Mergers and acquisitions can present significant operational challenges for information security officers (ISO) who are tasked with ensuring a smooth transition of the information security program. Often, some key responsibilities of the ISO may be overlooked as other tasks related to the merging of the two institutions take precedence, overextending the ISO as they work to manage the information security program effectively and stay on top of regulations.
Eric Nadeau, chief financial officer at One Florida Bank, faced this very issue when his bank acquired another bank in Florida to expand the institution’s reach across the state. Nadeau wore many hats at the bank serving as the information security officer, chief financial officer, head of accounts payable, and director of both HR and IT. Although Nadeau understood the role and responsibilities of the ISO, he simply lacked the necessary time required to develop a formal program to efficiently complete all ISO-related tasks.
After acquiring the other bank’s charter and then merging the two institutions, Nadeau knew that his bank’s existing compliance management practices would not be enough to accommodate the rapid growth and continue to satisfy the regulators. While he needed assistance in managing the information security program, the institution was not yet ready to make the investment to expand personnel by adding a dedicated ISO.
Following the merger, the bank needed a strong operational structure in place to get the now larger institution up and running and meet regulatory expectations quickly. During the acquisition process, Nadeau was introduced to Safe Systems’ ISOversight VISO (Virtual Information Security Officer) solution. The institution One Florida Bank acquired was already a Safe Systems customer using its network management services. After learning more about the VISO and compliance program, Nadeau performed his due diligence and made the decision to implement the ISOversight solution to streamline the bank’s information security processes.
A VISO serves as an extension of the in-house ISO by augmenting existing personnel and ensuring all tasks and related activities are completed on time and are all properly documented and reported to the various stakeholders. ISOversight’s integrated approach to vendor management, business continuity planning, cybersecurity, strategic planning, and information security influenced Nadeau to implement a VISO strategy.
“We had a very aggressive growth plan and I was wearing many hats. I couldn’t cobble together a bunch of Excel-based risk assessments and manual tasks into a formal process within an acceptable time frame,” said Nadeau. “I needed a support structure that I could leverage very quickly to sustain our bank’s strong and rapid growth plan and ISOversight provided that.”
While Nadeau expected the bank to grow, he did not anticipate that the bank would become a $690M institution in just 18 months. With ISOversight, Nadeau was able to quickly implement new operational structures for the institution amidst this rapid growth.
ISOversight combines all the various risk assessments into one centralized portal with ease, eliminating the use of multiple spreadsheets and numerous documents. The VISO enabled the bank to create a new compliance infrastructure with easy-to-read summaries of all ISO activities, as well as establish a new fully compliant business continuity management plan, a robust vendor management program, and comprehensive project and audit/exam tracking. ISOversight provides an integrated approach to all these initiatives as they all work hand in hand.
“The first year after the acquisition required a massive amount of work, but ISOversight allowed our bank to prioritize and complete tasks until we reached a smooth and successful integration,” said Nadeau. “Even examiners have commented on the progress we’ve made and recognized the value that the integrated platform provided to our management.”
For more information, download the full white paper, “5 Case Studies: Exploring Common Challenges Faced By The Information Security Officer.”