The responsibility of a Chief Information Security Officer (CISO) is to help the business units of NN uphold all aspects of cyber security, in turn maintaining and building build our customers’ trust. This means balancing activities and setting priorities together with the business unit CIO’s and CEO’s. To do so, the organisation must be security-minded with regards to both its existing activities and those to be developed.  Placing an emphasis on security-based innovation catalyses this transformation. As the field of information security is complex, a CISO must be surrounded by talented people. The focus of a CISO should therefore be on the promotion of innovation and on attracting talented people.

CISO at NN group

In this increasingly digital world, customer data is increasing in (financial) value. We not only use it at NN to improve our products and services, but criminals can also gain financially when they obtain our data. Keeping this data safe and secure not only benefits our service, it also maintains a safe financial future for our customers. The challenge of a CISO is to create and lead an organisation in which the security of data is within its DNA. To do this, security needs to be by design, not added afterwards. Within NN we achieve this by introducing Secure DevOps, integrating security aspects in the development and improvement processes of our applications and systems.

Becoming an expert at securing our own data also opens several other doors for us. With our knowledge we are able to consult and give advice, for example at the European Union Agency for Network and Information Security (ENISA) and as a juror for the Accenture Innovation awards. This gives us the opportunity to be in the forefront of global IT security innovations and create the opportunity for NN to be both  an early adopter and a creator of innovation. For our business specifically this would, for example, mean the creation of a cyber insurance product, a topic discussed in a recently published report by ENISA (See appendix below).

NN Security Potential Programme

Within NN group we have an HR programme in which young talent can cooperate with the different departments and business units of NN. NN group consists of an insurance department, a bank, an investment company as well as a large central IT department. This creates the unique opportunity to experience all these different types of departments in one programme. The Security P Programme gives recently graduated talents a path through our organisation, covering the many facets of IT security such as architecture, software development, infrastructure and risk management. Within this programme we offer the chance to learn a lot about (information) security in a small amount of time. Our internal programmes combined with our cooperation with multiple educational institutes, such as universities, make NN group a successful platform for knowledge, learning and craftsmanship.

Hacking at NN

At NN we strive to be innovative while always keeping our three core values in mind: care, clear, commit. This means that security within NN is always aimed at securing our customers’ financial security and increasing the quality of our service. To stimulate innovation and progress within NN, while using its pool of knowledge and professionals, we organise multiple events per year. At these events different departments and business units come together, combining business specific insights, creating opportunities to share knowledge that is unique to NN. As such, events like our hackathons  are the drivers of innovation within our organisation. Working in security at NN therefore means a wide array of tasks and projects such as the development of secure applications and systems but also testing the security of existing systems with red teaming actions.

Yuri Bobbert
CISO NN Group