Challenges of Global Leadership
In an exclusive interview, D'Angelo discusses:
- Top global challenges for banking/security leaders;
- What it takes to be a global security leader;
- His objectives for his second term as ISACA president.
D'Angelo, CISA, CISM, is the newly-reelected international president of ISACA and the IT Governance Institute.
A security management professional with more than 25 years of experience in the financial services industry, D'Angelo is also the senior vice president overseeing the corporate data security department at the Bank of Tokyo Mitsubishi UFJ, with responsibility for information security, disaster recovery, audit liaison and IT compliance-related matters. He initiated his career in security and audit by joining Deloitte & Touche, where he worked on the development of their audit software, IT audit approach and spent 10 years in their management services division. He also worked at Chase, where he coordinated the global security and business continuity program, and at Marsh, where he established a security and business continuity program.
D'Angelo also serves on ISACA's Strategic Advisory Council, Compensation Committee and Governance Advisory Council. He has been a member of the ISACA Board of Directors for a number of years and is a past chair of the ISACA Security Management Committee, which developed the security program offerings for information security managers and professionals.
TOM FIELD: What's it take today to be a global security leader? Hi, this is Tom Field, editorial director with Information Security Media Group and I'm talking today with Emil D'Angelo, the international president of ISACA. Emil, thanks so much for joining me today.
EMIL D'ANGELO: Tom, pleasure to be here.
FIELD: Now, I see you've just been reelected as president of ISACA and you've also got a role with the Bank of Tokyo Mitsubishi. Maybe you can give us a sense of what are all the multiple roles that you're playing these days?
D'ANGELO: Sure, well, as you mentioned I'm a senior vice president with the Bank of Tokyo Mitsubishi USJ. We're the largest bank in Japan, equivalent to Bank America or Citi Bank here in the US, and I'm responsible within the US environment or in the America's, as we call it, which is North and South America, for corporate data security.
With that I also have, besides information security, disaster recovery planning from the IT perspective, as well as for IT looking at our audit liaison which, as you might imagine for a global bank, we have to deal with a number of different regulatory folks and external auditors and internal auditors. So I'm, kind of, the gate keeper as people come in to focus on the technology world here at the bank along with compliance issues and so forth.
From a professional association perspective, I've been with ISACA for over 25 years and I have the pleasure of being the international president. You can run two consecutive terms, and they were kind enough to vote me back in for a second term, which just kicked off on June 6th. So we're happy to help provide the strategy for ISACA, and a lot of our focus both last year and this year is to really get back to basics and pragmatic information for our members as we're moving forward with our new strategy.
FIELD: Well, Emil, you're in a unique position both with ISACA and with the bank because you get to see the challenges for banking and security leaders globally. If you would name off the top two or three, what are the biggest issues that executives such as yourself face when you try to manage information security and risk over the globe?
D'ANGELO: Well, you're right, and one of the things that certainly I promised to bring to the association is somebody who is a practitioner, if you will, who's so to speak out there fighting the alligators and making sure that ISACA's focused on those kind of issues.
And to your question, the big issues are the things about the governance of IT, the governance of security and how you match up the goals that you're trying to accomplish to the business goals that whatever your organization is trying to accomplish and work through whatever that--in my case or in our constituents cases, you know, what is that risk and making sure you're communicating that to the business and the people that have to make those decisions.
FIELD: Emil, do you find these challenges are enhanced when you have to deal with multiple time zones, multiple nations?
D'ANGELO: Of course, I mean, working for a Japanese bank you have the simple issue or not so simple issue of 13-hour time differences, so just the practicalities of when you need that, so to speak, face-to-face kind of--non-email, non, you know, trying to make presentations and so forth, time differences are just a simple little issue of reality that one has to deal with. Kind of extends everybody's day on both sides of the ocean, if you will, to make some of those things happen.
Oftentimes even, we certainly have language-related issues and so forth as part of the process and even cultural issues that have to get dealt with for any of these international organizations. There're always things you have to take into consideration along with the normal issues of ensuring that everybody's on the same page and focused on the same issues.
FIELD: Just a follow up to that; do you find when you're talking about information security risk management, governance, that there are language and cultural differences on those topics as well as what we'd expect?
D'ANGELO: Oh, absolutely. Sometimes I think in certain cultures, certain things are taken for granted and other times, you know, when you're first introducing some of these topics, even certain words don't even translate. The word "control" in the Japanese language didn't even exist. So having to explain what those kinds of things mean can certainly sometimes be a challenge.
FIELD: Give us s sense of how you've met these challenges to be successful.
D'ANGELO: Well, I think that ISACA's actually been very helpful in making those things successful because you can point to a process or a strategy that's been vetted by a lot of people from around the globe that are tried and tested, and you can use that to help get your point across or to setup a process that mirrors that within your own organization. And it's helpful to come with something like that in order to help make your case.
FIELD: Given what you've experienced, what would you say is required today for those that would want to be international leaders in information security and risk?
D'ANGELO: Well, clearly I think what's changed is the need for people that understand the business, understand and can speak to the business managmenet, your senior management more on their terms, making a business case for whatever it is you're trying to accomplish from a security perspective or business continuity perspective. Putting it in business terms, as opposed to just technical terms. And you really need to have the wherewithal, so to speak, to talk on both sides of the fence so that when you're talking and working with the technology people, you certainly have to--just as you would to the business people--be able to demonstrate that you're talking their language and understand the issues and making sense as to what it takes to get things accomplished.
FIELD: Now, you talked before about language barriers and cultural differences. When we talk about bridging this gap between security and business, are there nuances there when you're doing this cross-culturally?
D'ANGELO: I don't know so much--well, I wouldn't call them nuances. It's probably just understanding the culture from country to country and have the businesses working and using technology or knowing what the risks are within that technology and again, just being able to communicate on whoever your audience is as to the right level of what the issues are and what it's going to take to resolve things. Because sometimes it's not technology; sometimes it's just policy and people and process as opposed to some silver bullet type technology to solve a problem.
FIELD: Again, as we said upfront, you've got a unique role because you're in banking and you're also with ISACA. As you look to the banking industry specifically, where do you see banking leaders best and least prepared to bridge these roles internationally?
D'ANGELO: From the banking industry, I really don't see it any differently. I see the same kind of issues we just talked about. Actually, I think in the financial services industry because of A) the risk and B) the regulatory environment, they tend to get to do it first, if you will, because if the regulators raise the bar on a particular topic or if the industry itself is starting to focus on a particular topic or as new topic emerges, they happen to be the first ones that have to figure it out, if you will, as part of the process.
FIELD: Emil, one last question for you was we said up top you've just been reelected as president of ISACA, what are your objectives in this second term?
D'ANGELO: Really, the organization went through a relatively big change about two years ago. We went through an elaborate effort to look at our strategy and to refocus the organization, and as part of that--so that was the beginning of last year that we started that implementation, and that even changed the office that supports the association in terms of how they were structured. So the first year, which was last year, was a lot of focus on making sure we made a significant amount of change.
We've just created our new website as of the beginning of June with an emphasis on enhancing our collaboration with our members, so they can have a much better personal experiences on the website. And when they have questions and issues, it's kind of back to that practitioner approach. Many times you feel like you're out there on a small island trying to figure these things out, when you really have 100,000 people that are doing the same thing and can help you through that process.
And between that and providing some of our more pragmatic documents about some of the new technologies and some of the new issues that are arising, just to help those 100,000 members do a better job and help their organizations.
FIELD Well, Emil, I wish you well and I thank you for your time and your insight today.
D'ANGELO: Tom, good talking to you. Take care.
FIELD: We've been talking about global security leadership. We've been talking with Emil D'Angelo, the president of ISACA. For information Security Media Group, I'm Tom Field. Thank you very much.