Skip to content Skip to footer
Search

Loading Results

Supporting a wealth management firm by strengthening its information security ecosystem

Situation

The client is under constant pressure from regulators and business stakeholders to demonstrate a structured approach towards information and cyber security risks. The information security division has worked with various technology functions and business groups to improve information security control implementation through continuous risk assessment of applications and processes. The structured approach has been laid out to ascertain the information and cyber risk posture. It is constantly evaluated and subjected to internal and external validations to ensure the risks are managed through its life cycle. The client also looks to constantly engage with key business stakeholders to drive information and cyber risk mitigation and improved reporting.

The Solution

PwC’s community of solvers collaborated with the client to design, implement and operate a robust strategy to solve the information and cyber security challenges of today and prepare for the future. We had helped the client develop the information security management system (ISMS) framework and risk assessment methodology over the years, as well as engaged to help in maturing the information and cyber risk management process, thus managing and minimising related risks for the enterprise. As part of the programme, we annually conduct a risk assessment for hundreds of applications and processes across ten locations in India and overseas. Over the years, we have delivered and sustained the envisaged outcomes. We continue to engage in the programme to discuss issues relevant to current times.

The framework was built to help the client with:  

  • Consistent risk-assessment methodology to be applied for all applications, processes and locations.
  • Identify risks based on global practices applicable.
  • Provide a real-time and most current view of risks and controls used to minimise the risk exposure.
  • Provide a standardised framework that helps prepare for external ISO 27001 certification.

Result

We can proudly say that we don’t just find answers; we never stop looking for them. By bringing together our human ingenuity, passion and experience with the latest technology, we prepared the client for a globally accepted certification covering multiple applications and processes for several locations across India and overseas. We also improved awareness and instilled a cyber risk culture for a client operating in a susceptible industry. Some of our key achievements include:

assessed 8,500+ controls

Assessed
8,500+
controls

involved 250+ risk owners

Involved
250+ risk
owners

built a comprehensive control library

Built a comprehensive control library

Although the scope of certification increased, it significantly reduced overall risks and issues observed by the certification agency. Additionally, the time required for certification-ready units was reduced, thus saving cost and facilitating sustained outcomes.

Opting for PwC has helped the client with:

 trust white

Building trust and getting best-in-class cyber risk guidance on demand.

 cybersecurity white

Integrated internal risk management activities with the cyber risk programme.

 security white

Compliance with federal cyber security frameworks.

 people audience teamwork white

Ensuring the leadership gets access to various risk views and dashboards.

Explore PwC's case study library

Share this case study

The client didn’t want to just gain new insights and improve performance for themselves, they also wanted to unlock these benefits for their customers.


Jayaram Nair
Managing Director, PwC

Do you want to channel operational disruption into a competitive advantage?

Learn about PwC’s Digital Operations Solutions.

Learn more

Follow us

Required fields are marked with an asterisk(*)

I agree PwC can email me about its insights, newsletters, events, services, products, and offerings.*

By submitting your contact information you acknowledge that you have read the privacy statement and that you consent to our processing the data in accordance with that privacy statement including international transfers. If you change your mind at any time about wishing to receive material from us you can send an e-mail to privacy@pwc.com.

By submitting your contact information you acknowledge that you have read the privacy statement and that you consent to our processing the data in accordance with that privacy statement including international transfers. If you change your mind at any time about wishing to receive material from us you can send an e-mail to privacy@pwc.com.

Hide