In Depth
Sharon O'Bryan: Called to Account
Some security executives see protecting their company's assets as a way to earn a living. ABN Amro's Sharon O'Bryan sees it as her mission.
By Simone Kaplan
O'Bryan felt the lack of data privacy oversight needed the attention of the entire financial services industry. As a member of Bits, the lobbying group founded by CEOs from the top 100 financial companies in the nation, she brought up the idea of creating an industrywide framework for governing risk management in outsourcing at a meeting. The other members of Bits agreed the issue demanded action and set to work creating the framework, a process that took a year. O'Bryan now cochairs the committee in charge of expanding the framework, which was ratified in 2001. The new regulations require financial companies to apply the same security measures to outsourced information as they would if the data was handled in-house. "You can outsource IT and business processing, but you can't outsource the risk," O'Bryan says. "That creates a challenge for service providers, many of whom are being forced into creating formal security and contingency planning policies of their own in order to service financial clients." While the Bits framework has helped regulators increase their scrutiny of outsourced risk management, this issue remains somewhat unresolved, she says, because most business managers still believe they can outsource risk, an attitude that has to change for sound security to be achieved.
Not surprising, O'Bryan handles the challenge of forcing change upon an industry mired in tradition and regulation with aplomb. She does, after all, thrive on pressure and responsibility. Like many security executives, O'Bryan is a part-time student, but the degree she's pursuing is probably unique in the IT security field. She's in the process of earning a master's in theology, her third advanced degree (she already holds an MBA and a master's of information systems). And no, she's not praying for secure networks.
In the future, she wants to work with teenagers to "help steer them in the right direction." But that's a few years off. Her immediate goals are to move closer to the strategic side of the business so she can become less involved with day-to-day operations. "I'm a strategist at heart, and I have a vision of what security should mean to the business," she explains. At some point she'd like to do more industry lobbying in Washington, D.C., but for right now she's happy commuting from her home 65 miles outside Chicago and helping protect the assets of ABN Amro's worldwide clients.
"At the end of the day, that's what feels good," O'Bryan says.
sharon o'bryan
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
