New York State has instituted significant cybersecurity regulations. Do they apply to Registered Investment Advisors (RIA)? While the Department of Financial Services does not regulate RIAs, following their guidance can help to protect the organization. Additionally, RIAs that handle insurance or certain other securities are subject to the regulation.
Appointing a Chief Information Security Officer
Most large organizations need a Chief Information Security Officer (CISO). The CISO will be in charge of cybersecurity programs and policies. The professional must be qualified to oversee cybersecurity activities. The CISO may be an employee of the company or a third-party consultant.
It might seem strange to have a leadership role that is only focused on information security. Is it necessary? In times past, companies might have folded the role into a Chief Compliance Officer job. But today, CISOs fulfill key roles in businesses. They are busy making sure that a company is well-protected. CISOs will maintain a strategy and vision for data security. They will establish policies and enforce them. They will work with vendors and suppliers. CISOs will focus on securing one of the most valuable assets most businesses have, their internal data.
New York regulations provide a specific definition of the CISO role. This person must “perform or oversee the performance of the core cybersecurity functions.” They must “provide cybersecurity personnel with cybersecurity updates and training.” They need to manage aspects of cybersecurity awareness within the company. CISOs will make sure that needed best practices take place.
The Philosophy of Adding a CISO
The philosophy of requiring a CISO is that every business of significant size needs a cybersecurity point person. The person needs to maintain protections of sensitive data. Creating this professional role shows that the business is committed to doing data protection right. It sends the right message to regulators such as DFS, SEC and FINRA. It lets regulators know that a company is dedicated to protecting its data and defending its customers against attack.
Companies that need compliance help can utilize a third-party service provider. These providers can perform risk assessments, set policy and perform other elements of the regulation. These providers can also furnish a CISO. Fractional CISO can help your organization comply with New York State cybersecurity regulations.