As one of the UK’s leading wealth managers, Brewin Dolphin recognises the importance of operating with robust technical and physical solutions in place to provide data security for its customers. Simon Mair, Head of Information Security and Data Privacy at Brewin Dolphin, discusses the importance of investing in the protection of client data and tells us about some of the organisation’s priorities when planning its security strategy for the year ahead.
Can you explain your role at Brewin Dolphin and the scope of your responsibility?
As Head of Privacy and Information Security, my primary role is to ensure the security of both our client and company data.
I work closely with the Head of IT Security to identify potential and real threats to the firm and mitigate these where possible.
My team creates the core security policies and ensures that they are effective and relevant to the firm. They also provide governance, guidance and incident support when required.
How important is the protection of client data to your organisation and what security procedures do you have in place to ensure/monitor this?
The protection of client data is critical to Brewin Dolphin. Our clients trust us with their financial well-being and core to that is the protection of their personal data.
We have robust technical and physical solutions in place to provide data security and while we are confident in these systems and processes, we are regularly testing them and improving them where necessary.
How do you manage the security of a workforce which is split across different locations?
While the COVID-19 pandemic has presented some challenges to Brewin Dolphin, fortunately, the firm had been through a complete end-user technology refresh prior to 2020.
During that project, every end-user was issued with their own laptop, enabling them to securely connect to the firm’s network.
We have a two-pronged approach to security whereby we are able to push vulnerability updates to end-user devices, which works hand-in-hand with our awareness programme for all staff.
Can you share insight into the typical threats facing an organisation in your industry?
The threat of ransomware presents our biggest challenge, but as with many organisations, insider threat also has the potential to disrupt the business.
A growing challenge is our relationship with our third-parties, most of whom are not regulated in the same way we are.
What approach do you take to communicating risk and security strategies to the wider C-suite and board?
The firm has various committees, forums and groups which provide a necessary framework for communication. It is always important when communicating with these groups to have some understanding of other risks which the business is facing. It’s helpful to understand the language used by other areas of risk and frame the cyber/privacy risks in the same way.
How do you foster and maintain a strong security culture within your organisation?
Brewin Dolphin has a comprehensive awareness strategy which combines compulsory e-learning, targeted learning for specific teams, external speakers – for example, City of London Police – and regular news updates on internal communication platforms.
Talking about security is also key – if we are talking about it, it’s at the forefront of our consciousness and that is always a good thing!
Finally, tone from the top is key to any cultural success – if the boss is talking about it then all levels of the business will take note.
Financial services is a highly regulated industry – how do you manage compliance and adherence with regulations?
One of the challenges is the fact that we are governed by both financial and data regulations, and these can sometimes appear to be competing with each other.
I work closely with the teams responsible for the financial regulation to provide guidance on data regulations to ensure that both regulatory pathways are working in parallel for the benefit of the business.
What are your priorities when planning your security strategy for the year ahead?
First and foremost, we must all understand the strategic aims of the firm. We must also consider any regulatory changes and be prepared to adhere to them when they come into force.
We will take a look at any present-day threats and those that are on the horizon, to identify gaps in systems or awareness.
Finally, we must consider any risks that have been identified within the business and determine if there are solutions or processes that can be implemented which will mitigate or remove them.
Can you describe a typical day for you in the role of Head of Information Security and Data Privacy?
Generally, I will meet with my team first thing in a morning. This meeting is as much a well-being conversation as it is a daily agenda, particularly since the increase in remote working due to the pandemic. We discuss any relevant security/privacy news items that may pertain to the business and talk about the day ahead. It is an excellent opportunity for the different teams to share relevant business updates. It’s also an opportunity to check on morale which is important in lieu of any traditional office contact.
Throughout the day, I will likely attend several project board meetings relating to general business change.
I will also meet with key senior stakeholders around the business to understand what their priorities are and identify how security/privacy must be incorporated into those plans.
I am a member of a number of external peer groups who meet regularly during the working day to discuss security and privacy challenges. Group members hail from a variety of different industries and as such, are an invaluable resource. We discuss common challenges and share best practice methodologies. In addition, we have the opportunity to hear valuable presentations from both regulators and security services.
Committee meetings are also a significant part of my day.
Outside of work, I hold the position of Chair of Governors at a Westminster primary school. I have been a school governor for over three years now and find it very rewarding. It provides me with development opportunities and I would recommend it to anyone as a great way of giving some time back to the community.
On the weekends, I enjoy time with my family, dog walking and rebuilding my 1967 Series 2A Land Rover. It’s safe to say that I’m a Green Oval addict!Click below to share this article