
Martin Hořický
Increasing regulatory demands (e.g. DORA, NIS2) and the growing complexity of IT environments are forcing financial institutions to rethink their cybersecurity management models. CISO as a Service provides access to an experienced security leader without the need for a full-time internal hire.
An external CISO (Chief Information Security Officer) becomes a key part of risk management – ensuring regulatory compliance, leading security strategy, training staff, and representing the institution to supervisory author
Unlike a typical IT manager or security technician, an external CISO:
Operates independently and objectively, often with a broader sectoral perspective.
Clear assignment of roles and responsibilities in ICT security.
Continuous risk analysis and resilience testing, including recovery planning.
Security awareness training, oversight, and incident reporting.
Functional governance, involving senior management and regulators.
Analysis of current cybersecurity posture, regulatory gaps and needs.
Development of security roadmap and governance model.
Rollout of policies, controls, metrics, training and testing.
Reporting to management, audits, and regulators.
Defining scenarios, plans, and simulations.
Ongoing security leadership, risk reviews and audit preparedness.