Vic Govt appoints first CISO
Leadership: Victoria has appointed its first chief information security officer
A former ANZ Bank senior executive has been appointed as Victoria’s first ever chief information security officer to oversee the implementation of the state’s cyber security strategy.
John O’Driscoll is a former senior manager for information and technology risk at the ANZ, with 20 years’ experience in IT and cyber security. He was appointed to the newly created role within the Victorian government on Monday after a four-month search.
Mr O’Driscoll has also held senior IT and security roles at AMP, Commonwealth Bank and Perpetual. He specialises in IT governance, risk and compliance across financial services, superannuation and the public sector.
He has also developed a number of audit and information security training courses, and is director of certification at ISACA Melbourne. Mr O’Driscoll relocated to Melbourne from Sydney in early 2011 to take the role at ANZ, and began in the CISO role within the Department of Premier and Cabinet last month.
The CISO role would “oversee government’s response to the cyber threat, develop best practice, provide assurance, report internally on cyber security status and coordinate cross-government action”.
The appointment is a key facet of the state government’s cyber security strategy, which was unveiled in August, Special Minister of State Gavin Jennings said.
“John O’Driscoll’s extensive experience working across information technology and cyber security makes him ideally suited to be Victoria’s first chief information security officer, as we seek to secure government services,” Mr Jennings said.
“As organisation crime and others become more sophisticated in hacking and disrupting digital services, it’s crucial [that] government steps up to better protect our public services and information – John will help us do just that,” he said.
The CISO position sitting’ within Premier and Cabinet is to have an in-house team of about ten people. The role would not replace the individual responses and accountability within each government agency on cyber security, but would instead to coordinate a cross-government response.
In the new role, Mr O’Driscoll would focus on driving collaboration across the state’s departments and agencies, helping with ongoing work to assess, monitor and respond to cyber security risks, and engaging with the federal government and private sector on cyber issues.
The CISO would also lead the development of new cyber emergency governance arrangements, and improve the procurement process in cyber security.
The office would also develop a workforce plan and present quarterly cyber security briefings to the Victorian Secretaries Board, and the State Crisis and Resilience Committee.
Victoria’s cyber security strategy outlined a whole-of-government approach on cyber security, with a 23-point strategy across five core themes: engagement, planning, partnering, service maturity and capability.