Financial ServicesRead More
The Asset Management Division of one of the Largest French Insurance Groups
Corix Partners (in collaboration with a local associate firm and its teams) assisted the incoming Head of Legal and Compliance in the assessment of the security maturity of the organisation
Working closely with all stakeholders across the firms and its parent organisation, we benchmarked existing security practices against industry standards, measured maturity and risk posture, and proposed ameliorative scenarios based on our findings. We analysed the strenghths and weaknesses of the pre-existing organisational arrangements and made recommendations on how to evolve the team structure to match the challenges the company was facing.
We were subsequently retained in an ongoing engagement to supervise the resulting programme of work and develop the leadership capabilities of the team.
A Leading Public Investment Authority in France
Corix Partners (in collaboration with a local associate firm and its teams) assisted the Head of Compliance and Internal Controls in the definition and implementation of a “second line of defence” control function focused on Information Security
Working closely with the IT and Compliance teams, we first performed an assessment of the IT security maturity of the firm. We led the definition and validation of a controls plan for the IT department, and its first application through a full annual controls cycle. We remained directly involved for over two years; we assisted the Compliance department in the structuring of its IT Controls function and the recruitment – and ongoing coaching – of a team leader.
One of the Largest Listed Leading Alternative Investment Firm and Global Hedge Fund
Corix Partners assisted the Group CIO in the full strategic restructuring of the Firm’s Information Security practice and the definition & delivery of a 3 years strategic transformation programme. We remained involved throughout the period at different levels, enabling the Head of Information Security to deliver operational and organisational stability in his area, in the context of growing cyber threats and a complex merger that drove very significant management and strategic changes.
At the request of the CIO and the COO Technology Group, we performed a top down assessment of the Group Information Security practice against published FSA Good Practices in that domain, and positioned the risk posture of the Firm against a number of key risk scenarios. We presented our results to senior management and were asked to define a 3 year strategic plan to transform the practice towards greater maturity.
We provided direct assistance in structuring the team and setting in motion a number of key technical initiatives. We remained involved for over 3 years in very close cooperation with the Group Head of Information Security, providing staff assistance in the field on key topics (including critical technical areas such as Identity & Access Management), supervising the overall delivery of the security transformation programme, making sure it stayed on track, and mentoring the Information Security team.
The Trading Division of a Major UK Retail Bank
Corix Partners assisted the division CIO in the restructuring of part of the Bank’s Information Security practice in a complex post-merger context.
Working for the CIO of the Wholesale Markets & Treasury Trading division and a senior member of his management team, we performed a review of the departmental Information Security organisation in a post-merger context, and examined strengths and weaknesses of the Information Security practice in terms of activities, staffing levels, culture, governance and integration within the Group. We proposed a number of key directions to improve Security operations at large across the division, assisted in the recruitment of new staff members, and were called back to define a new Target Operating Model and Organisational Structure for the Information Security departmental team.
A Fast Growing European Leader in Contract Logistics
Corix Partners (in collaboration with a local associate firm) assisted the CIO and his teams in the assessment of their GDPR readiness
Working closely with all stakeholders across the IT, Legal, HR and the business, we benchmarked existing privacy-related practices against the GDPR requirements, measured the capability and maturity posture of the firm around those aspects, and proposed ameliorative scenarios based on our findings. Those scenarios were then analysed further in terms of timeframes and costs, validated in collaboration with key stakeholders and finally offered to executive management as a number of options in the definition of their GDPR compliance roadmap.
A Major UK domestic Logistics Group and Historic Sector Leader
Corix Partners assisted the newly appointed Head of Information Security in restructuring her team and building a strategic framework and vision for her practice (including the definition of a Threats & Controls based Information Risk Management Methodology, and a model for embedding the Information Security practice in the broader Group Security & Privacy context)
Working for the newly appointed Head of Information Security, we examined the current Information Security strategy, purpose, organisation, projects & priorities. In a context of complex internal inter-actions, we proposed recommendations to develop a Group-wide Governance Model for Information Security and a revised mission statement & organisational backbone for the Information Security practice, together with short & mid-term strategic objectives.
We remained involved in the delivery of short-term organisational objectives and in defining a Threats & Controls based Information Risk Management Methodology. We provided direct ongoing staff assistance to the Head of Information Security in terms of Business Management, external recruitment of new staff, and the technical Security coaching of part of the team.
A FTSE100 Global Software Firm
Corix Partners assisted the firm in the definition, validation and piloting of an Information Risk Management Model in response to senior stakeholders concerns at C-level.
Working closely with IT, Risk and Assurance teams, we defined a set of controls catalogs covering all key aspects of the organisation’s information assets, and matched those to a pre-existing set of key threats. We assessed a selected set of 10 systems against those controls catalogs, measured the associated risk profile and reported results to senior management.
We were subsequently retained in a separate engagement to conduct a similar assessment of 10 major systems, focused on the key GDPR-related assets of the firm.
The UK division of a Global Healthcare Group
Corix Partners assisted the CISO and his team in the redefinition of an information security strategy for the UK business units.
We analysed pre-existing security assessments to build a cyber security risk posture for the business and worked with the CISO and his team to restructure activities underway and make them fit within a strategic framework. We also redefined the organisational model for the team and proposed a set of roles and responsibilities that would form the base of an operating model.
Travel & HospitalityRead More
A FTSE 100 Global Leader in the Travel & Leisure Industry
Corix Partners assisted the newly appointed Head of IT General Controls, Security & Compliance in the definition and communication of a new Target Operating Model for his Information Security practice.
Working for the newly appointed Head of IT General Controls, Security & Compliance, we defined and validated a Target Operating Model for Information Security, including a detailed functional architecture for the function across the Group, and we assisted him and his team in communicating the new Target Operating Model to the Global team through the facilitation of a specific workshop.
Manufacturing & RetailRead More
The World Leader in Cosmetics
Corix Partners (in collaboration with a local associate firm) assisted the Group CIO and his teams in the optimization of the IT organization’s GDPR alignment programme.
We first shadowed existing teams in their GDPR-related tasks and provided an independent assessment of the strengths and weaknesses of the GDPR compliance programme. We then assisted the IT leadership team in an ongoing manner with the day to day supervision of the programme, ensuring that all tasks stay on track, assisting in upwards, downwards and sideways communication efforts, and making sure key deadlines are met.