Catherine A. Allen
Founder and Chairman
The Santa Fe Group
For more than 30 years, Catherine Allen has been an outstanding leader in technology, strategy and corporate board governance and a key thought leader in business innovation, cybersecurity and risk management. Catherine is the Founder and Chairman of the Board of The Santa Fe Group (SFG), based in Santa Fe, New Mexico. The SFG is a strategic advisory company focused on cybersecurity and risk management, specializing in briefings to C-level executives and boards of directors at financial institutions and other critical infrastructure companies. The SFG provides management for the Shared Assessments Program, a membership organization focused on best practices and assessment tools in third party risk management. Shared Assessments has over 325 corporate members, including many of the Fortune 1000. The SFG has received many awards from Cyber Defense Infosec and SC Media for their contributions to cybersecurity and risk management. Catherine was named one of the Top 25 Most Influential Women in Cybersecurity in 2019 by Cyber Defense Magazine. SC Media named her one of the 2019 Visionaries in Cybersecurity of the Last 30 Years. Catherine has served, or continues to serve, as a corporate board member of Synovus Financial Corporation, El Paso Electric Company, Stewart Information Services, NBS Technologies, RiskSense, Belief Agency, Houlihan Lokey and CRI Advantage. She has set up and chaired, or served on, risk, security and technology committees of boards, as well as serving on compensation, nominations and governance, energy and natural resources and public policy. In 2018 she was named one of the NACD 100 Most Influential Directors. Catherine sits on the audit committee of Women Corporate Directors, the advisory board of the Executive Women’s Forum and is President-Elect of the New Mexico International Womens Forum.
Diane T. Ashley
DTA Diversity Counts
Diane T. Ashley is the CEO of DTA Diversity Counts, a diversity and inclusion advisory firm she founded after her 2019 retirement from the Federal Reserve Bank of New York. A recognized industry expert, Diane was tapped in 2007 by then-NY Fed President, Tim Geithner, to create the diversity and inclusion (D&I) function at the Bank. Her unit became the working model for D&I adopted among all Banks within Federal Reserve System. She was also responsible for reporting to Congress on an annual basis, as required by the Dodd Frank Act of 2010. Prior to her career at the NY Fed, Diane led several departments including recruitment, workforce and supplier diversity, as well as community outreach at Citi. Earlier in her career, Diane was a Managing Director in executive search. She continues to leverage her multidisciplinary background in senior level recruitment, talent, procurement, corporate social responsibility, and board service in organizations undergoing transition, mergers, financial crises, and government regulation. Diane holds a BA in French with study at the Sorbonne in Paris from Yale University, an M.Ed from Boston University in Human Resources, and a JD from Rutgers University School of Law.
Founder, President and CEO
Kabir is the Founder, President, and CEO of OneTrust. In under four years, Kabir has grown the company into the #1 fastest growing and most widely used privacy, security and governance technology platform to comply with the CCPA, GDPR, LGPD, ISO27001 and hundreds of the world’s privacy, security, and compliance requirements. OneTrust has largely pioneered the privacy technology market and has been awarded 130 patents as a result. OneTrust’s mission is simple: Use technology to help companies be more trusted, and turn trust into a competitive advantage. Today, OneTrust is used by more than 7,500 companies, both big and small, including over half of the Fortune 500. OneTrust employs 1,500 people in 12 global offices across North America, South America, Asia, Europe, and Australia. In December 2020, OneTrust raised a $300M series C funding round at a $5.1B valuation. This brought OneTrust’s total funds raised to over $710M in just 18 months. Kabir oversees all aspects of OneTrust’s product development, operations, and sales internationally. Kabir holds a Fellow of Information Privacy with the IAPP, the highest designation of a privacy professional, and sits on the advisory boards for the Future of Privacy Forum (FPF), the Center of Information Policy Leadership (CIPL), The International Association of Privacy Professionals (IAPP), the Cloud Security Alliance (CSA), and Shared Assessments (known for the SIG third-party risk standard). He has spoken at hundreds of leading industry events globally including Gartner Symposium, Gartner Security & Risk, IAPP Global Privacy Summit, RSA Conference and Infosecurity Europe. In 2019, Kabir received the National EY Entrepreneur of the Year Award and was named a Most Admired CEO by the Atlanta Business Chronicle. In 2020, with a 48,337% three-year growth rate, OneTrust was named the #1 fastest growing company in America on the Inc. 500. He holds a B.S. in Computer Science with a certificate in Entrepreneurship from Georgia Institute of Technology. As an Eagle Scout, Kabir has an appreciation for the outdoors, and is also passionate about giving back through the Aga Khan Foundation in their mission to end global poverty.
Senior Manager, Consulting, TPRM
Ernst & Young LLP – Americas Managed Services
Michael is a Senior Manager and Head of Third Party Risk Management Service Delivery. He has 25 years of industry experience, holding executive positions in procurement, supplier risk management, and supplier assurance in insurance, retail banking, and investment banking organizations. Select experience. Prior to joining EY in November 2018, Michael had global responsibility for all supplier assurance for a large European Bank. Here he led a team that executed over 1,000 onsite assessments during his tenure. Michael has implemented complete supplier risk programs in response to Federal Reserve and OCC consent orders in two different institutions. He has lead a procurement function with approximately $100 million in annual spend and negotiated key deals in management consulting, staff augmentation, and technology rationalization. A six sigma black belt, he has led dozens of process improvement initiatives that have included reengineering of a mortgage origination platform, billing and administration services for employer-sponsored insurance, and implementation of an ISO:9000 compliant quality management system. Michael also has extensive customer service and operations management experience leading contact centers, back-office operations, and insurance claim processing. Michael received a BS in Economics from Rutgers University.
Manager, Information Security Governance - Horizontal Services
Navy Federal Credit Union
Phil Bennett is Manager, Information Security Governance Horizontal Services at Navy Federal Credit Union, Vienna, Virginia. Phil has led cyber security advisory and assurance teams in the financial sector since 2002. He has driven innovation in best practices for cyber security third party risk management at a top ten financial sector company. He also led the cyber security team providing input into M&A transactions. In March 2020, he joined the Navy Federal Credit Union in Vienna, Virginia to lead cyber security horizontal governance functions including: metrics and related C-suite reporting, data security event management, phishing, education and awareness, and communications. Phil is passionate about making certain the implementation of cyber security-related governance and risk management solutions, and their operational processes, are practical to consider the organization’s business drivers, culture, risk appetite, size, and budget. Phil holds the Certified Information System Security Professional (CISSP), Shared Assessments Certified Third Party Risk Professional (CTPRP), Certified Information Security Manager (CISM) certifications, and the M&A @ Columbia Business School certificate.
Governance, Risk, & Compliance Leader
Ron is a seasoned veteran in the areas of Governance, Risk and Compliance (GRC). He was formerly the Director of GRC at Trane Technologies, responsible for leading continuous improvement within cyber security, and evolving the company’s global information security program to adapt to changing threats and technology advances. Ron holds multiple certifications including CISSP, CISA, and CTPRP. Prior to entering the professional workforce, Ron spent six years in the United States Marine Corps as an Avionics Technician.
Founder and CEO
Joyce Brocaglia is the founder and CEO of Alta Associates. Founded in 1986 Alta Associates has become the most prominent boutique executive search firm specializing in Cybersecurity, Risk Management & Technology. Joyce is a strategic advisor to her clients who have gained the trust and respect of the industry’s most influential executives by accomplishing their strategic and diverse hiring goals. She is a career advisor to industry thought leaders and a trusted member of the Information Security, Risk Management and Privacy industry.
Co-founder and Chief Operating Officer
The Climate Board
Ken is co-founder of The Climate Board, a member-based advisory company that equips senior executives with insight and actionable best practices to drive climate change solutions. Previously, Ken led Bloomberg’s development of global growth strategies for new products in the energy, water, and environmental sectors. He was the principal designer for Bloomberg’s New Energy Finance Insight Services, which frames the financial, economic, and policy implications of all forms of renewable energy. Before Bloomberg, Ken led research teams for the Finance Practice of the Corporate Executive Board. He was Senior Vice President for Kaiser Associates, where he led strategy engagements with Fortune 500, including Shell, ExxonMobil, BASF, P&G, Pfizer, and McDonald’s. He also served as a staff officer for the Chief of Naval Operations and nuclear submarine officer in the US Navy. Ken received his bachelor’s degree in chemistry and economics with distinction from Colby College. He graduated from the US Naval War College with high honors and has an MBA from Harvard Business School
The Santa Fe Group, Shared Assessments
Christopher’s key responsibilities are member service, market research, program development, prospective member outreach and membership renewals. Christopher has more than 17 years of experience in sales, customer relations and corporate operations. He has worked for several leading NM businesses including a major clothing retailer and real estate company where he gained experience in managing company operations, corporate timelines and six-figure budgets. Christopher’s previous professional experience also includes key sales and support roles in various industries ranging from health and fitness to construction. Outside of work, Christopher balances his penchant for hot chocolate and baking with kettle bell and mountain biking. Connect with Christopher on LinkedIn
VP of Global Security & CISO
Dawn Cappelli is Vice President, Global Security and Chief Information Security Officer at Rockwell Automation. She is responsible for developing and executing a holistic cybersecurity strategy to ensure that Rockwell Automation and the Connected Enterprise Ecosystem – the company’s infrastructure, products, and customers – is safe, secure, and resilient. She is also responsible for Global Security programs, including physical security, executive protection, workplace violence prevention, and crisis management. Cappelli became CISO in 2016. She came to Rockwell Automation in 2013 as Director, Insider Risk, and built the company’s Insider Risk Program to mitigate threats from individuals within the company or trusted third parties who might steal information, sabotage infrastructure or products, or violate physical security controls. The Rockwell Automation Insider Risk Program was awarded the Global Team Leadership award by the Society of Women Engineers in 2016. Before Rockwell Automation Cappelli was Founder and Director of Carnegie Mellon’s CERT Insider Threat Center, where she was recognized as one of the world’s leaders in insider threat mitigation, and has worked with government and industry leaders on national strategy issues. Before that she developed software for nuclear power plants for Westinghouse, and for Carnegie Mellon. She co-authored the book “The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)”, which was inducted into the Cybersecurity Canon – a list of must-read books for all cybersecurity practitioners. Cappelli is a Certified Information Systems Security Professional (CISSP). She holds a BS in Computer Science and Mathematics from the University of Pittsburgh, is co-founder of the Open Source Insider Threat (OSIT) information sharing group, and is a member of the RSA Conference Advisory Board and Program Committee, the Cybersecurity Collaborative Executive Committee, and the CyberWire Hash Table. She was honored as a member of the 2020 Global CISO 100 and was named Pittsburgh CISO of the Year in 2018.
Senior Manager Information Security
Orlando manages the Cyber Supply Chain team within Information Security. In this role, he manages a dynamic team that is responsible for performing due diligence on third party suppliers that receive USAA member, employee, and/or corporate data. Orlando has over 20 years’ experience in the cyber domain to include: computer network defense, network architecture support, cyber intelligence, and information security certification & accreditation. Before joining USAA, Orlando worked with the Department of the Army; however, he has also worked with the Department of the Air Force and the Department of the Navy throughout his career. Orlando holds a Master’s degree, several certifications, and a patent in the field of cybersecurity. In his spare time, Orlando enjoys volunteering, mentoring, and coaching. Orlando is married and has three kids and a grandchild which keep his time outside of work enjoyable.
VP, Chief Security & Risk Officer
Edna Conway is an innovative executive who forecasts the future of business and creates clear strategies to deliver new and secure operating models for a digital economy. A sought-after industry influencer, bringing rich perspective forged from over 30 years of broad and deep leadership success creating new organizations and delivering cyber security, compliance, risk management, sustainability and value chain transformation across a $143B technology company. A builder of new capabilities which achieve lasting and pervasive operational improvement. Follow on Twitter @Edna_Conway Specialties: Cyber Security, Enterprise Risk, Compliance, Supply Chain Operations, Intellectual Property Law, Sustainability
Jonathan is a Principal in the Cyber practice at KPMG and leads the firm’s Third Party Security efforts. Jonathan tailors the appropriate KPMG consulting, managed services, and innovations to deliver more successful outcomes. Over the course of the last 15 years, Jonathan has worked with leading organizations in Technology, Financial Services, Energy, Life Sciences, Legal and Manufacturing to transform their 3rd party risk programs. Jonathan’s core strength is to provide the vision, roadmap, and execution excellence to deliver the future of third-party security risk management at KPMG.
Jing de Jong-Chen
Sr Associate, Strategic Technologies Program
Center for Strategic & International Studies (CSIS)
Jing de Jong-Chen is a senior associate of CSIS (Center for Strategic and International Studies) Technology Policy Program. She is also the founder and CEO of CrossAvenue International, LLC with a focus on developing customized international cyber policy and strategy for corproatations. As a former Partner and General Manager of Global Cybersecurity Strategy at Microsoft Corp. she led cybersecurity engagement, including public policy, technology standards and partner ecosystem development in key strategic markets including China and S. Korea. Her domain expertise includes managing cybersecurity legislative and regulatory responses, working with senior leaders to address bilateral and multilateral policy issues, partnering with software and hardware vendors to drive innovation and secure global computing environment including the cloud and IoT. She is a member of the national association of Corporate Directors and is interested in the formulation of modern organization governance strategy. She served as the Vice President and a member of the Board of Directors of the Trusted Computing Group, a global security standards organization. She is also the board advisor of the Science and Technology Innovation Program at the Woodrow Wilson Center. During her career, De Jong-Chen worked with government, academic and industry to address complex cybersecurity policy and standard issues. She conducted extensive outreach to promote cybersecurity best practices, represented private sector in leading international cyber dialogues and policy conferences. De Jong-Chen was profiled in the book Hacking the Hacker, published by Wiley in April 2017. De Jong-Chen is passionate about promoting women in technology and was the founder of Microsoft Women in Security. She serves as a Board Advisor of Executive Women’s Forum (EWF) and received the organization’s “Women of Influence Award” in 2014. She holds a Master’s Degree in Business Administration (M.B.A) and a Bachelor of Science Degree (B.S) in Computer Science. She also completed executive training programs at Stanford University, Graduate School of Business in 2015 and 2016.
TPRM Offering Manager
Jaymin Desai serves as the Offering Manager at OneTrust VendorpediaTM — part of the largest and most widely used technology platform to operationalize third-party risk, security, and privacy management. In his role, Desai is responsible for driving the development and delivery OneTrust’s third party risk management product as well as driving the refinement of the toolset and offerings. He works with clients to centralize their vendor information across business units, assess risks based on use cases and relevant standards like CSA, CAIQ, SIG, GDPR and CCPA while also monitoring threats to seamlessly mitigate vendor risks throughout the engagement lifecycle. Desai takes a customer-based approach to product development and derives the majority of his backlog from customer feedback and direction.
Founder and CEO
Davis Dogan Advisory Services LLC
Angela is a Doctoral Student in Information Technology and Founder & CEO of Davis Dogan Advisory Services where her expertise in the management and implementation of Enterprise and Third-Party Risk Management Programs is guiding enterprises and public sector organizations. Angela has spent the last 16 years enabling leading financial services organizations to address third-party cybersecurity and business risks in successful, programmatic ways. She serves on the Steering Committee of the member-led Shared Assessments Program, aiding in the development of standardized resources which are now widely used in third party risk assurance. She also Chairs the organization’s Standardized Control Assessment (SCA) Committee. Angela also serves on the Cloud Security Alliance Cloud Controls Matrix Working Group where she has assisted in efforts to further enhance their cloud security framework for the past 5 years. Angela spends most of her personal time mentoring and inspiring youth across the southeast region of the US in the field of Cybersecurity. Everything she does is done through the lens of each one teach one and be the change you want to see. This year in continuing her community service work The Global Center for Women in Risk Leadership will be launching of which she is President and a Founding Board Member. Angela also served for a number of years as an active member, Director of Corporate Events and eventually President of the International Consortium of Minority Cybersecurity Professionals (ICMCP). During her time with the organization she developed the organization’s k-12 initiative as well as mentored several of its members. Bringing awareness to the need for women in tech as well as other minorities is her life-long mission.
Managing Director of Business Development
Eric manages strategic partnerships/alliances at RapidRatings including leading partner API integrations into procurement, supplier risk and governance risk & compliance platforms to benefit joint clients. Eric has over 20 years work experience from various companies including: Aetna, EDGAR Online, Donnelley Financial Solutions. Eric is involved with various working groups of Shared Assessments including Co-Chair of the Continuous Monitoring Group. He graduated from University of Connecticut a BS in Finance and completed his MBA in Finance at University of Hartford. He is based in the RapidRatings NYC office and lives with his wife and Cavalier King Charles in Stamford, CT
Nasser is passionate about Cybersecurity, IT Risk, and Third-Party Risk Management leader with a focus on customer-first, team building, and implementing strategic, enterprise-wide programs that support business strategies, objectives, regulatory requirements, customer experience, staff productivity, and revenue. This includes closely collaborating with executives and their teams to deploy emerging technologies, including cloud-first strategy and RPA, or to select critical external partners to outsource critical activities, including ITOM and ERM, in a safe and secure manner. Nasser enjoys working with various risks disciplines, including SLOD, audit, ERM and Privacy, to timely identify and manage new risks and threats that can adversely impact an organization. Nasser contributes his experience and knowledge as an adjunct professor and conference speaker at classrooms, roundtables, and events. Nasser serves as the 2021 Shared Assessments Program Chair.
VP and CISO
The Santa Fe Group, Shared Assessments Program
Tom Garrubba, Vice President, CISO, is an internationally recognized subject matter expert, lecturer, author, and blogger on third party risk, and is the head instructor for the Certified Third Party Risk Professional (CTPRP) certification program. He is a contributor to Future of Sourcing, blogged for the Huffington Post’s Business section, and for Government Health IT, ISACA, Risk.net, and numerous eGRC websites. Previously, Tom was the Senior Privacy Manager at a Fortune 10 healthcare company where he established policies and procedures governing their vendor assessment program, overseeing all assessments for existing and potential third party service providers who were exposed to personally identifiable information (PII), protected health information (PHI), credit card/card holder (PCI), and proprietary data. Tom has over 20 years experience in IT security and privacy controls, as well as audit and compliance in both private industry and public consulting. Tom is on the Forbes Technology Council and outside of work, Tom is involved with the Civil Air Patrol Squadron 603 and enjoys coaching (softball, baseball) and making music with his kids. You can connect with Tom via LinkedIn.
Deloitte & Touche
Tanneasha is a results driven risk and compliance strategist experienced in working with fortune 500 companies on complex compliance transformations that involve redefining governance models, revising controls, rearchitecting data structures and redesigning operating models. She is a forward-thinking technologist who keeps a pulse on emerging trends and technologies to help organizations anticipate and navigate disruption, threats and opportunities. She is also a go-to-leader, in times of crises (e.g., data breach) and change (e.g., new regulation), directing companies in interpreting requirements, assessing readiness, pivoting strategies, and implementing transformational solutions. Tanneasha primarily specializes in strategy, data governance, privacy, product security and trust & safety, and she mainly serves Technology, Media, Telco and Life Sciences organizations.
Hathaway Global Strategies
Melissa Hathaway is globally recognized as a thought leader in the fields of cybersecurity and digital risk management and has relationships with the highest levels of governments and international institutions. She served in two U.S. presidential administrations, spearheading the Cyberspace Policy Review for President Barack Obama and leading the Comprehensive National Cybersecurity Initiative (CNCI) for President George W. Bush. She received the National Intelligence Reform Medal, September 2009 and the National Intelligence Meritorious Unit Citation, December 2011 for her leadership. As President of Hathaway Global Strategies, Melissa brings a unique combination of policy and technical expertise, as well as board room experience that allows her to help clients better understand the inter-section of government policy, developing technological and industry trends, and economic drivers that impact acquisition and business development strategies in this field. Ms. Hathaway has a B.A. degree from The American University in Washington, D.C. She has completed graduate studies in international economics and technology transfer policy, and is a graduate of the US Armed Forces Staff College, with a special certificate in Information Operations. She publishes regularly on cybersecurity matters affecting companies and countries. Most of her articles can be found by visting: http://belfercenter.ksg.harvard.edu/experts/2132/melissa_hathaway.html
Section Chief - Office of Private Sector
Federal Bureau of Investigations (FBI)
Erin Joe is a 25-year veteran of the Federal Bureau of Investigation and a member of the FBI’s Senior Executive Service with expertise in cyber and information security, risk management, national security, and crisis preparedness. A trusted advisor, Joe has worked directly with Fortune 500 executives and US intelligence community leaders, including Directors of National Intelligence and FBI Directors. Since December 2020, Joe has developed and managed key partnerships with Fortune 100 companies. An executive in the Office of the Private Sector, Joe is a primary advisor for FBI leadership engaging private industry partners to improve security, resilience, and responsiveness to threats. When the nation faced threats of violence related to the Presidential Inauguration in 2021, Joe ensured rapid intelligence flow and communications between the FBI and private sector to ensure safety across America. Prior to her current role, Joe was selected by the Director of National Intelligence as the Director of the Cyber Threat Intelligence Integration Center. During her tenure, she led the integration of intelligence from more than 20 federal agencies countering cyber threats while simultaneously evaluating US government response capabilities. She prepared daily intelligence products and briefings for the President of the United States, the National Security Advisor, National Security Council members, and Congressional oversight committees. Joe led multiagency teams to establish new deterrence frameworks. Joe oversaw intelligence integration and aspects of cyber readiness and response efforts related to 2020 elections and the US response to COVID-19. From 2016 to 2020, Joe directed FBI cyber operations as Section Chief and Deputy Assistant Director in Cyber Division. She oversaw response teams, forensic investigations, and mitigation efforts related to cyber threats and intrusions by foreign adversaries across 50 states and 70 countries. She orchestrated the global response to attacks against hospitals, public figures, 120 universities, HBO, the Port of San Diego, and the City of Atlanta. She co-authored the FBI’s first comprehensive strategy joining all FBI programs to combat hostile nation states. She advanced collaboration with C-suite executives, general counsels, technical teams, and foreign government counterparts to develop solutions to vulnerabilities and protect critical infrastructure from hostile cyber activity. Since joining the FBI as a Special Agent in 1996, Joe has served in five divisions at FBI Headquarters as well as in Field Offices in Oklahoma City, Salt Lake City, Los Angeles, and New Haven. She received Director’s recognition for her trial support related to the Oklahoma City bombing and 9/11. As Acting Division Counsel, she handled complex litigation and internal investigations. Prior to the FBI, Joe was an administrative law judge in Dallas, Texas. Joe has served on numerous interagency boards that address risk and advance novel efforts to protect critical infrastructure. Joe is a sought-after speaker and thought leader, delivering insights at cyber events hosted by RSA, CrowdStrike, FireEye, Microsoft, McAfee, The Aspen Institute, University of Virginia Law School, Harvard Law Women’s Alumni, and Naval Postgraduate School. Joe passionately develops talent. She has mentored more than 200 future leaders, is a certified Executive Leadership Coach, and enjoys teaching leadership at the National Intelligence University. Joe earned her law degree from The Ohio State University and graduated with high distinction getting her Bachelor of Arts degree in English from the University of Illinois. She is licensed to practice law in Texas.
The Santa Fe Group Shared Assessments Program
Bob is deeply committed to contributing to the well-being of the financial services community. A well-known and sought-after expert in risk management strategy, he has 50 years of experience leading fraud risk management and risk management strategy. In addition to bringing unique experience as a consultant, educator and expert witness to The Santa Fe Group, he also serves as the principal of RW Jones Associates, LLC and is Adjunct Professor Emeritus of Economic crime at Utica College, where he taught in the school’s M.B.A. in Economic Crime and Fraud Management program. His articles have appeared in the RMA Journal and the Journal of Economic Crime Management. Before joining the team at The Santa Fe Group, Bob led FleetBoston Financial’s operating risk management programs and chaired the company’s Operating Risk Committee until his retirement in 2004. Prior to FleetBoston, Bob served for 21 years at KeyCorp, where he was responsible for all fraud detection and prevention systems and programs. During his tenure, Bob was instrumental in reengineering KeyCorp’s corporate security function to establish an innovative, customer-focused approach to providing security services. He also investigated and assisted in the prosecution of significant bank fraud cases, including the $1.1 billion Phar-Mor case. During his banking career, Bob served as chair of the Association of Certified Fraud Examiners’ Financial Institution Fraud Committee, co-chair of the BITS Fraud Reduction Steering Committee, and founding chair of the American Bankers Association’s Operational Risk Data Sharing Consortium.
SVP and CSO
The Santa Fe Group, Shared Assessments Program
Brad Keller has been developing and leading risk management programs for more than 30 years. Brad came from Prevalent where he was Senior Director for Third Party Strategy, focused on assisting clients with the evaluation and enhancement of their third party programs. In his previous stint as a Santa Fe Group employee, he led the development of Vendor Risk Management Maturity Model (VRMMM) and the Certified Third Party Risk Professional (CTPRP) program. He spent many years in Banking, where he was responsible for risk management, privacy, and regulatory compliance, including third party oversight. Brad has served as an online privacy and compliance officer where he was responsible for the implementation and management of the policies and processes for third party contract compliance. He was also responsible for online authentication and identity theft initiatives; led the development of commercial eCommerce strategy; implemented key retail eCommerce initiatives; testified on behalf of the financial services industry at Congressional hearings on customer privacy issues; and, served as a member of the Enterprise Risk Governance Committee. Brad graduated with honors from the University of Missouri with a B.S. degree in Finance and received his J.D. with honors from St. Louis University School of Law. He is admitted to practice law in Oklahoma.
DPL Green Investment LLC
Doug Lawrence is CEO of DPL Green Investment LLC (sustainability consultant) and Managing Principal and co-founder of 5 Stone Green Capital LLC, a 100% green real estate fund. He has 30 years of distinguished real estate industry experience, and is an industry leader on the application of sustainable principles to real estate. Prior to forming 5 Stone, Doug spent 13 years at JPMorgan as a key member of the real estate asset management team wherein he served as a trusted fiduciary to many large pension plans. At JPMorgan, he was a Managing Director and co-Portfolio Manager of the 100% green real estate fund, the Urban Renaissance Property Fund. Prior to being a fund manager, Doug was a Senior Asset Manager at JPMorgan. Doug led the asset management, profit & loss, and value creation efforts for a large portfolio of industrial, office, multifamily and retail assets of more than 5 million square. The portfolio was valued in excess of $1 billion. As an Senior Asset Manager, he won nine (9) international and national awards for generating outstanding portfolio operating performance from peer groups BOMA, IREM and NAIOP. Before joining JPMorgan, Doug spent seven years as a Senior Asset Manager for TIAA-CREF’s real estate investment group. He managed several iconic assets such as the New York City’s Seagram Building deemed “one of the 10 buildings that changed America”. He also worked in the public sector as the Asset Manager for the City of Hartford, protecting and enhancing the City’s sizeable commercial property portfolio. Doug earned an MBA from the University of Connecticut in International Business Finance and received his BA from Yale University. He has lectured at Yale’s Graduate School of Management, on real estate, sustainable investing, impact investing, and ESG matters. He is a frequent speaker on effectiveness of green building, impact investing, sustainability and ESG topics. Doug is Vice-President of the National Association of Securities Professionals-NY, and a member of the Board of Trustees of the University of Connecticut Foundation wherein he also sits on its Investment Committee. He is a member of the Board of Directors of Third Way. He also serves on the U.S. Board of Directors of the Climate Group. Doug holds or has held NASD Series 7 & 63 licenses.
Senior Vice President, TPR Software Products
The Santa Fe Group, Shared Assessments Program
Colleen is the Senior Vice President of Third-Party Risk Software Products with The Santa Fe Group, where she leads the TPRM software team in development of the software products/tools for third party risk assurance. Colleen has over 20 years of experience within the financial services industry and consulting. She has lead programs associated with risk management, procurement/contract negotiation, mergers and acquisitions, and business process reengineering. She has regulatory and global experience executing portfolios to meet corporate strategy. Recently, Colleen managed the Third-Party Security Risk Assurance team for a bank where she reported to the CSO and ensured all due diligence, continuous monitoring and privacy requirements were met for the third-party inventory. She also was the Chair for the BITS Third Party Risk Committee with representation from multiple firms addressing the best practices and increased regulatory focus on fourth parties. She also managed the Cyber Delivery Management team executing the projects including third parties.
The Santa Fe Group, Shared Assessments Program
Charlie is a frequent speaker and a recognized expert in Third Party Risk. His key responsibilities include expanding the Shared Assessments Third Party Risk Management membership driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups and IoT research studies. He joined the Santa Fe Group, Shared Assessments in 2015 and has been in the third party risk space for over 15 years. He has vast industry experience, having set up and led third party risk management and financial services initiatives for several global companies. Charlie was the Director of Vendor and Business Partner Risk Management at AIG and implemented third party risk management programs at Bank of Tokyo Mitsubishi (BTMU). He held multiple leadership roles at Merrill Lynch & Co., Inc. overseeing the company’s global vendor management program and a Director of Technology Audit. He led a financial services practice unit as a consulting partner at Deloitte, focusing on technology outsourcing, risk management and cost control. He began his career at IBM as a systems engineer. Charlie is a Distinguished Fellow of the Ponemon Institute, Certified International Privacy Professional and Certified Third Party Risk Professional.
Sean is the Founder and Managing Director of DVV Solutions based in the UK. He serves as Co-Chairman – Shared Assessments UK/EMEA Best Practice Committee, is a member of the Shared Assessments – Global Risk Committee and the Shared Assessments UK Steering Committee.
Mitushi is a Director in KPMG’s Cyber Security Services Practice in the New York office with 15 years of management, technology and cybersecurity advisory and implementation experience in KPMG. She is specialized in Information and Cyber Security, Third Party Risk Management, IT Risk Management, and IT Project Advisory services. She has serviced multiple large organizations across financial services, telecom and technology industries across the globe. She is currently leading large third party security engagements and innovation for KPMG US.
The Santa Fe Group
Gary Roboff is a Senior Advisor to the Santa Fe Group where he focuses on payments, risk management, mobile financial services, and information management. Gary has almost four decades of experience in financial services planning and management, including 25 years at JP Morgan Chase where he retired as Senior Vice President of Electronic Commerce. Gary has worked extensively in electronic payments, payments fraud, third party risk management, privacy and information utilization, as well as business frameworks and standards for electronic commerce applications. Gary was a founder of the International Security Trust and Privacy Alliance (ISTPA); led the effort to return the Bank to the merchant services business with the founding of Chase Merchant Services LLC (now Chase Paymentech); and led the development of pinned debit services at Chemical and Manufacturers Hanover. During 1993 and 1994, while on assignment from Chemical Bank, Gary served as President and CEO of the New York Switch Corporation, (the NYCE ATM and Debit Network), and was a founder of its successor corporation (NYCE Corporation, now an affiliate of FIS). Gary has served on the Board of Directors at multiple companies and organizations including ISTPA, the NYCE network, and the Electronic Funds Transfer Association, and served on the Board of Trustees at Clark University for 12 years, nine of them as Vice Chair. Gary received his B.A. and M.A. degrees from Clark University, and has completed additional graduate work at M.I.T.
VP Global Incident Management
Randy is Vice-President, Global Incident Management in State Street’s Enterprise Continuity Services where he focuses on response programs as well as supporting the firm’s 3rd Party Resilience program. Prior to returning to State Street, Randy was at Charles Schwab where his roles included Managing Mainframe Database, Systems and Network, Infrastructure Audit as well as roles including lead Engineer on Technology Resilience, developing and implementing 3rd party program resilience as well as Solutions Architect for Public Cloud implementation and data center strategy. Randy is a CTPRP and is co-Chair of the Shared Assessments Regulatory Working Group
Founder and CEO
Solem Risk Partners LLC
Linnea Solem is CEO and Founder of Solem Risk Partners, LLC a management consulting and advisory services company focused on Privacy Program Management, Third Party Risk Management, and Enterprise Risk Management. She is a management consulting executive and former Chief Privacy Officer and Vice President Risk/Compliance for a large diverse technology service provider. She has a cross-functional background with 30+ years of experience working in regulated industries. She has over 20+ years of experience working with Executive Management and Audit Committee/BoardofDirectorexpectationsforpubliccompanycontrolsandserviceproviderrelationships. Herfocusis on helping clients navigate the risk landscape with confidence. Linnea and her firm were recently recognized as one of the “10 Best Entrepreneurs of 2020” by Industry Era Magazine. Linnea is designated a Fellow of Information Privacy (FIP) from the International Association of Privacy Professionals. She maintains her Certified Privacy Manager Certification (CIP/M); Certified Information Privacy Professional (CIPP/US and CIPP/C) for the U.S. and Canada. She is a founding holder of the CTPRP certification for third party risk and is a Certified Third Party Assessor (CTPRA). Linnea is on the Board of Directors for Women Venture, a non-profit organization that focuses on enabling women to grow profitable and sustainable businesses with training, micro- lending and advisory services. Women Venture is a Women’s Business Center as designated by the U.S. Small Business Administration (SBA). She holds a master’s degree in Business Administration from Capella University; a Bachelor of Science in Marketing from the Carlson School of Management at the University of Minnesota; and a Bank Administration Institute Certificate in Banking Operations and Technology from Vanderbilt University.
Author, Pastor, Comedian
A trial lawyer turned Baptist preacher and standup comedian, Susan Sparks is America’s only female comedian with a pulpit. Currently the senior pastor of the historic Madison Avenue Baptist Church in NYC (and the first woman pastor in its 170-year history), Susan is also the best-selling author of five books, a TEDx speaker, and an award-winning nationally syndicated columnist. Featured in the Oprah Magazine, the New York Times, the History Channel, and on CNN, CBS and ABC, Susan is an internationally known speaker, preacher and professional comedian touring with a standup Rabbi and a Muslim comic in the acclaimed “Laugh in Peace Tour.” “An incredible pair of boots, a motorcycle, a wicked sense of humor and a heart that warms you like a southern style breakfast. That’s my pastor Rev. Susan Sparks.” -Tamron Hall, the Tamron Hall Show “Laughter like music is a universal language. And Susan Sparks speaks that language like no other.” -Naomi Judd, Multi-Platinum Country Music Artist
VP Solutions Delivery and CPO
Secure Digital Solutions, Inc.
Adam Stone, Vice President Solutions Delivery and Chief Privacy Officer for Secure Digital Solutions, Inc., (developer of the TrustMAPP® Security Performance Management (SPM) platform) has over 30 years business leadership experience with 21+ years overseeing data privacy and security functions for pharmaceutical distribution, healthcare, insurance, financial services and marketing organizations. As a data privacy and security expert, Adam has significant experience implementing and refining data privacy and security practices and processes and affecting sometimes-disruptive change across large organizations. He is particularly skilled in navigating complex customer-facing initiatives to guide executives towards profit-generating activities that encourage customer loyalty by focusing on trust and confidence. Adam earned an MBA from University of St. Thomas and a BA in Philosophy from the University of Minnesota-Twin Cities.
Atul Vashistha is recognized globally for his expertise on supply chain risk, digital technologies and global sourcing. His unique experience and skillset enables him to provide expert guidance on the intersection of technology, global business and risk management. Atul Vashistha currently serves on the boards of Zemoga, Shared Assessments, and IAOP. Atul had the distinguished honor of serving on the US Department of Defense Business Board for over 12 years including as former Vice Chairman from 2018-20. Atul is a former Chair of YPO Norcal chapter and is currently a YPO Gold Suncoast member. Atul is the Founder and Chairman of two companies, Neo Group & Supply Wisdom, and is also the visionary behind the GBSBoard and RiskBoard. For more than 21 years, Atul and his teams at Neo and Supply Wisdom have worked with nations and corporations to leverage global talent, big data, automation and other technology mega-trends to accelerate new capabilities, increase resiliency, mitigate risks and enable better outcomes. Prior to founding Neo, Atul was Senior Vice President of International at Cardinal Health (NYSE: CAH) where he led the international operations of the Fortune 25 Company. Atul and his seasoned team at Cardinal expanded profitable operations to Australia, New Zealand, Spain, UK, Singapore, Brazil, Mexico, Japan and other global locations. More importantly, his in-depth international experience earned him the admiration and respect of global CEOs and investors. Media and Wall Street analysts at CNN, ABC, CNBC, Wells Fargo, Fortune, Forbes, Business Week, Wall Street Journal, Investor’s Business Daily, Economist, CIO, CFO and other global organizations seek Atul’s expert opinion. Atul continues to be a vocal proponent of globalization and has taken on the critics, such as Lou Dobbs on his former “Exporting America” segment on CNN. Atul has authored three books: Globalization Wisdom, Outsourcing Wisdom and The Offshore Nation. Additionally, he is a frequent contributor to many leading business publications that have published numerous of his bylines including the influential American Bankers Association (ABA) Journal and Corporate Board Member. ABA Journal: A New Way Forward with Risk Operations Centers Corporate Board Member: The Dangers of Underinvesting in Risk The Secretary of Defense awarded Atul “The Office of the Secretary of Defense Medal for Exceptional Public Service” in 2014 and again in 2021. Atul was recognized by Consulting Magazine as both a “Top 25 Most Influential Consultant” and “Top 6 IT Powerbroker”. Globalization Today recognized Atul as an “Industry Most Influential Powerhouse 25”, and Near Shore Americas recognized him as one of the “Power 50.” In 2018, Atul was inducted into the prestigious IAOP Hall of Fame and has received Shared Assessments “Evangelist Award”. NeoGroup was recognized by IAOP in 2019 as a “Best of the World’s Best Outsourcing Advisor”. Also, in 2019, Enterprise Security Magazine recognized Supply Wisdom as a “Top 10 Risk Management Service Provider”. USPTO granted Atul a patent in May 2020 for his system for supply chain risk intelligence. Further details can be found at www.neogroup.com, www.supplywisdom.com, or www.google.com (search for Atul Vashistha).
Global Head of Security & Technology Risk Management
Marnie Wilking is a cybersecurity executive with more than twenty years’ experience strengthening Information Security and Enterprise Risk Management Programs. Marnie possesses a unique set of skills and experience enabling businesses to maintain speed and agility while improving risk outcomes. She excels at partnering with executive leaders to understand risk, and leverage cybersecurity and risk management to create business value. Marnie established and grown Security and Enterprise Risk Management capabilities to successfully meet the business and regulatory needs for Financial Services, Healthcare Technology, and eCommerce companies. Marnie currently serves as the Global Head of Security, Privacy, and IT Risk Management for Wayfair, the premier online destination for the home with over 250 million customers, and $10 billion in revenue. In 2020, in the midst of 80% growth, Marnie matured the Security and Risk Management Programs, and embedded security into the migration to a public cloud environment. Under Marnie’s leadership, innovations in employee onboarding and access resulted in a 90% decrease in calls to the help desk by new hires. In addition, the teams improved business resilience through regular, executive table top sessions, and established stronger metrics and reporting to ensure communication of risks to senior leadership and the Board. Marnie previously served as Chief Information Security Officer for Orion Health, a global healthcare information platform headquartered in Auckland, New Zealand, with $240M in revenue and over 100M global patient records. Marnie developed the strategy and built Security and Enterprise Risk Programs to support the digital transformation to a public-cloud SaaS solution while maintaining flexibility to meet diverse, global regulatory requirements. She achieved HITRUST certification for the SaaS solution within 17 months, while maintaining ISO Certification for the U.K. and E.U. business. Marnie provided risk management guidance through the divestiture of the Rhapsody product that yielded a $65M sale to investors. Marnie has held two cybersecurity leadership roles in Financial Services. As Information Security Officer for Wells Fargo’s Mortgage division, Marnie successfully integrated four operational risk management teams into a cohesive risk management organization. She established cross-functional processes which more efficiently addressed established and new regulatory requirements, and created a more business-focused and metric-driven approach to operational risk management.Marnie established the team and led the vendor oversight expansion program increasing scope from 700 to over 1500 vendors. Subsequently, she and other Wells Fargo Mortgage leaders met regulators from the Consumer Financial Protection Bureau (CFPB) to provide both reporting and guidance on vendor oversight best practices. As Director of Governance and Compliance at Early Warning, Marnie drove the risk assessment of two acquisitions targeted to create a new product line, Zelle, which processed over one billion peer-to-peer payment transactions during 2020. Marnie is currently a member of the Advisory Board for the Center for Research, Engineering, Science, and Technology (CREST) at Paradise Valley High School in Phoenix, AZ. She is also a member of the advisory boards for the CISO Executive Network and for the Cyber Strategy Retreat, and serves as co-chair and advisory member for the Boston Evanta CISO Executive Summit. Previously, Marnie served on the Advisory Council for the ISSA International CISO Executive Forum. Marnie is frequently sought out to speak on current topics in the industry, most recently on building communities to increase cyber resilience, building effective risk management programs, and diversity in cybersecurity. Throughout her career, Marnie has provided expertise and contributed to the work of outside organizations such as the Mortgage Bankers Association, the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Health ISAC, the Retail and Hospitality ISAC, and (BITS) Marnie and her husband split their time between Boston, MA, and Scottsdale, AZ. She enjoys traveling internationally when possible, including coordinating and leading volunteerism trips to Costa Rica and Ecuador for her daughter’s middle school Spanish Immersion classes. Marnie attained an MBA in Technology Management, and a bachelor’s degree in Mathematics and Statistics.
Victoria Yan Pillitteri
National Institute of Standards and Technology (NIST)
Victoria Yan Pillitteri is a supervisory computer scientist at the National Institute of Standards and Technology. She leads the Federal Information Security Modernization Act (FISMA) Team that develops the suite of risk management guidance used for managing information security risk in the federal government. Outside of work, she enjoys teaching group exercise classes, baking, and traveling.