Capable, Secure and Compliant IT: How hard can it be?
I work with regulated financial services firms. I help the CFO, COO or the executive responsible for IT who is under pressure to:
- Deliver capable, secure, and compliant IT services
- Align to the expectations of a myriad of internal stakeholders – e.g. 2nd line (risk, compliance) and 3rd line (internal audit), the CEO, and the Board
- Align to the guidance of the Central Bank of Ireland and the Data Protection Commission.
While I can talk bits-and-bytes where necessary, I focus on providing plain English explanations of your current IT capabilities and risks, and identification of the pragmatic steps required to improve your capabilities while mitigating the risks.
When can I help?
When I first engage with an executive, they can have a number of concerns and frustrations:
- Unsure how to get their IT capabilities from where they currently are to somewhere / anywhere better.
- Concerned about the risk of a data breach or cyber incident in their organisation.
- Unable to confidently answer questions or address risk items raised by 2nd line (Risk & Compliance), 3rd line (Internal Audit) or the Board.
- Unsure about the firm’s alignment to the Central Bank’s expectations on IT, cybersecurity and cloud outsourcing.
- Unsure what questions to ask of the firm’s IT service providers.
- Frustrated and impatient about the responses received from these IT service providers – Their answers are frequently opaque, incomplete or they miss the point entirely.
Who am I?
I am Sam Glynn. I have worked in IT for over 20 years.
I worked in various IT management roles in the wholesale financial services industry for 15 years and I have been providing independent IT advice to regulated financial services firms since 2012.
Alongside my IT qualifications and experience, I am also a qualified data protection officer.
LinkedIn can tell you more.
Am I the solution for you?
I am independent.
While I work with an organisation’s staff and service providers to truly understand what is going on, I have no allegiance to current solutions or previous decisions.
My assessments and guidance are truly independent, and I answer to the executive who engages me.
It is ‘me’, not ‘we’.
I do not have a bench of junior associates focused on filling chargeable hours.
I have many trusted and experienced 3rd parties who I can call on if we need their specific skills.
But if you choose to work with me, it will be me.
I know technology but I communicate in plain English.
I communicate regularly with Board members and senior business executives in plain English about technology problems and solutions.
Whiteboards, visuals and metaphors are all key elements of my communication approach.
I apologise in advance for metaphors and analogies involving Luas tracks and train drivers, houses vs mobile homes, and burglar alarms and grannies.
I am pragmatic, not academic.
Organisations seldom benefit from perfect solutions – They take too long.
[Good enough] may be the immediate need, with [great] as a longer-term goal.
My guidance is always pragmatic, and tailored to the needs and capabilities of the organisation.
It’s not about technology. It’s about achieving the desired business outcome while managing the risks.