Building a Secure Fintech Ecosystem

Building a Secure Fintech Ecosystem

Identitii Identitii

Identitii

The platform for secure data workflows

Published Oct 27, 2024
+ Follow

Identitii Talks to Ben Jackson (Part Two)

In our previous session of Identitii Talks with Ben “Benji” Jackson (Identitii’s Head of Operations and Information Security Manager), we had a chat about his journey in fintech, the experiences and challenges that have shaped his approach to information security management, and what the future holds for the fintech industry.

In this session, we’ll be diving deeper into how organisations can safeguard their data and protect customer’s interests. Benji will be sharing his insights on the challenges and strategies involved in protecting sensitive data in the fast-paced fintech industry, and discuss his approach to maintaining compliance, building a security-conscious culture, and responding effectively to cyber threats.

We know the fintech industry is laser-focused on data security and regulatory compliance. With the sensitive nature of financial information, maintaining the highest level of compliance must be a constant priority for you. What’s your best strategy to make sure Identitii remains compliant with standards like ISO 27001? 

"A tower seldom crumbles from the top down, and compliance is no exception," Benji explains. "Securing buy-in and demanding accountability from top management is an essential foundation to building a security-conscious culture across the entire organisation."

He emphasises the need for a top-down approach, noting that "it's not enough to just implement the technical controls. You have to get the leadership team on board at every level and make them accountable for upholding information security standards."

With new cyberattacks and data breaches popping up all the time, and the threat landscape constantly evolving — how do you approach the challenge of staying ahead of these emerging threats and mitigating risks?

“Sun Tzu probably answers this best,” Benji says with a grin. “The Art of War obviously wasn’t talking about tackling cyber security, but I find a lot of the strategies to be very applicable in this field, in particular, ‘let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.'"

"It's all about having robust incident response and risk mitigation strategies in place," he elaborates. "You can't afford to be reactionary in this industry. You have to be proactive, agile, and ready to respond decisively when threats materialise."

Can you walk us through some of the key security protocols and strategies you've implemented to protect Identitii's data and systems?

"Security technologies and tools are ubiquitous in the industry, and generally, they perform consistently right out of the box," Benji says. "The real challenge lies in managing and standardising people, processes, and documentation."

He explains that his team's focus is on education and consistency. "Human error remains the biggest vulnerability within an organisation, whether it's through social engineering, phishing, misconfigurations, or ransomware attacks. Continuous education on these threats is critical."

“Your team has to understand their role in maintaining security, and be aware of the threats that target them. At Identitii, we achieve this through regular training, phishing simulations, and making sure documentation is accessible, updated, and actionable.

You bring up a great point of teams needing to understand their importance in the security chain — I imagine getting buy-in and collaboration across different teams like IT, dev, and compliance can be a real hurdle. How do you navigate breaking down silos and encouraging collaboration across different organisational dynamics? 

"Yeah, breaking down silos is a constant battle," Benji admits. "But our main goal is to eliminate the 'us vs. them' mentality when it comes to security. When you're easy to work with and can build those relationships, people naturally want to collaborate."

“The key is to engage as early as possible in the process while maintaining an approachable, flexible, and collaborative mindset,” says Benji. “Take additional security controls as an example;” he elaborates. “People are much more willing to accept the necessity of security controls when they understand the drivers behind them. So taking the time to explain the rationale behind the control and bringing them along on that journey gives people a sense of pride and ownership in being part of the solution.”

Benji's leadership in information security has been instrumental in positioning Identitii as a trusted and reliable fintech company. His ability to balance technical expertise with a deep understanding of business operations has enabled him to develop effective strategies that protect the company's data and systems.

As the industry continues to evolve, Benji's work positioning information security as a strategic priority, fostering a security-conscious culture and implementing innovative security measures will undoubtedly be a key competitive advantage for Identitii, and set a new standard for data protection.

To view or add a comment, sign in

More articles by this author

Insights from the community

Others also viewed

Explore topics