Alex Serrano, former leader at Mercer Pacific’s Information Security division within Marsh McLennan, discusses various aspects of cyber security and the evolving threat landscape.

Mercer Pacific primarily focuses on managing and investing in superannuation funds for Australians and New Zealanders. Alex is the Chief Information Security Officer (CISO) for the Pacific region, overseeing a global team of approximately 20 individuals dedicated to cyber security.

In light of increasing cyber threats, particularly in Australia, and the nation’s elevation as a prime target for cyber attacks, the organisation has strengthened its cyber security posture. Regulatory changes, such as amendments to the Privacy Act and increased fines by the Office of the Australian Information Commissioner (OAIC) for proven breaches up to $50 million, have heightened the importance of data protection.

These events emphasise the critical need for cyber security preparedness and timely responses.

Alex highlights the significance of effective communication between cyber security teams and the broader organisation. He stresses the importance of not being perceived as the “Department of No,” encouraging an open dialogue to align security measures with business objectives. Maintaining speed and flexibility in security responses is crucial to ensuring cyber security keeps pace with the rapidly evolving business landscape.

Cyber security is pivotal in safeguarding sensitive data amidst a constantly changing threat environment. Effective communication and collaboration are essential components for advancing cyber security practices.

 

Key Takeaways:

  • There is a need for a centralised digital identity management system, aiming to streamline identity verification processes across multiple entities, ultimately bolstering security while respecting privacy.
  • The rising threat of cyber attacks in Australia emphasises the importance of demonstrating strong security controls, aligning with business needs, embracing risk within defined limits, and advocating for digital identity management to enhance security and privacy while addressing interoperability concerns.
  • Drawing on past attempts like the Australia card and access card, privacy protection must be prioritised in the context of digital identity systems for Australians, highlighting the importance of avoiding privacy erosion in such initiatives.
Contributors
Byron Connolly Head of Programs & Value Engagement at ADAPT
Byron is a highly experienced technology and business journalist, editor, corporate writer, and event producer.​ Prior to joining ADAPT, he was the... More

Byron is a highly experienced technology and business journalist, editor, corporate writer, and event producer.

Prior to joining ADAPT, he was the editor-in-chief at CIO Australia and associate editor at CSO Australia. He also created and led the well-known CIO50 awards program in Australia and The CIO Show podcast.

Byron creates valuable insights for our community of senior technology and business professionals that help them reach their organisational and professional goals. He has a passion for uncovering stories about the careers and personal philosophies of Australia’s top technology and digital executives.

When he is not working, Byron enjoys hot yoga, swimming, running and spending time with his family. He completed the North Face 100km ultra marathon in the NSW Blue Mountains in 2012 and 2013.

Less
Alex Serrano Former Leader - Pacific Information Security at Marsh McLennan
With over 20 years of experience in information security, technology governance, and organisational resilience, I am a leader in the field of... More

With over 20 years of experience in information security, technology governance, and organisational resilience, I am a leader in the field of cyber risk and business continuity. I hold an MBA and several professional credentials, including CISM, CGEIT, and MBCI, that demonstrate my knowledge and expertise in managing complex and dynamic cyber challenges.

As the Pacific Information Security Leader I report directly to the Global Mercer Chief Information Security Officer and provide strategic direction and oversight for information security and cyber risk management of the Mercer Pacific business. I work with senior stakeholders across the region to ensure alignment and compliance with global policies and standards, as well as local regulatory and contractual requirements. I also lead and support initiatives to enhance the cyber resilience and maturity of the organisation, such as conducting risk assessments, implementing controls, and advising on the development of plans, tests, training and awareness. My mission is to enable and protect the business from cyber threats, while delivering value and innovation to our clients.

Less
Data Compliance Leadership