Business exposure: the problem or opportunities

To uplift a major Australian bank’s risk and control framework to manage data, security and privacy as an enterprise Program.

Business approach: the roadmap to the solution

The Q1 team led the Program to align project outcomes with the agreed strategy. The team worked across multiple layers of the bank to:

• Develop the cyber security risks and controls framework, processes and templates.
• Build a universal controls library and use this framework for the security and governance program across the enterprise.
• Develop a repeatable approach to embed accountabilities, including deploying risk assessment toolsets in high risk functions.
• Identify high risk data repositories and mediate by developing controls.

Business benefits: the solutions

The Program has improved the visibility of the cyber security risks and related controls environment, enabling informed decision making on the implementation of cyber security appetite, investment and risk management.