Strengthening Cybersecurity While Guiding a Bank's FRB Audit

Challenge

To ensure an immediate response to identified risks during a Federal Reserve Board (FRB) audit, an international financial services company’s Senior Director of Cybersecurity Engineering asked Trexin to drive the closure of vulnerabilities across infrastructure and applications, collaborating with business and technology stakeholders to avoid regulatory deficiencies.

Approach

With the FRB involved, the work was highly visible and prioritized by the Global CIO. We designated Security Champions in each business unit to own remediation, supported by weekly meetings to track progress, escalate, and secure resources. Early training gaps led us to develop policies, guides, and procedures, many shared with the FRB. Enhancements to ServiceNow and Power BI improved visibility and leadership reporting, and a global Community of Practice brought Security Champions and Information Security leaders together to review risks and share best practices.

Outcome

• Open critical vulnerabilities fell from nearly 1,000 to fewer than 70
• Clear, standardized documentation smoothed onboarding and gave auditors evidence of ongoing work
• A Community of Practice now provides ongoing governance, risk assessment, and vulnerability management
• Coaching and a structured handover kept the gains in place after Trexin’s disengagement

Why Trexin

In regulated environments, “move fast and break things” is the wrong instinct. We bring the discipline that survives an audit, and lasts past it.