NSW Customer Service dept appoints cluster CISO

The NSW Department of Customer Services has appointed Matthew Fedele-Sirotich to lead its expanded cyber security function as cluster chief information security officer.

Fedele-Sirotich took up the CISO role at the central agency earlier this month after seven years at the Department of Communities and Justice (DCJ), including the last three years as CISO.

He effectively replaces former group CISO Marco Figueroa, who left in mid-2020 after three years at DCS and its predecessor, the Department of Finance, Services and Innovation.

But the leadership position is also markedly different to the one vacated by Figueroa, with the agency expanding the responsibilities in the intervening period.

The shakeup follows the massive email compromise attack against Services NSW early last year and coincides with a broader restructure of DCS’ two IT teams into a single entity.

DCS told iTnews that the “critical ICT leadership role” would see Fedele-Sirotich “lead the continued development of strong cyber security strategies for the organisation”.

“Fedele-Sirotich brings with him a decade of ICT experience across public and private sectors, and more than five years’ experience as a senior executive in the field of ICT governance, security and risk,” the spokesperson said.

“During this time he has led cyber security transformations across multiple organisations which have successfully enhanced the security maturity and capability of each organisation.”

Prior to becoming DCJ’s CISO in July 2018, Fedele-Sirotich worked as a manager and then director of governance, security and risk, as well as a principal information security officer.

He also spent almost two years at former NSW shared services agency Businesslink and more than five years at Macquarie Bank.

DCJ is now searching for a new CISO to take charge of the security, risk and compliance functions within the department.

The new executive, who will be offered a salary of up to $248,870 per year, will lead DCJ’s security uplift, which began following a $32.5 million investment in last year’s state budget.

As of this financial year, the department has $85 million at its disposal over four years to “protect highly sensitive data and ICT infrastructure through investments in cyber security”.

CSO Group have scored two contracts totalling more than $23 million since December 2020 to assist the department with the uplift, including through a new managed security monitoring service.

The service, which includes a security operations centre and security information management (SIEM) platform from Macquarie Telecom, will come online in August.