Virtual Chief Information Security Officer
Immediate and Impactful Leadership Solution

A mid-sized pharmaceutical company with around $150m in revenue and 300 employees is rapidly expanding to new regions across United States and abroad. CIO is interested in understanding how a Virtual Chief Information Security Officer (vCISO) could immediately bring the technical expertise and business acumen that will allow them to achieve their business objectives while optimizing their risk management strategy. Strategically the vCISO will optimize client’s Security strategy aligned with the business strategy, security risk management, measurable security program alignment and operations.

Bridge Security Advisors met with CIO worked to understand their future technology, compliance and growth strategy to determine what type of CISO would be the best fit for company’s needs- Technical, Strategic or Executive vCISO.

The Challenge

The organization only hired their first CIO a year ago who is owning all IT, Infrastructure and Security for the organization. As the company grows so do the security challenges and compliance and privacy requirements. The CIO, quickly realizes, she needs help around mitigating risk and protecting the company from threats and fines if found non-compliant with HiPAA or GDPR/CCPA.

Limited security technology environment with poor documentation, low performance, and heavy customization.

No dedicated security personnel on staff and no security vendor relationships for strategy or execution.

The customer needs to be prepared for future growth, but the existing security operational and technical systems are not capable.

OT has historically been air-gapped, isolated and extremely limited connectivity. As OT systems have grown more complex they have introduced substantial IT technology, however most has been imbedded and remained standalone systems. 

The value cases that are driving the company require much greater connectivity with the OT environment and much more sensor and device level data. This will expose the OT assets in ways they have never had to contemplate.

The Solution

Bridge recommended a 12 month vCISO, with Pharmaceutical experience working at Merck for 5 years in Security Strategy role.

Additionally, Bridge proposed client leverage on-demand expert security leadership to advance a cost-effective security program and establish clear communication with management, board of directors, investors and govt/regulators.

Develop a 3-roadmap and plan for security operation and technical capabilities.

Implement security and architectural best practices in light weight rapid review processes.

The Outcome

At the conclusion of the engagement, Bridge VCISO delivered a 3-year roadmap to help budgeting and provide justification for additional security investment.

Our client and Bridge Security Advisors are implementing consistent security policy, procedures and technologies across the portfolio.

Pharmaceutical company and Board now have a Security Program that covers the entire portfolio and includes a robust security due diligence process when acquiring new companies.

Client has full understanding of privacy requirements and remediation activities for portfolio to be GDPR and CCPA compliant.

CIO is now engaging with Managed SOC / Manage Detection and Response Companies to prevent further attacks and reduce the risk of another ransomware incident.

Bridge Security Advisors is now the Trusted Security Advisor and has placed additional IAM. Incident Response and GRC SMEs to perform professional services.