by Scott Carey

RSA Group Chief Information and Technology Officer on the challenge of his dual role

Mar 18, 2019
Cloud ComputingFinancial Services IndustryIT Leadership


As Group Chief Information and Technology Officer at RSA Group, David Germain is responsible for the insurer’s global IT function, spanning 12,700 staff members. He started the role in January 2017, and since then has embarked on what he calls a major “re-platforming for RSA”.

In an interview with CIO UK, Germain explained that this primarily involved moving from a single, monolithic platform to a more modern technology stack, to ensure the platforms were “ready for the future and work for our customers”.

“That was the primary reason for hiring someone like me,” he added.

Although RSA is still vendor-reliant to a degree – something Germain puts down to the “nature of the industry” – he has been looking to drive change across the firm in a way that could help it innovate faster, and work with more boutique providers to find solutions.

“To me that means cloud-first, so moving to private cloud or public cloud or some hybrid environment, exploiting some packaged SaaS where we can, and driving analytics in that environment towards more usage of AI and Robotic Process Automation,” said Germain, who was previously Head of Technology, Operations and Product in the Commercial and Private Banking department at the Royal Bank of Scotland.

Since then Germain’s remit has expanded, when the business asked him to combine his original role as CIO with the role of CTO, where he was tasked with building a new cyber security strategy.

“We refreshed all security policies and wanted to understand emerging issues across the industry, so ethical hacking and spotting vulnerabilities,” he said.

Germain started by hiring a bunch of experienced CISOs to work across regions, where he allowed them to “build capability and resources in-house or through third parties” in order to achieve best practice and create the firm’s cyber strategy collaboratively with them.


Germain is a devout exponent of technology business management (TBM) and has brought those techniques to his role at RSA. This methodology hinges on running an IT department like its own business, with a holistic understanding of costs and building a strong roadmap for the future.

“It is the only way I know, to get that total cost of ownership and understand your cost base,” Germain said. “You have to be constructive with data and make costs more transparent, so when a demand comes in you have an understanding of that.”

Read next: Lloyds looks to rationalise its IT estate with help from Apptio

Germain started small, implementing a proof of concept in the Scandinavia region aimed at bringing its end user computing costs down – so looking at laptop refreshes, assessing the cost per unit and starting to find savings there. A migration to Office 365 and renegotiating some key telecommunications contracts also brought immediate savings for the business.


Another focus for Germain involved bringing artificial intelligence techniques into the business.

“That has been really challenging,” he admits, “but our business users are data scientists at heart.”

By this he means the actuarial and underwriting staff at RSA are essentially looking for new ways to assess risk and that they often ask for environments to quickly run pretty complex analytics workloads.

He admits that in the past these business users have not been able to spin up environments quickly in the public cloud because it was difficult to “move data around and obfuscate data”.

“We have been able to work with cloud providers to have an environment that allows them to do that themselves, and not have IT help build an environment,” said Germain – as long as the right guardrails are established beforehand, of course.

Another initiative that has proven successful at the insurer is the introduction of quarterly Kaggle competitions. This provides underwriters with “data sets and aspects of our global products to look for new opportunities,” and has directly led to the creation of new pricing models that can be utilised across the group.

Wearing two hats

Lastly, how does Germain balance these two large roles?

“It is the right challenge at the right time for someone like me,” he said. “You have to keep yourself relevant in this role and understand what is changing.”

“It’s important to spend time with business teams and understand if technology is working for them and what needs to change. So it is challenging having two hats and you have to be broad but lean and engage throughout the week, but if you like variety it is a cool role.”