Victoria has named private sector IT risk and governance specialist John O’Driscoll as its first chief information security officer, as part of a push to bolster the state’s ability to fend off cyber threats.
O’Driscoll has 20 years’ experience in information technology, with a focus on cyber security in financial services and the public sector. He was most recently senior manager, information and technology risk, at ANZ. Before that O’Driscoll occupied top IT security jobs at AMP and the Commonwealth Bank.
The government is concerned about the shift from unsophisticated lone cyber hackers towards organised criminals, political ‘hacktivists’ and foreign governments using the internet to infiltrate, steal from and disrupt government services.
The CISO will focus on leading collaboration across Victoria’s departments and agencies helping with ongoing work to assess, monitor and respond to cyber security risks, as well as engaging with Commonwealth and private sector experts to deliver a resilient and cohesive cyber security environment.
The appointment of the chief information security officer is one of the steps in the Victorian government’s cyber security strategy, released in August. Other key actions from the plan, to be led by the CISO, include:
- Develop cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services;
- Strengthening partnerships across all levels of government and the private sector to share best practice,
intelligence and insights;
- Rationalising and better co-ordinating the procurement of proven cyber security services;
- Developing a workforce plan to attract, develop and retain skilled cyber security public sector workers;
- Presenting a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and
Resilience Committee, so government is better informed of cyber security issues and assessments.