Experian appoints a Global Information Security Officer. Read more

Experian appoints a Global Information Security Officer

Stephen Scharf, Senior Vice President and Global Chief Information Security Officer (CISO).  is accountable for the overall strategy, leadership and governance of Experian’s Global Information Security and Physical Security programs.

Stephen joined Experian from Bloomberg LP where he was Global Chief Security Officer Stephen has over fourteen years experience in Information Technology with a ten year concentration in Information Security.  He is a regular speaker at security events, including talks at the United Nations.  He has also authored multiple articles on a variety of security topics, including forensics, security administration, business continuity planning, and outsourcing.

x Close

Developments in systems and policy

Investment is the key story this year. We have concentrated on people, processes and systems to ensure we comply with, and in many cases exceed, relevant industry standards.

We have focused resources on several key areas including intrusion detection and prevention, security event management and identity management. The common defence-in-depth security architecture is not enough; we continually reassess our security strategy to ensure ongoing improvements.

We’ve established a Global Security Operations Centre and a Forensics Centre to handle internal and external threats to Experian data and are consolidating shared systems and processes across all our geographies to improve efficiencies and drive up standards globally. To this end we’ve appointed a global chief information security officer who leads a team of information protection specialists, and technology experts working in partnership with legal and compliance advisers across the business.

In the UK a new system for ensuring all managers and employees have read our policies and any new updates has been invaluable in enabling us to drive knowledge, understanding and compliance with our internal standards, including the extensive global information security policy, which was launched last year. We’ve also strengthened the induction process to ensure people immediately understand their responsibilities when they join the company.

Our information security teams work in partnership with other business areas to facilitate better ways of working, share ideas and promote innovation. In Brazil we further developed and communicated our corporate security policy and the standard clauses in our contracts to ensure suppliers and clients have adequate security procedures in place.