He may hold a leadership position at a major player in the financial arena, but Gary Baxter is quick to insist that he’s a tech guy. His role as Voya Financial’s chief information officer has afforded Baxter a unique perspective on the evolution of technology in the financial world, and its implications on how companies like Voya operate.
The same technology that created online banking and tools like ApplePay has also spawned flash crashes and hacking scandals. So while Baxter may be a tech guy, his world is financial. He is acutely aware that his ability to utilize his tech acumen has an impact on the financial and emotional security of Voya’s customers. “Security begins and ends with our ability to maintain our customers’ data,” he says. “That’s where their confidence in us begins, and that’s where we focus our energy.”
That focus has inspired robust security architecture that protects both customer data and the access points to it. “If you think about our customers’ data as being in the center, we start with a secure perimeter around the outside of the company,” Baxter explains. “In addition to a large customer base, we also have thousands of sponsors and distribution partners. We need to have appropriate access to our customer data to transact business, but we also need to safeguard it from unwanted access. That’s why the security that begins at the outer layers of the network goes all the way down to the data level. We have security surrounding the data, protecting it from anything that could happen to it.”
It’s Baxter’s job to question the strength of his cybersecurity, not trust it. That attitude is part of his professional DNA. “The most critical thing in the CIO’s role is a strong sense of humility,” Baxter says. “Approaching every day as an opportunity to learn, listen, and be diligent is key. Overconfidence and lack of attention can be the downfall for people in this role.” Keeping that in mind, Baxter ensures that Voya’s security capabilities are benchmarked against industry peers and best practices, like the ISO 27000 certification or NIST 800-53 accreditation.
But cybersecurity doesn’t happen in a vacuum, and it isn’t just about protecting static data. Part of what makes Baxter excited about his role at Voya is its mission. “There was a time when the only way people got financial advice was through a financial adviser,” he says. “While that remains a key part of the process for many people, we at Voya are able to create tools—such as myOrangeMoney—that help Americans chart out their retirement future. We take all of this knowledge that we have about preparing for retirement and create tools that put it in the hands of most Americans, supporting our vision to be America’s retirement company.”
That process depends on customers trusting Voya when they share information, which Voya then uses to craft tools to help them. This is why Baxter insists on the paramount importance of secure customer data: Voya can’t create value for its customers if the customers can’t trust Voya with their most valued information.
Since Baxter’s role in the company affects every Voya customer, his perspective on cybersecurity is expansive. Baxter spends a lot of time educating leadership colleagues via strategy updates, discussions of emerging threats, and examinations of how lessons learned from security breaches at other companies apply to Voya.
While Baxter realizes that as CIO he leads the cybersecurity effort, the responsibility for customer security extends to every member of the company. Security breach happens most often at the employee level, he explains. The ongoing security education strategy for the entire company is robust. “We have regular meetings across the company, education initiatives, and even a mascot to champion the cause,” he says. “We have found that the mascot helps keep people’s attention on a serious subject.”
Could it be? Could a mascot lie at the heart of the security initiative at a significant financial institution? Well, not entirely. But Baxter’s use of a mascot to help safeguard the retirement aspirations of millions of Americans certainly illustrates the comprehensive, multi-layered security and technology operation that he leads at Voya.