Jenny Johanson is a Senior Advisor and a proven people leader with combined knowledge of business, audit, risk, and IT. With the ability to talk to all disciplines and apply evidence-based judgement, Jenny can deliver assurance to boards and executive management teams.
Jenny worked at Hastings Funds Management in compliance and internal audit, and at ANZ she was the Head of Audit Services and a General Manager of Audit – Technology. Jenny formerly worked at Telstra as a Senior Manager of Information Systems and Technology Risk Management and Assurance.
RSM Australia’s Cyber Security & Privacy services include the following, delivered by technical specialists in Information & Cyber Security Risk, Cloud Security, Security Transformation, Technical Security Assessment, Privacy and Digital Forensics & Incident Response.
Below are the highlights of the interview conducted between the World’s Leaders and Jenny Johanson.
How does your background and experience align with the role at RSM Australia?
I have a combined knowledge of business, audit services, risk advisory and information technology, and have built the ability to talk to all disciplines and apply evidence-based judgement that assists in the delivery of assurance to both board and executive management teams.
Prior roles in compliance and internal audit, predominantly in the financial services industry, contribute to my role at RSM.
How would you describe your management style and philosophy?
For me, the best approach to management is to switch back and forth between styles. But when I have the downtime, I like to encourage the team to bond. A good manager is one that invests in building a close-knit team that works well together. For more immediate crisis situations, I choose to reassign tasks or pick up the slack myself.
I try to give clear directions and stay hands-off but be ready and available to jump in to offer guidance, expertise, and help when needed.
I also go out of my way to make sure I know when my team needs help. I don’t hang around and wait to be called upon — I go to them. That means plenty of informal check-ins, both on the work they’re doing and on their general job satisfaction and mental well-being.
What processes do you use to monitor the security threats on your client’s network?
Our experience covers both the implementation of policies and standards, and the independent audit and assurance of compliance. We have helped organisations identify and prioritise security needs as per the industry recognised standards such as ISM, PSPF, CPS 234, ISO 27001, VPDSS, COBIT, NIST, Essential Eight. We examined corporate network and privileged accounts to determine how, why, and, to the greatest extent possible, where they are used.We have helped organisations identify the deficiencies within their Vulnerability Management (VM) procedures. This includes both technical and process assessments of existing and proposed vulnerability management processes.
What are the three things you would like to improve in the organization?
Junior staff don’t get to lead very often, at least not formally. I’d love to give them the opportunity of taking on more responsibilities as a leader. This could be leading meetings or projects, mentoring or training newer team members, and other tasks like that.
I’m working on improving my team’s skills with project management. This will make me and my team even more productive. So, I’m trying to get our team to go from ‘good’ to ‘great’ in these areas.
Recognising that our employees don’t just exist in a professional capacity to serve our organisation. For them to evolve both personally and professionally, employee development should be holistic. This includes emotional balance, intellectual growth, and physical health.
According to you, what is the most significant barrier for female leaders in the tech sector?
Women are vastly underrepresented in the global technology workforce. This is not only a societal concern, but also a workforce problem, given the critical shortage of skilled technology professionals faced by many enterprises. Women specifically need mentors, role models and strong networking opportunities. It’s clear to me that women hunger to learn and benefit from the presence of other women in technology.
What’s the greatest risk you’ve taken as a professional?
I’ve taken several risks by hiring candidates who did not meet all the requirements for the job; however, they showed more initiative and grit than I had seen in a long time. I trained them on the areas in which they were lacking, and they ended up outperforming some of our more tenured staff. Running a cyber security and privacy team as part of a more traditional accounting firm is not as easy as it might seem!
Does your organization’s corporate responsibility strategy match the availability of your current resources?
Cyber-attacks are increasing in number and sophistication every year. The potential damage to businesses has grown, along with the size of fines for non-compliance in many sectors. And then you add the impact of COVID-19 to the mix, which cybercriminals are seeking to make the most of, and you have the perfect storm. As such, cyber security professionals are in high demand and the competition for talent is fierce.
RSM’s social purpose is to consider the financial, social, and environmental impact of our business decisions and activities to positively contribute to our community. We define the principles, ethics and values that guide RSM in our business conduct, to produce a positive impact on society. “Beyond RSM” is our national corporate social responsibility programme which builds upon local office activities to enhance our overall social impact.
Where do you see your company in the next five years?
I can’t really talk to RSM Australia, but my vision for the Cyber Security and Privacy Risk Services team is to continue to grow and develop the team, with a focus on recruitment, training, leadership, and culture. I would love to see our team having a real impact on the broader RSM Australia business, by elevating the discussions our clients have around cyber security.
What is some of the advice you share with young women entering a male-dominated tech field or any profession?
I love Sheryl Sandberg’s quote: “Believe in yourself and own your own success” – don’t be shy about touting your accomplishments. Learn about and gain experience in a range of roles. But don’t let work overtake your life – make sure you still find time for family and friends. And lastly, establish good networks and relationships, build a public profile, and take opportunities to speak and write about what you know.
