How Mariner Finance Manages Insider Risk

Insider risk has become one of the most pressing security challenges facing organizations today, particularly in the financial services industry. Unlike traditional external threats, insider risk requires a different approach, one that balances security with trust, visibility with privacy, and control with culture.

In a recent webinar, David Burden, CIO of Forcepoint, sat down with Don Wiegner, CEO of Mariner Finance (a $3 billion national consumer lending operation across 28 states) to explore insider risk management and the practical strategies being deployed in the real world. Don shared candid insights about how his organization has built and scaled a comprehensive security program while managing rapid growth and evolving threats.

What Makes Insider Risk Different?

Insider risk is fundamentally different from the external threats most organizations focus on. It stems from within your organization and can take many forms, from negligent employees to malicious actors with legitimate access to sensitive data. For financial institutions serving millions of customers across multiple states, this challenge is intensified.

"We need to understand: is it actually even providing value? Is it more of a tagline and something that lets them put a checkbox on an RFP? Or is it actually deriving value, not only to their platform, but to you as the client in the organization?" — Don Wiegner, CEO of Mariner Finance

This mindset, questioning the real value of any security initiative, is central to Mariner Finance's approach. Don's philosophy is that security investments must deliver tangible organizational value, not just checkbox compliance.

Building the Foundation: Team, Partners, and Leadership Buy-In

"First, it starts with the foundation of a great team and partners. You obviously cannot do things like this yourself. And then you need your constituents, your partners in the business areas to really be bought into the program and be supportive." — Don Wiegner

Mariner Finance's security program is built on this fundamental principle: insider risk management is not a security function. It's an organizational imperative. Don has cultivated partnerships across the business to ensure that security initiatives have executive sponsorship and day-to-day buy-in from operations teams.

"The executive level, fortunately, I have very good partners in the executive leadership team. Most of them have prior experience with other financial services organizations where security is an imperative in your day to day operations." — Don Wiegner

This alignment at the executive level is critical. Because many of Mariner's leaders understand financial services environments firsthand, they recognize that security isn't optional. It's foundational to the business.

Making Security Part of Daily Operations, Not a Checkbox

"Over the journey here, we've done quite a number of things. We've built a rather robust security program. We've been proud to get ISO 27001. Day to day, we're dealing with a lot of cultural awareness and reinforcement, information sharing, and security awareness updates." — Don Wiegner

Achieving ISO 27001 certification was a significant milestone for Mariner Finance, but it's not where the program ends. Don emphasizes that the real work happens in daily operations, continuously reinforcing security awareness and making security practices part of how people work.

"We've used a couple different layers and ways to try to make that part of the day to day versus a one and done or feeling like it's a training exercise, which has given it a good amount of success over my tenure here." — Don Wiegner

This approach, embedding security into daily workflows rather than treating it as an annual compliance event, is what separates mature security programs from checkbox exercises. Mariner has invested in multiple reinforcement mechanisms to keep security top-of-mind for employees.

Lessons for Security Leaders

When asked for advice to other financial services organizations facing similar challenges, Don shared several key principles that have guided his success at Mariner Finance.

1. Take a layered approach with clear vision

"If you're really going down this journey, I would say tackling things in layers with a view towards the big picture, not necessarily knowing all the answers. At least knowing where you want to go, what your vision is, the organization vision is." — Don Wiegner

You don't need to solve everything at once, but you must have a clear direction. This allows teams to make incremental progress without getting paralyzed by perfectionism.

2. Don't be afraid to pivot when needed

"We don't have concrete shoes. Just because we made a decision even as early as twelve months ago, if something has changed, don't be afraid to have that maturity to call it out and figure out what the next step is. If you need to shift gears, you need to have a different platform, don't let the fear of optics hinder doing the right thing." — Don Wiegner

Security strategies must be flexible. If a platform, process, or approach no longer serves the organization's needs, leaders should be willing to shift course without worrying about optics.

3. Learn from partners and vendors

"One of the questions I always ask our business partners as well as our vendors and service providers: Do we have today that we're not fully utilizing compared to your other clients? And what else do you offer that we're not using today that your other clients are using? Explain to me why." — Don Wiegner

Vendors and partners often have insights into solutions and approaches being used by peer organizations. By asking the right questions, security leaders can build a knowledge base that informs future decisions and drives innovation.

Moving Forward

The conversation between David Burden and Don Wiegner reveals a clear picture of modern insider risk management: it's not just about technology. It's about people, culture and the willingness to evolve. Financial services organizations that can successfully balance these elements will be better positioned to protect their customers, their reputations and their bottom line.

With the rapid adoption of AI and emerging technologies, the challenge of managing insider risk, maintaining compliance and controlling data sprawl only grows more complex. Organizations that implement comprehensive solutions combining visibility, behavioral analytics, policy enforcement and cultural awareness will be better prepared for whatever tomorrow brings.

The key takeaway from Mariner Finance's journey is that insider risk management is not a destination. It's a continuous process. Organizations that treat it as such, investing in culture, building strong partnerships, maintaining flexibility to adapt and asking the right questions about their tools and solutions will win in today's increasingly complex threat landscape.