Security specialist SecureData has recruited former Sainsbury’s security team leader, Mark Sprules to spearhead its CISO-as-a-Service practice.
The VAR says it has seen an increase in demand for the practice, which was developed by head of compliance Carl Shallow, and is another sign of a shift towards a more service-orientated approach.
It was designed to help mid-size enterprise firms develop and maintain an Information Security Management System (ISMS), and Secure Data says Sprules (pictured) will be responsible for the company’s existing base of clients in sectors such as retail, property, publishing and charity as well as the day-to-day assurance of its own CISO duties and ISO 27001 requirements.
Prior to SecureData, Sprules led a team of information security analysts at Sainsbury’s, and worked closely on risk assessment and compliance of newly selected 3rd parties and secure delivery of business solutions.
The firm says he will also provide strategic security and information risk assessment, guidance on threat detection, protection measures and response planning for security incidents.
Comments SecureData CEO, Etienne Greeff: “The demand for security expertise in the mid-enterprise market is rising sharply; businesses know they need specialist expertise but not necessarily for 100 percent of the time.
“But perhaps more poignantly, organisations are also beginning to realise that there isn’t always a technology solution to deal with security, and that introducing specialist third-party knowledge, experience and bandwidth is becoming increasingly necessary in the fight against cyber threats.
“Even in a part-time capacity, services like this will ensure smaller organisations assessing risk, detecting threats, protecting valuable assets and responding to breaches far more efficiently.”
“Not every organisation can justify the expenditure of a full-time security specialist, and it is great to be joining a company like SecureData that recognises each company’s requirements are different,” adds Sprules.
“The CISO service is designed to be flexible and help organisations regardless of size and maturity, so depending on the existing culture it can help in different ways; company-wide security awareness programmes, feeding ideas in to senior management or providing routine compliance and framework consultancy for auditing - all of these fall under the CISO-as-a-service umbrella.”
