Keeping Fintech Bulletproof

Behind-The-Scenes of Information Security Management

Identitii Talks to Ben Jackson (Part One)

You know that old saying, "the best defence is great attack"? Well, in the rapid-fire world of fintech, that couldn't be more true. And the person leading Identitii's defensive attack is none other than Ben Jackson (aka Benji) our Head of Operations and resident Information Security Manager.

Welcome to “Identitii Talks”, where we pull back the curtain to get an insider's perspective on a range of topics, kicking off with information security management. We’re chatting with Benji to find out what drives someone to get into this field, how do you prepare for it, what are some of the challenges in the industry and what does the future hold for fintech?

Let’s start at the start - can you tell us a bit about your journey in this industry and what led you to your position at Identitii?

“Before joining Identitii, I spent more than 11 years working in the financial services industry, and felt first-hand just how challenging and at times downright painful it is to access the crucial information needed to keep money moving around the world. So the opportunity to work with a team solving that problem was really interesting, but they also needed to share my very strong views on the importance of information security management.

“Throughout my career I’d been managing business operations focused on fraud prevention, governance, risk and compliance, and developed extensive experience with PCI-DSS and ISO 27001. What really drew me to Identitii was a leadership team that didn't just recognise my skills and experience, but trusted me to fully own the information security function and supported me to deepen my expertise.”

What would you say were some of the key experiences or certifications that have really shaped your approach to managing information security?

"Completing the ISO/IEC 27001 Lead Implementer course has been absolutely invaluable," Benji says. "It gave me the structured framework to build, maintain, and continuously improve an effective Information Security Management System (ISMS)."

Gaining much of his early experience in startups, Benji also expounds on the need for balance and adaptability. “Having come from a startup environment where flexibility is often necessary, you have to develop a knack for being adaptable. This, in addition to the learnings from the Lead Implementer course, I’m now quite confident in balancing flexibility with the ability to assert authority and draw clear boundaries when it comes to critical security measures."

I can imagine this must be quite the juggling act — especially in such a fast-paced industry like fintech.

"Absolutely, it's a constant balancing act," Benji acknowledges. "But I've found that the key is to really understand when and where that flexibility is appropriate versus when I need to take a firm stance."

I'm curious what motivates you most in one of your roles as Information Security Manager, and what's been your proudest achievement at Identitii so far?

"What really drives me is the belief that corporations have a responsibility to be better corporate citizens," Benji shares. "Companies are entrusted with more personal data than ever before, and that privilege comes with a significant moral obligation to protect it as if it were our own. It's not just about compliance; it's about safeguarding the public's trust in us to handle their information with care and integrity."

Speaking on his proudest moment at Identitii, Benji says without hesitation, "strengthening our security posture, while simultaneously reducing the complexity of our Information Security Management System (ISMS) by over 25% and lowering our costs. We've managed to do more with less, streamlining processes and increasing efficiency without compromising on security. This enables us to meet the public's expectations for data protection in a responsible, proactive way."

Shifting gears slightly, what would you say are some of the biggest security challenges in the fintech and regulatory space right now?

"One of the biggest challenges in my opinion, is that critical security features are often locked behind costly enterprise plans," Benji explains. "This creates a real barrier for smaller companies trying to implement robust security measures. I firmly believe that for the greater good of the industry, security needs to be treated as a fundamental right for all, not a privilege for the rich."

Looking ahead, what trends do you see shaping the future of information security in fintech, and how is Identitii positioning itself to adapt?

"While it might be seen as a bit of a buzzword right now, AI is no joke," Benji says emphatically. "It's already a standard tool in the arsenal of security professionals, threat actors, and everyday users."

He explains that while AI is not the silver bullet that many believe, it will have a profound impact on businesses. "AI will help organisations improve their productivity by an order of magnitude through human augmentation, rather than human replacement. With this in mind, Identitii has already established a clear policy framework that addresses the ethical, legal, and practical considerations associated with the use of AI."

Is there any advice you would give someone starting a career in information security, especially in fintech?

“GRC professionals often fall into one of two categories: those with deep technical expertise or those focused primarily on governance and risk, but rarely both. Developing both skills is the key to success. Taking advantage of the wealth of free resources available through open-source organisations (e.g. OSI, Linux Foundation), government agencies (e.g. ACSC, NIST), and nonprofits (e.g. OWASP) can help you build a strong foundation that spans both technical knowledge and governance/risk management.”

Benji's dedication to data protection and his innovative approach to information security are truly inspiring. It's clear that he and the team at Identitii are constantly working to stay ahead of the curve and keep fintech secure for businesses and consumers alike.

Stay tuned for the next session of Identitii Talks where we continue our chat with Benji on how he tackles the challenges of staying ahead of emerging cyber threats, how to make security collaboration work across teams, and talk a bit about the strategies he’s implemented to keep Identitii’s data and systems secure — don’t miss it!