To implement integrated risk assessment processes to measure the effectiveness of information security controls.

To enable a balanced set of security controls to reduce the Company’s risk profile.

Web Application Security Testing

Information Security Incident Testing

Information Security Consulting

Information Risk Assessment (IRA)

Provide information security training and awareness campaigns

Improve efficiency through standardization, automation, self-services

Enhance the reporting capabilities at the services level and use metrics to measure success

All of the above

Management Focus

People focus

Implementation Focus

Integrate the IRA process with Global Release Management Process

Implement SLAs on all services, for a better resources’ allocation

No formal training required on new technologies< security testing techniques, information risk management frameworks

Technology Risk Management

Technology Risk Audit

Technology Risk SOX

Vendor assessments moved to Procurement end of 2020 – transition work early 2021

IT Audit support in collaboration with RCSA team

IT SOX scoping of changes and new systems