In Depth

Sharon O'Bryan: Called to Account

Some security executives see protecting their company's assets as a way to earn a living. ABN Amro's Sharon O'Bryan sees it as her mission.

By Simone Kaplan

Page 3

After putting the project on hold, she sat down with her CIO to gauge his level of support for a formal set of security standard projects. She then presented the executive board of ABN Amro North America with a meticulous plan detailing her ideal approach to increasing security efficiency and effectivenesscreating a centralized technology risk management group to oversee a common set of security policiesand the executive team gave her the thumb's up. Then she began the next phase of the reorganization. Most of the existing risk management and continuity planning staff was dispersed and decentralized, reporting to different bosses and working in reaction-based environments rather than under a tactical or strategic plan. O'Bryan plucked her staffers out of their pseudo-exile and brought most of them to the Chicago area (she still has people in Michigan and New York), where they could work as a team. Together, the group came up with a thorough approach to technology risk that began at the strategic level and extended all the way down to daily, mundane procedural tasks such as issuing network access IDs.

O'Bryan looked at how other banks handled security but kept a close eye on how closely industry best practices addressed her company's needs. "Best practices are often set by much larger organizations, like Bank of America, and they might not make sense for us as a medium-size organization," she explains. "Rather than apply blanket best practices to my company, I am more interested in looking at how those practices relate specifically to the infrastructure, applications and security controls we have in place."

With the newly crafted standards in hand, she made sure the company's network was scrubbed and the systems were functioning effectively. "We had to clean it up," she says. The security staff grew: When O'Bryan began the overhaul, she had a staff of 12 and a budget of about $6 million. Three years later, she oversees 66 people and a budget of $18 million. And the evolution of the risk group is about to take another step. In early 2003, ABN Amro's Chicago offices will move to a new building that's still under construction. While the move entails a lot of change, O'Bryan isn't worried about adjusting. In the new building, she'll have her entire Chicago-area technology risk group on one floor (right now, half the group is in her Loop-area building and the other half is located 20 miles away, near O'Hare International Airport).