ASIC Appoints New Chief Information Security Officer After Cybersecurity Revamp

ASIC Enhances Cybersecurity Framework with CISO Appointment

The Australian Securities and Investments Commission (ASIC) has appointed Jamie Norton to the position of Chief Information Security Officer (CISO) as part of its commitment to strengthening its digital and cybersecurity infrastructure. This transition comes after a strategic evaluation that led to the reclassification of the CISO role as a senior executive leader position, highlighting the critical nature of cybersecurity in the realm of financial regulation and public governance.

Jamie Norton Brings Extensive Cybersecurity Knowledge

Norton’s induction signifies a crucial turning point for ASIC. He arrives with extensive expertise, having recently worked as a partner at McGrathNicol, a firm specializing in advisory and restructuring. Prior to this, he served as the CISO at the Australian Taxation Office (ATO) from 2018 to 2021, where he played a key role in establishing advanced cybersecurity measures and overseeing substantial digital infrastructure.

Furthermore, Norton has occupied high-ranking positions at NEC Australia and global cybersecurity firm Check Point, providing him with a comprehensive perspective on the cybersecurity challenges faced by both the government and private sectors.

Reclassification Highlights ASIC’s Cybersecurity Goals

The reclassification of the CISO role to a senior executive level emphasizes ASIC’s acknowledgment of cybersecurity as a vital function. During the recruitment process, ASIC stated that this adjustment “illustrates the significance ASIC assigns to the CISO role, especially as we progress in our goal to become a data-driven, digitally capable regulator.”

This decision is in line with broader movements within the Australian public sector, where agencies are increasingly elevating cybersecurity leadership to executive levels in light of escalating threats and public concerns stemming from major data breaches in recent times.

Organizational Shifts Indicate a New Chapter for ASIC

Norton’s appointment follows another important leadership shift at ASIC. In February, the previous Chief Data and Analytics Officer, Darshil Mehta, left after five years to join King & Wood Mallesons. The consecutive changes signal that ASIC is undergoing a significant overhaul of its digital leadership, with a refreshed concentration on technology, security, and data analytics.

These modifications are likely components of ASIC’s comprehensive strategy aimed at improving its regulatory efficiency and resilience in an ever-changing financial and technological environment.

Cybersecurity Gains Prominence in Government Agencies

The elevation of the CISO position at ASIC reflects a larger trend seen across government bodies at both federal and state levels. Following significant cybersecurity events affecting organizations like Optus and Medibank, there has been a focused effort to elevate the cyber maturity of the public sector. The Australian Cyber Security Strategy 2023–2030 articulates an aspiration for Australia to emerge as the most cyber secure nation by 2030. ASIC and similar agencies are anticipated to play a crucial role in this national directive, both as regulators and exemplars of cyber resilience.

With Norton in charge, ASIC is poised not only to safeguard its own digital infrastructure but also to shape the cybersecurity practices of the financial sector through its regulatory oversight.

Summary

Jamie Norton’s selection as ASIC’s new Chief Information Security Officer signifies a strategic advancement towards strengthened cybersecurity governance within the commission. With a background that spans both public and private sectors—including his tenure at the ATO, McGrathNicol, and NEC Australia—Norton’s proficiency will be critical in steering ASIC through its digital evolution. The elevation of the CISO role to senior executive status underscores the regulator’s dedication to cybersecurity as a primary focus, aligning with national initiatives to bolster cyber resilience across Australian organizations.

Q: Why did ASIC change the classification of the CISO role?

A:

ASIC redefined the CISO role to that of a senior executive leader to signify the increasing significance of cybersecurity in its functions and regulatory duties. This adjustment ensures that the role possesses greater strategic impact and aligns with the organization’s digital transformation objectives.

Q: Who is Jamie Norton, and what are his qualifications?

A:

Jamie Norton is a well-regarded cybersecurity professional with vast experience in both the public and private sectors. Before assuming his role at ASIC, he worked as a partner at McGrathNicol and served as CISO at the Australian Taxation Office. He has also held senior positions at NEC Australia and Check Point.

Q: What implications does this appointment have for ASIC’s cybersecurity strategy?

A:

Norton’s onboarding signals a reinforced emphasis on cybersecurity at ASIC. As the CISO, he will oversee the enhancement of the organization’s cyber capabilities, support regulatory efforts, and contribute to national cyber resilience initiatives.

Q: How is this development consistent with wider public sector cybersecurity trends?

A:

This initiative aligns with a general trend among Australian government entities to elevate cybersecurity leadership due to rising cyber threats. It represents a strategic shift to approach cybersecurity as a matter of executive-level importance.

Q: What other leadership changes have taken place at ASIC recently?

A:

In addition to Norton’s appointment, ASIC’s Chief Data and Analytics Officer, Darshil Mehta, recently departed the agency after five years to join King & Wood Mallesons. These transitions indicate a wider reorganization of ASIC’s digital leadership.

Q: How will Norton’s experience in both private and public sectors benefit ASIC?

A:

Norton’s diverse experience equips him with a profound comprehension of cybersecurity from both operational and strategic angles. His ability to connect government compliance with private sector innovation is expected to enhance ASIC’s cybersecurity capacity.

Q: What are ASIC’s broader ambitions as a regulator in a digital landscape?

A:

ASIC aspires to evolve into a data-driven, digitally proficient regulator capable of proactively monitoring and mitigating risks within Australia’s financial systems. Fortifying its cybersecurity framework is a foundational component of this evolution.