The client is a US based, multinational Investment Bank and Financial Services Company who started a large global IT transformation program early in 2018 with the goal of transforming more than 2,000 applications with 5,000 components by 2021 to a new evergreen environment.
The client set out to achieve four primary objectives:
- Infrastructure – Build out a modern, converged, highly resilient infrastructure in existing adjacent data center space
- Controls Monitoring – Setup industry standard controls, monitoring and run tools under standard Production Services operating model with a Permit to Operate
- Portfolio Migration – Migrate applications through a consistent, data driven framework incorporating risk reduction and complexity of migration
- Evergreen State – Implement automated methodology and controls to ensure our new infrastructure remains at an evergreen state
What we did
Review and approve all migrating applications and environment for the Information Security Division (ISD)
Manage the migration of Technology Cyber, Technology Risk, and Technology Audit applications portfolio into the evergreen state
- Coordinate collections of requirements, building designs, and completing all migration tasks
- Perform all ISD functions for the applications and environment during the permit to operate process
- Perform program management functions for Technology Cyber to broader PMO Office
Transform Cyber testing methodology into an Enterprise Quality Engineering (EQE) strategy
- Build Cyber EQE Organization (People)
- Build Cyber EQE Infrastructure (Technology)
- Evangelize and Implement: Automation CI/CD model tailored for each application environment (Leadership)
Continually play the role of advisor to the organization around migration strategy as well as reshape activities to position for success in future transformation.
TORI is still engaged in this project and continuing to enhance process and manage the program.
Information Security control requirements were reviewed and approved across the enterprise prior to approval for Permit to Operate in the evergreen state environment
- Over 1,000 applications already reviewed and approved
- Defined, documented and baselined the ISD permit to operate (Migration) processes and recommended improved automation.
- Automated notifications and document flow thru SharePoint
- Continuously assessing permit to operate operational components to identify additional potential efficiencies
Migrations performed in a consistent and data driven methodology
- More than 50% of the Technology Cyber Application portfolio has already been migrated
Migrating applications and infrastructure with an approved automated testing methodology that is both scalable and repeatable.