3rd Party Risk Management , Audit , Governance & Risk Management

Profiles in Leadership: John O'Driscoll, State of Victoria

Risk Mitigation Means Engagement with Stakeholders
John O'Driscoll, CISO, State of Victoria

Four years ago, John O'Driscoll became the first CISO for the Australian state of Victoria, a job that has purview over 1,900 entities with 340,000 public servants.

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

He's an expert in risk and audit, and that has subsequently lead to interesting conversations about who is accountable for risk and how to manage risk in light of growing threats.

"I think it's really important that you engage with senior stakeholders with awareness but also to make them care about something," O'Driscoll says. "A big part of what I've been doing is integrate cyber into the overall risk management process within Victorian Government, engage senior stakeholders at a departmental Secretary level, but also boards of water authorities and hospitals and also audit and risk management committees."

O'Driscoll is also leading initiatives to streamline procurement to get the right cybersecurity tools in the hands of practitioners and managing risks that may arise from using third-party service providers.

"You can outsource responsibility for delivery of something but you can't outsource the accountability for it," he says. "And there's a lot of work done upfront before we sign a contract with a third-party service provider."

In this video interview with Information Security Media Group as part of CyberEdBoard's ongoing Profiles in Leadership series, O'Driscoll discusses:

  • How to talk about risk in a government setting;
  • How the Victoria government is streamlining procurement of cybersecurity software;
  • What Victoria is doing to manage third-party risk.

O'Driscoll has over 35 years’ experience in information technology, with a focus on IT audit and cyber security in financial services and the public sector. He was appointed as the first chief information security officer for the Australian state of Victoria in October 2017. He leads the development and delivery of the Victoria’s Cyber Security Strategy to assess, monitor and respond to cyber security risks, as well as engaging with the government departments, interstate counterparts, Commonwealth and private sector experts to deliver a resilient and cohesive cyber security capability.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.