A global pharmaceutical company needed to strengthen their information security strategy and governance model in the face of increasing digital threats and decentralized adoption of digital solutions. Kopenhagen Konsulting led the effort with a team of subject-matter experts and collaboration with business representatives. The process included formulating a purpose and mission for the global information security strategy, analyzing the current state, and defining strategic focus areas and an execution roadmap.

‍

The team identified three key challenges around governance, risk, and culture, and developed strategic focus areas to address them, including efficient management of information security, comprehensive risk mitigation, and embedding information security in the company culture. A multi-tier, top-down governance model was introduced, the scope of the CISO function was restructured, and a new Information Security Charter was developed and approved to outline responsibilities of different stakeholders.

‍

The new strategic direction was presented and approved by executive management, and the revised governance model was operationalized according to plan with tracking and oversight of the implementation roadmap. The approach ensured a business-centric, risk-based, and correctly cascaded strategic direction for information security.

‍