What is the best professional decision you have made and why?
Accepting and becoming the Corporate Security Officer (CSO) here at Symbility Solutions was the best professional move I made, and here are the three reasons why:
- The first reason is that being a CSO at Symbility has allowed me to give the best of myself from a professional point of view. I have been able to use all the knowledge and experience that I have accumulated over the years to build a strong security department and practice, which led the company to obtain several ISO certifications with the unfailing support from the management team.
- The second reason is that Symbility, a forward-thinking company that routinely employs advanced technologies to anticipate the evolution of the software industry, challenges me to adapt security functions for these new platforms and tools.
- The third reason is the recognition I receive from the organization. When you have an executive management team that trusts you, and colleagues and team members who believe in you, you become more confident in the contribution you are making, and know that your efforts are recognized and valued by the company. If for some reason, the expected results aren’t as successful as expected, your team will support you because you are all on the same page.
Throughout the major challenges encountered, never once did Symbility have a profound disagreement on what to do and where we are heading. We are all on the same page.
What are the three top values/characteristics of success and why?
Transparency: This is an important value in my opinion, because it is the vital component for achieving successful communication at all necessary levels. It resolves conflicts of personality, erroneous interpretations of behaviors, and ensures that all players of a company can continue to work in a productive climate.
Engagement: You either engage fully in your business or you do not. You immerse yourself in your projects 100% or you do not. As long as a sense of discomfort persists deep inside you, you will not be able to give the maximum of yourself. Work will be for you a livelihood and not a passion and personal accomplishment allowing you to reach your full potential.
Respect: I have come to truly and fully embrace this core value that has been implemented as part of a corporate culture initiative at Symbility, that ensures that each employee demonstrates a positive way of treating or thinking about something or someone in their daily work. The value of respect tells us that we treat others with the same loyalty that we expect them to treat us with, that we are empathic towards their needs and difficulties and that we are responsible for delivering what is expected from us.
What is the worst professional mistake you have made and what did you learn from it?
Early in my career, I had to select certain individuals from a realization team for a major company according to the agreements on a strategic contract. The working environment was difficult and constantly shifting because the initial management team changed during the course of the contract. We had not established strict and documented evidences with the initial team on what the parameters were to achieve the desired deliverables, which gave way to delays that added additions and constant scope changes during the course of the contract execution. I believed in my team and in the project, but I did not fully appreciate the challenging circumstances in which we were operating.
When the inevitable difficulties began, mainly due to not enough defined deliverables or scope of the project, we continued to develop new options and strategies to circumvent the problems encountered, unfortunately without a positive result. All this ended with the same rationality we had when it began: we needed to restart the project from the beginning and change the approach to better meet the customer’s needs. We wasted time, money and credibility in a fixed price type of project. The lesson learned was how to best manage a client and how to make appropriate decisions early on in a timely manner. Overall, it was a great learning experience.
What is the biggest security industry challenge that leaders are facing today?
The greatest security industry challenge facing leaders today is keeping technological and managerial knowledge up to date and organizing our reactive capacity in a proactive way. The rate of change makes it difficult for everyone to adapt to new threats and risks, and anticipate future developments in this sector where cyber criminality is a daily and vital issue for companies.
What matters to you the most in terms of the job you do?
Achievement and adding value in my work are crucial factors that keep me invested in Symbility, and give me peace of mind knowing that I am helping the company achieve its growth objectives.
What advice would you give to someone going into a leadership position for the first time?
Getting involved and staying active when it comes to understanding the environment of the company and the impact that changing technologies have on the organization. Security must be approached as a cross-organizational discipline that affects both the human, procedural and technological aspects of the company.
Your organization implemented multiple standards. What were some of the benefits yielded from the standard implementation?
As a global company, we have implemented several ISO standards, to ensure that Symbility’s customers are protected against cyber threats and risks. By implementing these standards internationally, we are able to guarantee the reliability and security of our systems. When implementing these standards, the main challenge was integrating the security perspective into all the current company practices.
Symbility selected PECB as our auditor for our ISO certifications and attestations because it is a well-respected Canadian company with local resources required for the verifications mandated by the certification processes, and because PECB could help us navigate our international requirements to achieve the certifications.
What motivated you to implement such standards?
Third-party security breaches are constantly increasing, and to protect your information, you must require that all your technology partners that process your confidential data meet a specific industry standard for cybersecurity. For our customers, who work in the field of insurance, simply having from their suppliers a generic level of security is largely insufficient because, as we often mention, it would be like buying a drug without, the approval of the medical authorities, hiring an expert who is unlicensed or taking legal advice from a non-accredited lawyer. The primary objective for the development and implementation of ISO certifications and attestations was that we wanted to demonstrate leadership by being an industry’s pioneer as a software solutions provider to offer our clients a robust and secure protection of their data and applications based on internationally recognized standards.
What were the challenges faced before the implementation of the standards?
We need to continually inform both our customers and our partners how information security and data protection is applied in our IT environments. Being a company that works internationally, the standards of security and data protection, as well as the particular laws and regulations are very heterogeneous from one country to another. To be able to speak the same language with all these different business players and to evaluate correctly the content and the quality of the controls deployed in our environments with respect to an internationally recognized, standards became therefore an essential requirement.
Evaluate on how the implementation of the standards helped your company in overcoming those challenges?
Implementing these standards has helped us at several levels. First, it has allowed us to develop a coherent and structured approach to security and continuity, which increases the reliability and security of systems and applications and thus minimizes the risks of potential incidents. From a business perspective, the implementation has allowed us to gain credibility and trust with our partners and customers, to improve the brand of Symbility by obtaining a logo of certification and accreditation on the websites and the commercial literature of the company, which continuously reminds existing and potential customers that we are taking seriously the confidentiality, integrity and availability of their information, and to differentiate ourselves from the competition in a request for proposals process and comparative studies for shareholders.
Apart from increasing internal and external security, do you think that standards can improve the overall performance of the company?
The development of these standards requires us to better document our processes and practices and thus gives us precise visibility to optimize development and maintenance costs through an early design approach compared to a reactive implementation. It reduces customer and partner demands and expectations for demonstrating security measures. Also, verifications and audits are carried out faster and more efficiently. Finally, as Symbility demonstrates strong leadership in security, privacy and continuity, this increases business opportunities through customer confidence and growing trust.
Joel Moreno is Corporate Security Officer at Symbility Solutions, a company that specializes on claims management, claims workflow, claims software solutions, and claims processing solutions, mobile innovation technology, group benefits, and adjudication. By modernizing insurance claims solutions for properties and health industries, Symbility Solutions puts security, efficiency and customer experience first. Headquartered in Toronto-Canada, Symbyllity Solutions was founded in 2004. The Symbility Company believes in creating world-class experiences that simplify business and improve lives.