Accelerate your Information Risk Management maturity by leveraging external expertise.
THE MOBIUS APPROACH TO OUTSOURCED SERVICES
The dilemma that most organisations face is a shortage of Information Security, Information Privacy and Information Technology Risk resources, and companies often lack the skills to ensure the success of their Information Security, Information Privacy and IT Assurance Programmes. Mobius Consulting has released a new range of Outsourced Services within our Information Security, Information Privacy, Cyber Security and IT Assurance service lines.
Mobius Consulting offers a solution geared towards empowering organisations with the expertise needed to accelerate their Information Risk Management maturity.
The Mobius Outsourced Services Offering is aimed at providing outsourced management and advisory services in the following areas:
The Outsourced Information Privacy Manager (OIPM) will assist and provide guidance on how to manage the organisation’s Information Privacy Programme, incorporating governance, users and structures, technological solutions, monitoring and continuous compliance of Information Privacy.
The OIPM can assist with the execution of the following activities:
- Establish an Information Privacy operating model for Information Privacy management within the organisation.
- Training and Awareness to all stakeholders in the organisation around Information Privacy.
- Developing Information Privacy documentation (e.g. policies, procedures, and standards) or reviewing and updating those developed by your organisation.
- Developing and implementing an Information Privacy Programme.
- Advisory role to safeguard Personal Information by identifying how Information Security and its controls support ongoing Privacy compliance.
- Strategic guidance to the Executive Committee and Board to ensure compliance with information protection requirements, including guidance on handling data subject requests.
- Continuous monitoring against Information Privacy controls to ensure ongoing compliance across the Privacy landscape.
We will assist with the management and execution of an Information Security Programme that supports an Information Security Management System (ISMS) and incorporates governance, roles and responsibilities, technological solutions and continuous monitioring across Information Security.
Our Information Security Outsourced Roles can assist with the execution of the following activities:
- Establishing roles and responsibilities for Information Security management within the organisation.
- Developing governance-related documentation (e.g. policies, procedures, and standards) or reviewing and updating those developed by your organisation.
- Providing direction and guidance to identify and mitigate the potential Information Security risks in a changing business environment.
- Report on the status of Information Security to various management levels across the organisation.
- Maintaining your Information Security Management System and aiding in continuous improvement thereof.
- Defining and executing Information Security Awareness Programmes and training plans.
- Providing support around operational security.
The Outsourced Information Technology Assurance Manager (OITAM) will support your Internal Audit or Risk team with ongoing, independent reviews of your specific IT risks, delivering purpose-built recommendations to address your challenges.
Our Outsourced Information Technology Assurance Consultants can perform the required independent reviews, providing you access to appropriately skilled resources that are notoriously difficult to retain in-house.
- Develop annual Internal Audit Plan following either your Enterprise Risk Management process or based on our knowledge of critical areas of information risk following latest emerging and industry risks. Customise the plan to cover your key risks based on underlying technologies and key business processes. Once finalised, completion of the IT Audit Plan where additional capacity or specialist resources are required.
- Implement a Combined Assurance model to assist organisations improve the effectiveness of IT governance, risk management and internal controls.
- Conduct Standard and Specialist reviews for IT Internal Audit through the completion of IT General Control reviews or other more technical specialist reviews:
Information Security (ISO 27001/2, SWIFT, 0365), Cloud Security, IT Governance, Security Testing (Network, Web / Mobile App), Cyber Security Reviews (NIST, CIS), Identity and Access Management, Third Party Risk Management, Privacy (POPIA, GDPR, ISO 27701, etc.)
- Project Governance reviews can also be performed to assist organisations with: Goal-oriented reviews, Stage gate reviews, Continuous reviews, RIO reviews, Data Migration Assurance.
The Outsourced Cyber Security Manager will help your organisation become more cyber resilient by improving your capabilities to identify, protect, detect, respond, and recover against cyber threats and attacks.
Our Cyber Security team can assist your organisation in getting started with and the ongoing management of the following:
- Improve threat management capabilities by assisting your organisation in adopting a threat-based approach to Cyber Security and using Threat Intelligence, Threat Monitoring and Threat Hunting processes, technologies and skills.
- Cyber Security control assessment covering governance, people, process and technologies to give you the full view of your Cyber Security maturity based on best practice (NIST).
- Develop and manage roadmaps and plans that support your organisation’s strategy required to improve resilience against threats, and improve overall Cyber Security maturity.
- Develop and maintain a threat profile of the current cyber threats that are most applicable to your organisation that will help prioritise budget and protection where it is needed most.
- Develop and adopt an incident response process on an organisational wide basis that includes periodic simulations involving all stakeholders.
- Manage the implementation of Cyber Security related processes and technology improvement plans.