Having worked in model management & model risk management for over 15 years, Sebastien Viguie, Co-founder and CISO of Yields.io, has developed an affinity for the practice. He devotes much of his time to taking our technology platform to the next level and to improving the company’s information and security compliance – in an age where tech and data security are heavily intertwined. In this interview, Sebastien shares his experiences as Co-founder and CISO of Yields.io.
What inspired you to become the CISO at Yields?
We knew beforehand that information security (IS) would quickly become a critical factor for us to successfully deploy our technology within financial services firms. Unlike other industries, financial organizations have long been heavily regulated. This places great emphasis on ensuring good governance across the entire supply chain, including information systems.
Nowadays, other sectors have realized the importance of information security. For example, data security has emerged as a fundamental element in regulations such as the GDPR. That is why we thought it was best to have one of the co-founders head IS management, to reinforce our commitment to ensuring security for our clients.
It has been two years since I transitioned into the role of CISO, and it has opened my eyes to the many aspects where business and security are interconnected. Risk and security are multifaceted and I understand that my role requires me to have a deeper knowledge of our clients’ businesses, and how to build credibility and trust with decision-makers and the community. In the financial industry, it’s all about trust and security.
How do you approach balancing security with the needs of the business and its users?
Security is a key factor for banks to be allowed by their GRC department to adopt our technology. In compliance with international standards, we build our products and offering around standard security controls and industry best practices. It usually starts with a discussion between our product teams who advocate for product features that best meets our clients’ interests and current challenges.
Before we roll out any feature, or implement any changes within our technology, we hold product team discussions with key stakeholders. The actual product evolution and roadmap are a compromise that comes out of these discussions. Even if some requested security features do not make it into our product’s standard security controls, we allow some flexibility for customization.
Occasionally, a client has unique organizational security standards and practices that we have to adopt within our framework. When this is the case, deviations are agreed upon, defined and maintained by a dedicated team which is distinct from the product development teams. This allows us to distinguish between the core standard business and security functionalities we should adopt vs. client-specific functionalities that correspond to a business-specific need.
What makes Yields different?
Since the company’s inception in 2017, many market players have emerged to satisfy the demand for a model risk management platform. Unlike other vendors who regard technology as a cost center or a constraint, our focus at Yields.io has always been on transforming our clients’ challenges into actionable business drivers. By ensuring that we are compliant with the highest standards for information security, we are able to accelerate our growth further.
