Alex Serrano, the leader at Mercer Pacific’s Information Security division within Marsh McLennan, discusses various aspects of cyber security and the evolving threat landscape.

Mercer Pacific primarily focuses on managing and investing in superannuation funds for Australians and New Zealanders. Alex is the Chief Information Security Officer (CISO) for the Pacific region, overseeing a global team of approximately 20 individuals dedicated to cyber security.

In light of increasing cyber threats, particularly in Australia, and the nation’s elevation as a prime target for cyber attacks, the organisation has strengthened its cyber security posture. Regulatory changes, such as amendments to the Privacy Act and increased fines by the Office of the Australian Information Commissioner (OAIC) for proven breaches up to $50 million, have heightened the importance of data protection.

These events emphasise the critical need for cyber security preparedness and timely responses.

Alex highlights the significance of effective communication between cyber security teams and the broader organisation. He stresses the importance of not being perceived as the “Department of No,” encouraging an open dialogue to align security measures with business objectives. Maintaining speed and flexibility in security responses is crucial to ensuring cyber security keeps pace with the rapidly evolving business landscape.

Cyber security is pivotal in safeguarding sensitive data amidst a constantly changing threat environment. Effective communication and collaboration are essential components for advancing cyber security practices.

 

Key Takeaways:

  • There is a need for a centralised digital identity management system, aiming to streamline identity verification processes across multiple entities, ultimately bolstering security while respecting privacy.
  • The rising threat of cyber attacks in Australia emphasises the importance of demonstrating strong security controls, aligning with business needs, embracing risk within defined limits, and advocating for digital identity management to enhance security and privacy while addressing interoperability concerns.
  • Drawing on past attempts like the Australia card and access card, privacy protection must be prioritised in the context of digital identity systems for Australians, highlighting the importance of avoiding privacy erosion in such initiatives.
Contributors
Byron Connolly Head of Programs & Value Engagement
Helping to articulate and accelerate the changes Australia & NZ need in productivity, digitisation and innovation. Creating the highest possible value insights... More

Helping to articulate and accelerate the changes Australia & NZ need in productivity, digitisation and innovation.

Creating the highest possible value insights for our community of business and technology professionals, responsible for >50% of Australia’s GDP. Codifying success to help them reach their personal and organisational goals. Helping them articulate the value of an aligned and executed tech strategy to gain the resources and executive support they need.

Less
Alex Serrano Leader - Pacific Information Security at Marsh McLennan
With over 20 years of experience in information security, technology governance, and organisational resilience, I am a leader in the field of... More

With over 20 years of experience in information security, technology governance, and organisational resilience, I am a leader in the field of cyber risk and business continuity. I hold an MBA and several professional credentials, including CISM, CGEIT, and MBCI, that demonstrate my knowledge and expertise in managing complex and dynamic cyber challenges.

As the Pacific Information Security Leader I report directly to the Global Mercer Chief Information Security Officer and provide strategic direction and oversight for information security and cyber risk management of the Mercer Pacific business. I work with senior stakeholders across the region to ensure alignment and compliance with global policies and standards, as well as local regulatory and contractual requirements. I also lead and support initiatives to enhance the cyber resilience and maturity of the organisation, such as conducting risk assessments, implementing controls, and advising on the development of plans, tests, training and awareness. My mission is to enable and protect the business from cyber threats, while delivering value and innovation to our clients.

Less
Data Compliance Leadership