Practical Role-Based Access Control: What Worked for OFX

Richard Lane, Head of Security and Cloud, OFX

OFX 800 x 512


OFX are a 400-person foreign exchange company with offices worldwide and $23B in funds transferred last year.

They’ve managed to get to fully automated role-based access control with their HR system as the source of truth for roles.

During this session Richard from OFX explained what worked, what didn’t, and how to actually get to “working RBAC”.

For more information about Media Corp International‘s CISO Leaders Summit Australia visit



Richard has worked in cyber security and technology risk management in the finance and telecommunications industries since 2009. Prior to 2009, he spent six years in technical information security roles focused on authentication, cryptography, Internet gateway security and content management.

Before his move to cyber- security in the early 2000s, Richard spent over a decade in IT core-infrastructure design and operations across a variety of industries, primarily finance and defence.

ofx logo