Merger Creates Challenges for CISOs

Reassessing Information Security Needs After a Merger

joeyBank Info Security interviewed Joey Johnson, Chief Information Security Officer at Premise Health on the challenges mergers and acquisitions create for CISOs.

“We had to bring together two companies that had gotten a lot larger, without complementary supporting resources for information security” coming from Take Care Employer Services, he says. “Given the constraints today in the industry for good security talent, identifying the specific talent we were going to need, and then lining that up and putting it into place, was a real challenge.”

Also, combining the two companies changed the overall security demands, requirements and needs of the merged entity, he adds. “Having to cover that gap [in defining the information security needs of the acquired Take Care Employer Services] while trying to find resources was a real challenge.”

“Every M&A transaction is going to be different,” he says. “But one of the things to be cognizant of is what is the role of the security function in the [combined organization] you’re going into.” For instance, infosec leaders should consider whether privacy requirements are a function of the CISO and his or her team, he suggests. “Also, does [the infosec role] contain other areas around compliance, or is there a separate function for that? I think it’s very important to consider all the potential areas of responsibility that will fall under the security shop to ensure a smooth transaction.”

Read the full article on