3rd Party Risk Management , Audit , Governance & Risk Management

Profiles in Leadership: John O'Driscoll

Risk Mitigation Means Engagement With Stakeholders
John O'Driscoll, CISO, State of Victoria

Four years ago, John O'Driscoll became the first CISO for the Australian state of Victoria, a job that has purview over 1,900 entities with 340,000 public servants.

See Also: A CISO’s Guide to Defender Alignment

He's an expert in risk and audit, and that has subsequently lead to interesting conversations about who is accountable for risk and how to manage risk in light of growing threats.

"I think it's really important that you engage with senior stakeholders with awareness but also to make them care about something," O'Driscoll says. "A big part of what I've been doing is integrate cyber into the overall risk management process within Victorian Government, engage senior stakeholders at a departmental Secretary level, but also boards of water authorities and hospitals and also audit and risk management committees."

O'Driscoll is also leading initiatives to streamline procurement to get the right cybersecurity tools in the hands of practitioners and managing risks that may arise from using third-party service providers.

"You can outsource responsibility for delivery of something but you can't outsource the accountability for it," he says. "And there's a lot of work done upfront before we sign a contract with a third-party service provider."

In this video interview with Information Security Media Group as part of CyberEdBoard's ongoing Profiles in Leadership series, O'Driscoll discusses:

  • How to talk about risk in a government setting;
  • How the Victoria government is streamlining procurement of cybersecurity software;
  • What Victoria is doing to manage third-party risk.

O'Driscoll has over 35 years’ experience in information technology, with a focus on IT audit and cyber security in financial services and the public sector. He was appointed as the first chief information security officer for the Australian state of Victoria in October 2017. He leads the development and delivery of the Victoria’s Cyber Security Strategy to assess, monitor and respond to cyber security risks, as well as engaging with the government departments, interstate counterparts, Commonwealth and private sector experts to deliver a resilient and cohesive cyber security capability.

CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.