SC Exclusive: Bank of England to appoint new CISO in January

News by Doug Drinkwater

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set to replace him.

Sources close to the bank have told that Randall will continue at the corporation in a ‘grandfather' or ‘umbrella' role in a bid to help Brandon settle into his new post. Brandon is the former deputy director of Financial Services Strategy at HM Treasury and counsellor for the Foreign and Commonwealth Office.

A Cambridge University graduate who has previously worked for the BBC and ran his own small publishing business, Brandon's LinkedIn profile states that his current title is ‘CISO-incumbent' at the Bank of England.

Some commentators suggest that this may be another example of the change in the make-up of the Chief Information Security Officer, who now needs to have tech-savvy IT skills, the security awareness of former uniformed personnel - as well as board level business acumen.  

Brandon is believed to have shadowed Randall since September as part of a long but coordinated handover process and while the former's new role is unclear at this point, sources indicate that it will involve less work than his current position.

The current BoE CISO has been widely-credited with the introduction of the CBEST scheme, and the success of the 'Waking the Shark' exercises during his tenure since taking over in November 2013. He is also said to have been behind the BoE's pen testing exercise, which is scheduled to take place this autumn.

Randall was previously the bank's head of security and, prior to joining in 2008, worked as the international security manager for JP Morgan in the EMEA and Asia Pacific region.

A regular speaker at industry events in information security, he served with the City of London Police for 25 years specialising in fraud and counter-terrorism.

Speaking at the Institute of Risk Management's Cyber Risk 2014 Summit back in June he detailed how the Bank of England faces cyber threats on a daily basis. “We get on average around eight incidents a week, and we are a central bank that is pretty small in number - around 4,000 people.”

“To date, none of these have caused any major harm - but they [cyber-criminals] are definitely looking at it.”

Bob Tarzey, analyst and director at Quorcirca Ltd, told that the decision to for the current incumbent to oversee the new CISO is a positive step in the right direction.

“I think it always makes sense, where circumstances allow, for an incumbent that has been considered a success, to overlap with their successor and pass on their experience,” he said by email.

 “As for the role of CISO, or whatever title is used for the person with ultimate security responsibility, it is one the board of any organisation is increasingly taking an interest in, to the extent that it comes become a board level role in some cases.”

Barry Coatesworth, an industry advisor on cyber security, added that this is evidence the CISO role is changing.

“The role of CISO and the function responsible for information security within an organisation has been changing for over a decade. Historically the CISO came out of the technical department within businesses, this made sense at the time as they understood the solutions and associated technology risk,” he told us.

“Compared to just a few years ago, CISOs now face a wide array of risks and responsibilities that have significantly increased the complexity of their role. Today the CISO must be a C-level business executive with multi-disciplinary skills combining business acumen and technology, rather than a function of IT, and considered only in technical terms. 

In related news, the Bank of England's CHAPS electronic payment system - which is used for same-day transfers - was unavailable for much of the weekend carrying over to Monday morning.

The bank has had to process some payments manually as a result of the technical issue.

“We are working to address this issue as quickly as possible, and restart the... system in a controlled manner," said a spokeswoman for the Bank.

"The most important payments are being made manually and we can reassure the public that all payments made today will be processed."

Update: The Bank of England has issued the following statement to SC: "We can confirm that William Brandon will replace Don Randall as Chief Information Security Officer with effect from January 2015.  At the time of Don's appointment it was planned and agreed that Don would step back from a full time role as of January 2015, and act as an ambassador for the bank on information security matters."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews