For most of his career, Hery Andrianjafy has worked in the highly regulated financial services industry. Having managed the global risk and compliance for banks in Switzerland and Europe, Hery has high standards when it comes to information security and privacy.
In this interview, we talk to Hery about how his experience, skillset and mindset will help build and sustain the next phase of beqom’s growth.
How Is Your Role Directly Related to Sustaining beqom’s Growth?
Security and privacy is becoming a big concern for most companies today. The fact that beqom has hired an in-house risk and compliance officer demonstrates the company’s dedication to addressing all aspects of information risk. When managing personal and confidential data of large enterprises across the globe, security and privacy are essentials, especially when you’re working on the cloud and have global customers. An in-house risk and compliance officer will set up the security and privacy measures necessary to help build and maintain trust for customers and stakeholders.
What Are the First Steps You’re Putting in Place to Ensure That Personal Data Is Securely Managed?
Our first initiative is to get the ISO27001 Certification. I’ve already started working closely with the IT specialists and a member of executive management to apply and test additional security measures. Once finalized, we will communicate this to employees, third parties and all stakeholders who are interested in learning about what’s being done in terms of information security management.
This certification is a good beginning for a cloud service provider. Being previously on the client side, I think that the ISO27001 Certification is a measure of trust and credibility that all beqom customers are looking forward to adding to their risk mitigation plan.
In order to achieve high standards in information security and privacy, we need to formalize the process to protect key assets and data that beqom manages. And then, demonstrate how the company continues to use up to date technology and procedures to safeguard these assets.
I will bring my risk mitigation experience within large enterprises to this rapidly growing, mid-sized company like beqom. We need to be prepared for authorities who give very short notice before performing an audit. Unlike external auditors, who are often only interested in business continuity and company policies, these authorities perform a thorough due diligence to make sure that personal data is managed securely by the company.
What Is beqom Doing to Prepare Itself for the New General Data Protection Regulation that Will Be Enforced in May 2018?
The GDPR which aims to unify data protection for all individuals in the European Union can have serious implications to beqom’s risk mitigation strategy. In a situation where there is a data breach, a company the size of beqom can be liable for a 20 million EUR fine or 4% of the group’s annual worldwide turnover of the preceding financial year.
We therefore need to prepare for this regulation by setting up a risk management process to make sure we’re covering all security and privacy aspects stated in the GDPR. The ISO27001 Certification is one of the first steps to getting there.
Although this regulation is enforced by the European Union and applies to all EU companies, it also addresses organizations from other continents that are managing EU residents’ data which I guess most of our global customers are. If we tackle this regulation globally, we can ensure compliance for not just beqom in Europe but also its subsidiaries across the globe.
Why Did You Choose to Join beqom?
beqom seemed like the right fit for me because of 2 reasons:
- A company specialized in performance and compensation management handles a large amount of personal data and must ensure that the right security and privacy measures are implemented. With my expertise in information security and data protection, I felt like it was a good fit for beqom’s new Head of Risk & Compliance.
- As a promising Swiss company that is acting globally, there is enormous potential here for me. In addition, the recent investment from Goldman Sachs signifies a bright future for the organization.
The arrival of Hery will help us continue to address security, privacy and data protection with high priority — ensuring our customers and the market that we take security as an important asset in our organization.