|
Getting your Trinity Audio player ready...
|
Steven Jones has spent the majority of his decades-long career in finance technology—and he’s not planning on stopping anytime soon.
“It’s kind of funny now, but one of the biggest security events that we had back then was something around defacement. Someone put a mustache on a picture of our CEO on the website,” Jones says. “I wish things were that simple today.”
Complexity has become the name of the game for Jones, who now serves as chief information security officer (CISO) and senior vice president at First Horizon Bank in Memphis, Tennessee. He meets the challenges of his role with a signature resourcefulness, inflecting the various teams and initiatives within his purview. Like any good CISO, he never stops forecasting for the future, from strategizing about risk to preparing the next generation of security leaders for the spotlight.
“I try to find out what folks like to do because if you find something that they’re passionate about, they’re probably either already good at it or willing to get good at it. And if you can combine that with something you need, it’s a perfect Venn diagram.”
Steven Jones
Jones earned his bachelor’s and master’s degrees in finance before helping bring Synovus Bank onto the internet back in the nineties. About eleven years ago, he jumped to First Horizon.
Jones, who considers himself a servant leader, shifted his engagement and communication methods to match his new virtual landscape, but the core tenets of his leadership style remained the same. “Servant leadership is less about a top-down and more about a bottom-up approach,” he says. “I try to find out what folks like to do because if you find something that they’re passionate about, they’re probably either already good at it or willing to get good at it. And if you can combine that with something you need, it’s a perfect Venn diagram.”
“Steven transformed First Horizon’s cyberrisk program by driving a bold vision to focus on identity and access management,” says Anthony Berg, principal at Deloitte & Touche LLP. “He built the team from ground up and led it to success by providing strategic thinking and avoiding pitfalls while also rolling up his sleeves to get into the weeds with them when needed.”
As CISO, Jones oversees teams handling IT risk and governance, security engineering, security operations, threat and vulnerability, and telephony. He also has a team dedicated to identity and access management—a program that has been a significant area of focus during his time at First Horizon.
“We’ve partnered with HR and with other groups in the company to make sure that the right people have access to the right information at the right time,” Jones says. “We have a lot of good information through the HR system about the timing of events—when a person is onboarded, when they change roles, when they’re offboarded—and we can use that information and those triggers to enable, provision, and deprovision access automatically.”
In addition to bolstering the identity program, Jones has invested considerable time in elevating the cyberprogram as a whole. Those efforts became even more important when First Horizon was looking to merge with IBERIABANK.
“Two very well-established banks, one based in Lafayette, Louisiana, and the other based out of Memphis, were coming together in a merger of equals,” Jones says. “I knew that it was going to put us into the major leagues, where it’s typically expected that you have a certain level of maturity in your cyberprogram. We were planning for that all along, looking across the whole spectrum of our framework and see benefits of that preparation as we now operate an $81 billion bank across twelve states.”
“You have to expect a lot of change—and love change—because that is the only constant.”
Steven Jones
Jones is just as excited about the future of the security field at large as he is about the new initiatives underway at First Horizon. He has a front-row seat to the growth of the local security community as well, through both his service on the board of directors of the Greater Memphis IT Council and his support of cybereducation at all levels—including a program that allows University of Memphis students to gain data science experience while still in school.
When talking to those students or other mentees, Jones always emphasizes the need to understand the technology before they can protect it. He believes that there’s something in security for everyone, as long as you can accept one key aspect of the field: “You have to expect a lot of change—and love change—because that is the only constant,” he says.
No stranger to change himself, Jones has clearly taken his own advice to heart.
Deloitte & Touche LLP is proud to be part of First Horizon Bank’s Identity and Access Management (IAM) transformation journey. While collaborating with Steven Jones on the strategy and execution, Deloitte implemented a IAM tool stack to help improve workforce efficiencies, reduce risk, align to regulatory requirements, achieve compliance, and lower costs.
In a connected and open world, organizations should enable trusted identities. Deloitte & Touche LLP does this by providing the methodologies, platform implementation, and operation solutions that can help organizations manage access to sensitive applications and data.
For more information, visit Deloitte Cyber Risk Services; contact Anthony Berg, principal, Deloitte & Touche LLP, at [email protected].
