Medibank’s primary info gatekeeper of 3 years Alex Loizou has actually become a top-level casualty of a restructure of the insurance company’s modern technology feature at the end of in 2015.
Loizou revealed his separation in a LinkedIn post, which accompanies completion of a cyber uplift program at Medibank that was started after a 2022 information violation.
A Medibank speaker informed iTnews that Loizou’s duty had actually been “impacted” by “some changes within our data and technology” procedures that were made “in response to the evolving needs of our business.”
“During the three years he was with us, Alex’s leadership and dedication was greatly valued, with his technical knowledge, cross-industry experience and ability to spot and support the progression of internal talent contributing to the ongoing uplift of our security capabilities,” the speaker claimed.
Medibank has actually currently employed Origin Energy CISO Christoph Strizik to lead “IT security, risk and compliance”, along with holding the title of CISO.
He starts his duty at Medibank on March 24.
Medibank’s speaker claimed Strizik’s “experience span[ning] multiple sectors, including financial services, energy, and consulting” and subscription “of a variety of security, regulatory and industry advisory groups” was considered positively in the employment procedure.
“Hasn’t always been easy”
Loizou signed up with the wellness insurance company from FlyBuys in January 2022, 10 months prior to an information violation that affected 9.7 million existing and previous consumers.
Since the violation, he has actually managed a significant cyber uplift program at Medibank, which is anticipated to complete mid-2025 and set you back $126 million-plus.
Loizou created on ConnectedIn that “over the previous 3 years, we have actually browsed complicated safety landscapes, developed resistant systems, and grew a society of constant understanding and advancement.
“While it hasn’t always been easy, it’s certainly been deeply rewarding. I’m proud to look back at some key highlights from my time here.”
These, he claimed, consisted of “reacting to among Australia’s most top-level cyber events; leading a thorough program of safety improvement and expanding the safety group to greater than increase its dimension.”
He included that his period saw a change in “conversation around security to a mindset of partnership and collaboration”.
While Medibank’s safety uplift is coming close to conclusion, the after effects from the event proceeds, with the insurance company presently encountering a claim brought by the Office of the Australian Information Commissioner.
In court filings published last year [pdf], the OAIC declared – to name a few aspects – that Medibank really did not act upon signals from an endpoint discovery and action (EDR) device.
