Past Winners

Stephen Scharf, global CISO, Experian Winner Winner

Stephen Scharf, the global chief information security officer for Experian, has more than a decade of experience building strong IT security teams. He understands his role as the face of IT security and that this role requires him to present the highest standard of credibility and integrity to his peers and the organization as a whole. Scharf joined Experian, a company with more than 15,000 employees in 41 countries, as its first global chief information security officer. As a strong proponent of knowledge management, he continuously looks for best practices in IT security and applies these to the global environment in an effective and efficient manner. Scharf strives constantly to stay updated on the latest security threats facing the industry, and consistently shares this knowledge with his team – integrating it into team building, cross-training among various business groups, and problem solving – and leverages feedback from the team with the broader organization to ensure security goals are aligning with business needs.

Scharf's motto is to "treat security as a partnership." IT security is intimately involved in every part of Experian's operations. As the global CISO, Scharf works closely with all areas of the business – from developers and engineers to his colleagues in IT and the executive team – and dedicates himself to fully understanding their differing concerns and ideas.

With security, it is critical to be proactive with protective measures and to constantly evaluate the security posture of the organization. Scharf is steadfast on remaining cognizant of everything across the security portfolio – from users on the network, application security, viruses and more – and works with the executive and IT teams to create a solution that benefits all aspects, while maintaining the focus on overall business needs. Because of this, he is supported from the bottom of the organizational chart to the top.

Data is the foundation of what drives Experian. It is critical to the company's success and its security is paramount. That is why, as an important component of Experian's overall strategy, Scharf established a Global Security Steering Committee to increase global awareness around security initiatives throughout the entire organization. The committee meets on a quarterly basis to vet projects and concerns and to generate feedback from all facets of the organization. Business units from different regions across the company communicate the needs of their respective units to the broader team. The goal of the committee is to observe and be cross-functional for the development of security policy for Experian. The potential consequences of data breaches and Scharf's collaborative approach to solutions have helped propel him to a position of influence throughout the organization.

Scharf has strengthened the influence of the IT security department in meeting business initiatives and goals by aligning services in the department with individual business units. There are numerous business information security officers (BISOs) throughout Experian, and each officer ensures security programs are embedded in both global and regional businesses and to raise awareness of security for better integration. Scharf ensures that all security programs are embedded with each BISO, and his belief is that the key to being successful is by working together – again, treating security as a partnership.

Experian is a unique company in that it is made up of diverse and various businesses – e-commerce, analytics, credit reporting, marketing services and more – and each requires a customized model/strategy to operate efficiently. By leveraging the BISOs, Scharf is able to keep a pulse on this diversity while creating security policies within each business for the betterment of the broader organization.
Scharf is an avid believer in continuing education. He currently serves on the international board of directors for ASIS International and is a previous international board member of the Information Systems Security Association (ISSA). He believes that industry involvement is critical to further his knowledge of security, and he takes this knowledge and experience and shares it with his internal IT team.

Recognizing the value of security certification training among his team, Scharf strongly encourages and supports such efforts, including offering to pay for training programs. It is important to Scharf that his team continues to improve and expand on their knowledge of the market and he requires them to attend at least one security event per year.

Additionally, as part of Experian's secure development program, Scharf rolled out an internal certification and training program for developers to not only ensure they are utilizing proper protocol, but to raise awareness.

The formation of the global security steering committee is a prime example of how Scharf is better positioning information security planning as business enabling. He successfully instilled within the organization the concept that treating security as a partnership among IT and the various business units is key to the success of the company.

From day one, Scharf embedded security within each service of the company and ensured that security is tied to business drivers. The communication and team dynamic Scharf has generated from the global security steering committee permeates throughout Experian, and he is recognized among the worldwide staff as a facilitator and collaborator, encouraging teamwork and collective problem solving.

Category description:

Contenders should include those who work for end-user companies only. No vendor CSOs will be considered. Nominees are the cream of the crop, having spearheaded a viable IT security program, gained the support of their company’s executive leaders, as well as their colleagues, and helped – through their indefatigable efforts – to propel the CISO/CSO position to a footing of influence within their organization and the corporate world as a whole. Specific projects and undertakings, as well as over-arching security programs to propel these various goals, should be noted. Nominees should be prepared to answer further questions during the judging process, offer at least two references, and be open to holding confidential interviews with members of the SC Magazine editorial team, if warranted.