Executive Summary

White Label Consultancy was engaged to deliver CISO-as-a-Service to two Nordic Digital Services Providers, to provide security leadership during the interim period until a new permanent CISO was recruited. The consultancy support focused on establishing and maintaining the Security Policy and the Security Handbooks (ISMS), defining and implementing cybersecurity assurance frameworks based on industry standards and frameworks (e.g., ISO27001:2022 and NIST CSF), regulatory requirements (NIS2), and customer requirements. Additionally, the role involved leading and developing the central security teams, coordinating security efforts across the organisation, and running monthly security management meetings & forums.

Client Overview

The reference customers are two leading Nordic Digital Services companies headquartered in Norway and Sweden, both with extensive internal software engineering capabilities, multinational operations, and M&A activities.

Purpose of Involvement

Deliver CISO-as-a-Service to the customers, supporting them with security leadership during the interim period until a new permanent CISO is in place.

Consultancy Support and Strategy Implementation

Focus areas:

• Establish and maintain the Security policy and the Security Handbook (ISMS)
• Define and implement a cybersecurity assurance framework based on industry standards and frameworks (e.g., ISO27001:2022 and NIST CSF), regulatory requirements (NIS2), and customer requirements.
• Lead and develop central security team, demonstrating strong collaboration and trust
• Coordinate security efforts across the organisation and run the monthly security community meetings
• Influence and establish support from business stakeholders and support functions
• Report to the Board of Directors and top management on a regular basis

Enabling:

• Define and execute on the cybersecurity strategy in alignment with business objectives and identified security risks
• Anticipate and communicate cyber security risks to the business stakeholders and support functions
• Establish and support the security architecture and an operating model for security operations, threat intelligence and incident response
• Establish and maintain a strong security culture in Schibsted Marketplaces at all levels in the organisation.

Outcome and Business Impact

With the support of White Label Consultancy, continuity and stability were ensured during times of significant change within the companies, including, as examples:

• Security updates to the BoD and top management following a standardised reporting format
• Established and led the security leadership teams and community meetings
• Supported the revision of security policy and handbook with executive leadership approval and BoD endorsement.
• Supported the execution of regulatory compliance program (e.g., NIS2), establishing a program governance, incident processes and registration with local authorities.