CISO function implementation
- Are your cybersecurity intiatives being aligned with your business objectives and strategically managed from the C-suite and boardroom on down?
- Is a C-Level stakeholder responsible and dedicated to the information security?
- Do you measure and demonstrate to stakeholders the effectiveness of your cybersecurity efforts?
- Does your program leverage strides in cybersecurity to boost your economic performance?
What does it include
We support you in the definition or enhancement of the main CISO activities (PwC as a day to day support on your behalf or PwC as a trainer for your appointed CISO):
- Define and promote: Information Security framework definition and review, promotion of information security within the group though awareness sessions;
- Assess and control: Information Security risk assessment activities and related controls definition, second-line review activities (logical and physical access reviews, security in projects, etc.);
- Measure and report: Key performance and security indicators (KPI/KRI) definition. Controls testing to produce the indicators on a regular basis. Dashboard production;
- Operate: Process definition and IT security checks to ensure the day to day security of the IT activities (security impacts of change, Firewall rules validation, etc.).
- Trained and operational Chief Information Security Officer (CISO);
- Cybersecurity strategy aligned with business objectives and related initiatives harmonised thoughout the group (HR, IT, BCM etc.);
- Ability to monitor your security maturity and to demonstrate it to both internal and external stakeholders;
- Sound day to day security management though regular security checks and validations;
- Increased cybersecurity maturity level as a market differentiator and a business enabler.