the Group, and we assisted him and his team in communicating the new Target Operating Model to the Global team through the facilitation of a specific workshop.

A Global FTSE100 Leader in Packaging and Recycling

Corix Partners assisted the CISO and his team with the redefinition and alignment of its Governance, Risk and Compliance practice, working with other stakeholders across the firm, participating in the definition and delivery of related projects, and coaching team members.

The World Leader in Cosmetics

Corix Partners (in collaboration with local associate firm ArsiaMons and its teams) assisted the Group CIO and his teams in the optimization of the IT organization's GDPR alignment programme.

We first shadowed existing teams in their GDPR-related tasks and provided an independent assessment of the strengths and weaknesses of the GDPR compliance programme. We then assisted the IT leadership team in an ongoing manner with the day to day supervision of the programme, ensuring that all tasks stay on track, assisting in upwards, downwards and sideways communication efforts, and making sure key deadlines are met.