David Gillet, Chief Information Officer of Victor Buck Services Credits : Victor Buck Services

David Gillet, Chief Information Officer of Victor Buck Services Credits : Victor Buck Services

David Gillet joined VBS in 2022 as the Head of IT and was later appointed as CIO in the newly established executive committee, back in 2023. He shares the key projects initiated upon his arrival and explains the pivotal role of cybersecurity in safeguarding VBS’s operations and ensuring regulatory compliance.

Two years ago, you decided to join VBS after 21 years in the aviation sector. What were your initial impressions upon arriving at the company?

I discovered a highly collaborative and healthy organization. And highly skilled and dedicated teams – essential factors for doing a good job. My first challenge was quickly integrating into the company’s culture, understanding internal processes and dynamics, and grasping the complexities associated with VBS’s regulatory obligations as a Support PSF provider. I found myself in a learning situation within a completely new environment. It has been an exciting period that is still ongoing today.

What were your first actions following your appointment?

I decided not to spend a period of observation and instead immediately kickstarted several projects as soon as I arrived. For example, reinternalizing key competencies and resources, introducing tools for enhanced cost control, renegotiating ongoing contracts, bringing change to certain HR practices, regaining control over existing applications and infrastructure, initiating transformation projects for our software architecture, and launching the first initiatives for cloud service adoption. My goal was to quickly cultivate a culture of change and leadership within the organization.

What are your responsibilities as CIO?

I see myself as wearing two hats that I juggle daily. In my role as the Head of IT, I’m responsible, along with my teams, for ensuring the excellence of our IT operations by implementing initiatives that address our clients’ needs, meet their expectations, and contribute to our company’s future.

Since our CEO established our executive team in 2023, I’ve also been part of the executive committee as the CIO, focusing on broader strategic initiatives that may not be directly related to IT but benefit the company as a whole. I recall an anecdote that illustrates this dual role: during a budgeting session, my colleague asked if I had effectively advocated for the IT department’s interests. I replied that yes, as the Head of IT, I had done so. However, as a member of the executive committee, I also had to arbitrate certain decisions.

Given the evolving landscape of strategic initiatives and the importance of safeguarding operations, could you provide insights into the key cybersecurity considerations at VBS?

At VBS, cybersecurity is fundamental to our operations, especially given the sensitive nature of the data entrusted to us by our clients. We manage the printing, distribution, and digitalization of confidential documents – including financial information and patient records —in sectors such as banking, investment funds, and healthcare. Cybersecurity, and more broadly Information Security, is at the heart of all the decisions and actions we take. Our Information Security Officers are key resources in our company, regularly consulted and working closely with all colleagues to ensure the security of our data and that of our clients.

We continuously invest in solutions to further improve our cybersecurity. For instance, we’ve recently adopted a “security by design” approach and integrated automated secure coding into our development cycles using a new Dynamic Application Security Testing (DAST) tool. This allows us to continuously assess vulnerabilities from an external perspective. Moreover, the deployment of a new Endpoint Detection and Response (EDR) solution and a cutting-edge Key Management System (KMS) for encryption key rotation highlights our commitment to robust security measures. Additionally, we’ve successfully reduced our attack surface through a Privileged Access Management tool and a CIS Configuration Assessment Tool.

All these examples underscore the importance of our security strategy and investments. And it pays off! We were one of the first companies in Luxembourg to obtain the new ISO 27001:2022 certification in 2023.

You mentioned the challenges associated with the regulations that VBS must adhere to. Could you elaborate on how this impacts your daily work?

At VBS, we often describe our operations as being in a “perpetual audit mode”. With CSSF, OSPAR, ISO 27,001, ISO 22,301, due diligence requirements, client audits, and internal audits, VBS operates within a highly regulated environment. Beyond the strict measures and high level of governance we’re committed to, the management of these audit phases is a massive effort for a company of our size, with significant costs that continue to grow.

Despite the efforts they require, these regulations and certifications are essential for our clients and are a key strength for VBS. They not only underscore our dedication to strict security and confidentiality standards but also reinforce our reputation as a trustworthy and reliable partner.

In our day-to-day operations, I’d love to have an AI that could streamline our responses to auditors and regulators by learning from our existing processes!

Read the on Victor Buck Services website.