Building a risk culture
A risk culture is not an obvious item for the CIO or CISO to consider as a priority. Here’s the definition from the Institute of Risk Management: “Risk culture is a term describing the values, beliefs, knowledge, attitudes and understanding about risk shared by a group of people with a common purpose.”
I’ve taken a new role as CISO at HSBC. The interview process was astonishing as I met with Global CIO of Commercial Banking Wendy Wang, who was double hatting as Asia Pacific CIO. She was new in her regional role and rebuilding her team. Asia Pacific was then 20 countries that accounted for 80% of the global revenues for HSBC, so this was a strategic position that she played.
Wendy explained that she had Regional CIO for Retail Banking, Chief Data Officer, and CISO roles all open. During the discussion, I explained to Wendy that I had managed cybersecurity as a CIO but had never been a CISO or been full-time in this capacity....
