Banking and capital markets

ISO 27001, DORA, EBA Guidelines, NIST CSF — and how they fit together in an actual programme.

Banking and capital markets is our largest practice by engagement count. The regulatory environment is dense, the threat picture is severe, and the board-level visibility makes information security one of the few topics where senior leadership engages substantively with the security team.

Most of our banking engagements involve DORA readiness — the regulation that has shifted the European banking-sector security agenda more than any single regulatory development since GDPR. Our DORA practice covers the obligation set from operational-resilience testing through incident-reporting timelines to third-party risk management.

We have worked with retail banks, investment firms, payment institutions, and one CCP across Poland, Czech Republic, and Germany. The common thread is the combination of regulatory pressure and the operational maturity required to actually implement the obligations.

How we help

• DORA readiness and ongoing operational-resilience advisory
• ISO 27001 and 27002:2022 accompaniment for banking-sector clients
• EBA Guidelines and EBA/GL/2019/02 (ICT and security risk) advisory
• Coordinated tabletop exercises for crisis management teams
• Third-party and ICT supplier risk assessment programmes

Talk to us

To discuss your banking and capital markets security programme, contact office@ellipseproject.com.