The Victorian government has turned to the private sector to recruit its first whole-of-government chief information security officer. The government announced today that it had appointed ANZ’s former senior manager, information and technology risk, John O’Driscoll to the newly created position.
Prior to joining ANZ in 2011, O’Driscoll held senior security and risk positions at AMP and the Commonwealth Bank of Australia.
The recruitment of a government CISO is a key plank of Victoria’s cyber security strategy. The state government unveiled the strategy in August.
As CISO, O’Driscoll will oversee implementation of the strategy, which emphasises a whole-of-government approach to information security.
The government CISO “will oversee government’s response to the cyber threat, develop best practice, provide assurance, report internally on our cyber security status, and coordinate cross-government action,” states the strategy (PDF).
The CISO won’t replace the responsibility of individual agencies to mitigate security risks but he will “coordinate cross-government responses in those areas where a whole-of-government approach is preferable, more efficient and will provide better security outcomes than individual approaches – for example, the creation of whole-of-government cyber services, capabilities, reporting, executive engagement, and information dissemination.”
“John O’Driscoll’s extensive experience working across information technology and cyber security make him ideally suited to be Victoria’s first Chief Information Security Officer, as we seek to secure government services,” Victoria’s special minister of state, Gavin Jennings, said in a statement.
“As organised crime and others become more sophisticated in hacking and disrupting digital services, it’s crucial government steps up to better protect our public services and information – John will help us do just that.”
Other elements of the strategy that will be overseen by O’Driscoll in his role as CISO include developing clearer “cyber emergency” governance arrangements, building partnerships with the private sector, establishing a procurement panel for security services, and a push to boost the information security skills of the public sector.
Under the strategy the government is also aiming by February to develop a plan for implementing a federated Victorian Government Security Operations Centre service.
In March, the New South Wales government recruited former AUSTRAC CIO Dr Maria Milosavljevic to be its first CISO. In April, South Australia announced that public service veteran David Goodman would be the state’s first CISO.
The federal government earlier this month unveiled its International Cyber Engagement Strategy.