This year marks the first ever (ISC)² EMEA Information Security Leadership Awards (ISLA), a chance for our community to recognise fellow information security and management professionals going the extra mile to enhance security across Europe, the Middle East and Africa.

Overall, we received a staggering number of impressive submissions, over 200, and these were shortlisted down to our finalists by our judges, members of the Europe, Middle East and Africa Advisory Council (EAC) . Winners will be announced at our Secure Summit UK  on 12 December 2017. In the meantime, we will be sharing their stories on the blog. Here is the second instalment:

Peter O’Boyle, Information Security Manager at ICON (Ireland)

After graduating from the Dun Laoghaire Institute of Art, Design & Technology with a first-class degree in E-Business Systems and a Masters in Electronic Commerce from National University of Ireland, Peter has spent the majority of his career working in Information Security & Forensics at PwC Ireland.

In his current role at ICON, which led to his successful nomination, Peter implemented an Information Security Vendor Risk Programme, and also formulated a process with his Project Management Office (PMO) to ensure vendors are risk assessed before access to data is provided to them or before data is entrusted to them. This has involved working with the PMO and many divisions and functions within the organisation; not only to embed the processes, but also to educate and communicate the risks that are inherent within the supply chain.

Often this has required Peter to work with the business and enterprise architecture teams, to ensure cloud solution requirements were translated into legal, security and privacy clauses within contracts, and in turn ensure ICON data was protected. Peter also developed artefacts used as part of this process which resulted in risk being communicated with the business in an intuitive way, but at the same time allowed the security team to see what areas vendors were weak in and overlay this perspective against the fourteen ISO27001:2013 domains. It also facilitated the reporting of metrics to the c-level. This allowed the team to target areas of risk and develop a remediation plan for vendors, or make a determination on whether ICON would work with a particular vendor or not.

His ability to work with the business and navigate difficult technical, legal and regulatory obstacles has been regarded as remarkable, and also served as an example to others in terms of what is possible, and to not be put off by difficult challenges. In addition, Peter has had to understand compliance and GDPR requirements and ensure that they are being considered as part of contracts and solutions to meet these challenges. He has been regarded as someone who has gone beyond ‘satisfying a requirement’ and merely complying with an obligation when creating a programme. He has also been commended highly and called a very positive influence on those around him, specifically for always having time for junior team members and to explain security concepts and perspectives.

Peter has been hailed by colleagues as ‘one of those guys who creates a buzz around him and inspires people to do better and strive for higher standards, as his enthusiasm and energy are infectious’.