Leadership & Executive Communication , Training & Security Leadership

Designing a Business-Aligned Cybersecurity Program

AMP's Head of Cybersecurity on How to Get Business Buy-In
Group head of cybersecurity at AMP

In order to have a business-aligned cybersecurity approach, it is important for a CISO to get buy-in from executive management before approaching the board, says Chirag Joshi, group head of cybersecurity at AMP, a financial services company in Australia.

See Also: Post-Transformation: Building a Culture of Security

Joshi says to start with the management because you need to understand its priorities. For example, he says, if an organization aspires to move from largely on-premises, phone-based customer service to a direct-to-consumer digital channel, you will need to have a different way of working than you had before.

"From a cyber perspective, you need to understand if you are equipped to handle this change. Do you have the tools and technologies to manage the change? You will only know this when you have a conversation with the businesses executives," he says.

In a video interview with Information Security Media Group, Joshi also discusses:

  • How to start a business-aligned cybersecurity strategy;
  • Whether to take a top-down or bottom-up approach;
  • The role of risk management in a mature cybersecurity program.

Joshi is group head of cybersecurity at AMP, a financial services company in Australia. He is also the author of the worldwide best-selling book "7 Rules to Influence Behaviour and Win at Cyber Security Awareness" and the director of the ISACA Sydney chapter.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.