Protecting a major retailer’s digital future

Providing board-level advice to address the business’s number one corporate risk: data security

Like many large businesses, our client – a major UK retailer – is fundamentally changing its business model, focusing on digital services. This involves managing large amounts of customer data, and given that reputation and public trust are crucial to the retailer, it needed to create a new security model to support its changing business.

Mason Advisory was asked to provide a Chief Information Security Officer (CISO) to keep the organisation safe during its transformation.

Our consultant was instrumental in the redesign and restructuring of the security organisation, including developing the entirely new global CISO role. He reported into the board, and was accountable for group security, with responsibility for a multi-million-pound budget. He also led the wider restructuring of the security team in order to build the right platform to deliver the new security model.

As CISO, he led the development of a security strategy in line with the digital business objectives, which was built around a more proactive detect-and-respond model (with a view to moving to a fully predictive approach in future). This moved away from traditional ‘bunker’ approaches to protecting systems and, in an extension of the successful use of customer data to provide retail insights, the security strategy depends on analysing machine data to provide security information and event management (SIEM) insights.

The strategy continues to be implemented using an Agile approach in order to iteratively improve it as the programme of works progresses. The strategy will deliver a more flexible security model to support the business’s digital ambitions.

Our CISO has also prepared the retailer for industry-leading information security certification, and ensured compliance with the Payment Card Industry (PCI) standards for payment processing and encryption.

Other key projects included:

  • delivering risk reduction initiatives, such as designing a network segmentation project to split the PCI segment from the rest of the network
  • encouraging secure software development
  • managing access to services, including cloud services
  • wrap around third parties which need to access customer data
  • implementing advanced malware detection and data loss prevention initiatives.

We are now supporting the retailer in making the transition to a full-time in-house CISO.

Key Facts

The Chief Information Security Officer role has responsibility for over 60 full-time security staff within the retailer.

Industry
Retail & FMCG
Services
IT Strategy & Transformation
Assurance
Cybersecurity
Share
Designed To:
  • Protect our client while its business is undergoing a digital transformation
  • Provide board-level assurance for strategic security initiatives
  • Deliver an innovative security strategy based around proactive detection of issues
Contact

Contact Us

Find out more about how we can help your business

Click to email +44 333 301 0093