IT Risk and Security Initiatives
Division American Partners, Professional Division
October 28, 2019
One of the largest privately-held insurance companies in North America found themselves under increasing regulatory pressure as they expanded business lines into several key states previously dominated by their competition. Senior members of the CIS group and Project Management Office identified a core weakness specifically in IT Risk Management and Process and Compliance Management mostly due to the differences in compliance regulations for privately held vs. publicly traded companies. What they lacked was a process improvement manager and an IT Risk and Compliance Manager who had experience in publicly traded regulatory compliance. American Partners was engaged at this point.
Our client had no plan B. In their mind was no other alternative. The only way to avoid unnecessary audits and market pressure from their publicly traded competition was to hold themselves to the exact same standards.
American Partners quickly tapped its vast network of IT Professionals and in a matter of weeks was able to make several introductions to the PMO and CIS executives to further assess the daunting challenge of bringing a privately held insurance company into line with the same IT Risk and Compliance regulations of a publicly-traded company in order to avoid undue audits as market share increased across the country. American Partners provided the expertise of one IT Risk and Compliance Manager and one IT Process Improvement Manager who had both taken 2 of the largest companies in America from privately held to publicly traded and back again, directly addressing the process with “boots on the ground” experience.
Consultant Action & Solutions
Our consultants were immediately put to work tackling IT Risk and Security initiatives and a Process Improvement overhaul that included the formation of a Vendor Risk team. Our Security consultant increased penetration testing and facilitated internal and third-party attestations, audits, and certification efforts for the IT organization. They also rolled out a corporate-wide IT security training initiative while coordinating audit testing, documentation, self-assessment testing, and remediation activities All of this allowed the client to gain market share at a more rapid pace avoiding costly audits and delays in state licensing.