Speakers 2023

As Chief Risk Officer, Rodney leads the Risk Management, Compliance and Ethics, and Assurance and Advisory functions for OMERS. Under his leadership, these functions work closely with the businesses units across OMERS to fulfil their mandate, and to provide ongoing monitoring and reporting to senior management, the OMERS Board of Directors and its various committees.

Prior to joining OMERS in 2011, Rodney worked as a Partner at an international accounting firm, where he specialized in auditing complex public and private companies. During this time, he also held several leadership roles with the firm.

A graduate from the University of Kent at Canterbury, with an Honours Degree in Accounting with Computing (Honours), Rodney is an Associate of the Institute of Chartered Accountants in England and Wales (ACA-UK).

He is also a Chartered Professional Accountant (CA, CPA) in Canada. Originally from Ireland, Rodney is passionate about giving back through involvement with community. Rodney also serves on the Financial Committee for Crescent School. He lives in Toronto with his family.

Norine Richards is the Director for Bank Information Technology for the Office of the Comptroller of the Currency’s (OCC) Operational Risk Policy Division.

In this role, Ms. Richards manages the team responsible for developing, communicating, and interpreting policies for the OCC’s supervision of technology operations at financial institutions. She represents the OCC on several interagency groups, including the Federal Financial Institutions Examination Council’s Information Technology Subcommittee. The interagency groups focus on coordination and development of information technology risk management supervisory guidance for such topics as information security, resiliency, technology operations, corporate governance, and independent risk management. She assumed these responsibilities in May 2020.

Previously, Ms. Richards spent 22 years as a National Bank Examiner specializing in information technology examination for significant service providers and financial institutions and served as the Bank Information Technology lead expert for the OCC’s Western District. Ms. Richards has also worked as an information security consultant in Washington, D.C., and was the Director of Risk Management for a financial institution.

Ms. Richards attended Bloomsburg University and is a Certified Information Systems Auditor and Certified Fraud Examiner.

Evan's background is in the measurement and quantification of credit risk and operational risk.  His primary focus is currently on supporting institutions in building operational risk modeling for stress testing, developing their risk identification process and developing their model risk management frameworks.
Some of his recent client engagements include:
For a foreign global bank, helped them develop a comprehensive operational risk framework for their US based IHC. Ensured both integration of the framework in their international framework as well as US regulatory compliance.
For a large internationally active US bank: supported major change of course in CCAR operational risk stress estimates a few months prior to submission in reaction to regulatory guidance.
For a large regional bank: built their CCAR loss projection model and wrote the documentation for the full CCAR operational risk submission.
For a global bank conducted a validation of their operational risk modeling framework for CCAR
  Prior to joining Oliver Wyman, Evan was the Head of Risk Consulting for Financial Institutions for Aon in Columbia, Maryland. He was in charge of building Aon's risk consulting practice for financial institutions and managed multiple teams based in North America and Europe to deliver services to clients worldwide. Previously, Evan was an Assistant Vice President of the Federal Reserve Bank of Richmond, where he created the center of excellence for operational risk which served the System needs for operational risk related matters. The team was in charge of the supervision of all AMA and CCAR banks in the US and developed the Fed's CCAR model for operational risk.
Evan earned a B.A. and M.A. in Economics from the Université Catholique de Louvain in Belgium. He received an additional M.A. as well as his Ph.D. in Economics from the University of California at Los Angeles.

Filippo is a financial economist in the Quantitative Supervision and Research (QSR) unit of the Federal Reserve Bank of Richmond. Filippo joined the Richmond Fed in 2014 after earning his doctorate in Finance at the University of Arizona. Prior to moving to the US, Filippo worked one year for Toro Assicurazioni S.p.a. (now Assicurazioni Generali S.p.a.) and obtained his master degree in Actuarial and Statistical Science from the University of Turin. Since he started working for the Richmond Fed he has been heavily involved in Operational Risk as both modeler and examiner.

Brian M. White is an accomplished IT Risk and Cyber Security leader with over 20 years experience across financial services and is currently serving as a Principal, Senior Vice President in the High Priority Initiatives function at Wells Fargo. He has held various Senior Leadership roles at Bank of America, TD Bank, MUFG Americas, and EY focused on IT Risk, Cybersecurity, Vendor Management & Testing, and Vulnerability Management.

Brian recently served as Head of Enterprise Application Security at Wells Fargo Bank, leading the enterprise Secure Development and Penetration testing programs for internally and vendor hosted applications. Prior roles include leadership of the Security & Customer Compliance programs for a Managed Services & Cloud Service provider supporting customers across Retail, HealthCare, and Government sectors.

He is passionate about making big problems boring, shifting risk management into risk prevention, and developing people. Brian holds a Masters degree in Business Administration from the McColl School of Business at Queen's University.

Jeffrey DiMuro is the deputy chief information security officer at ServiceNow. He works closely with the product, legal, and privacy organizations to create industry-focused capabilities to accelerate the adoption of the Now Platform globally while enhancing security initiatives to support the organization's financial services products.  Jeffrey also leads ServiceNow’s data governance, insider threat, security risk, and vendor security strategy programs. He regularly liaises with the global regulatory community to proactively communicate pending changes to laws and regulations impacting ServiceNow customers.

Best known for leading security programs with a business mindset, Jill Leavens Jones offers nearly 18 years of corporate and public sector security experience in addition to a wealth of expertise in law and communications. In her previous role as Director of Executive Protection at Facebook, she delivered the strategies and plans to protect high-visibility executives as they trek the globe to accomplish business and community building initiatives. Her 10 years as a Special Agent with the US Secret Service included presidential and vice-presidential protective details as well as investigations of financial and electronic fraud cases.

Chris is a member of Milliman’s Cyber Risk Solutions (CRS) practice group.  The practice delivers a portfolio of risk consulting services, such as enterprise risk design, cyber risk assessment and quantification, test and build projects, operational risk assessments, enterprise risk management (ERM) education and training, and ERM technology evaluation. The CRS practice uses diagnostic consulting strategies to understand an organization’s enterprise risk goals and challenges and then customize solutions to deliver required business results. 

EXPERIENCE

Chris has 15 years of professional experience.  His experience includes work in the banking, insurance, capital markets and card sectors helping clients assess and mitigate risk. 

Prior to joining Milliman, Chris was a Senior Manager in Accenture’s Finance and Risk Management Consulting practice, delivering work for global financial service clients.   Additionally, Chris served as an active duty Naval Officer and has multiple overseas deployments. 

Professional experience and subject matter advisory includes: 

• Cyber Security metrics and governance
• Financial Service Regulatory and Compliance initiatives
• Risk Management 
• Corporate and Risk Governance
• Surveillance 
• Financial Services operating model and cost reduction
• Regulatory remediation and responses
• Legal department risk and optimization
• Leading large cross functional projects and teams

EDUCATION

• BS Political Science, University of Wisconsin–Madison
• MBA, University of Chicago – Booth School of Business

Carlos Pereira is a distinguished governance, risk and policy management executive with 20+ years of industry and risk consulting experience working with Fortune 100 companies, he is an honorary speaker at several Governance and Risk Management Conferences.

John Goodman is a Senior Vice President for the Cyber Risk Institute.  Mr. Goodman specializes in cybersecurity control standards for the financial services sector. He currently acts as the principal lead for CRI’s Profile, a NIST CSF-based standard for financial services.

He previously served as the Vice President of IT Management and Controls and as Deputy CIO for PenFed Credit Union.  While there Mr. Goodman was primarily responsible for technology governance, cybersecurity compliance, and technology risk management.  Mr. Goodman also contributed to the development of the CRI Profile as a volunteer while at PenFed.

Mr. Goodman holds a Bachelor of Science in Computer Science and Psychology (double major) from the University of Maryland, College Park and maintains several industry-recognized certifications, to include the CISSP, CCSK, CISM, CRISC, CGEIT, Open FAIR, and PMP.  He currently lives in Fairfax, Virginia.

Widely considered a thought leader in risk management and information security, Jack has been employed in technology for over thirty five years, and specializing in information security and risk management for over thirty years. During this time he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management.

Jack is the originator of the now industry standard risk measurement model known as Factor Analysis of Information Risk (FAIR). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach", which has been inducted into the Cybersecurity Canon as a "must read" for professionals in the industry. Jack was also on the ISACA task force that developed the RiskIT framework, and he led the ISACA group that developed the CRISC certification.

Today, Jack is in charge of Risk Science at RiskLens, Inc. and is a sought after speaker at national conferences and universities. He is also an adjunct instructor of risk measurement for Carnegie Mellon University. Jack is currently also the Chairman of The FAIR Institute (http://www.fairinstitute.org/), an award-winning non-profit organization led by information risk officers, CISOs and business executives to advance risk management practices based on FAIR.

Mark Hofberg is an accomplished risk management leader with over 20 years of industry experience.  He previously served as a leader in a variety of audit, risk and compliance management functions within retail, wealth, and investment banking at Bank of America.  Mark currently serves customers as Risk Solutions Executive within ServiceNow’s financial services division.  Prior to joining ServiceNow, Mark served as RSA Archer’s field risk officer for US and Canada.

Mark has held various senior leadership roles at Accenture, Bank of America, RSA and now guides customers on their integrated risk transformation journeys with ServiceNow.  He is passionate about the evolution of risk management, emerging risks, and the utilization of technology to optimize business outcomes.  Mark has co-authored white papers on impacts of technical debt, digital risk, and has a patent on optimization of technology decisions (US 8,321,363 · Issued Nov 27, 2012) along with a patent pending process risk prioritization model.  Mark holds a bachelor’s degree in engineering from North Carolina State University.

Mark has over 30 years’ experience in global capital markets, consulting and associated technologies, focusing on risk management, front- and middle-office platforms and data management. Before Chartis he held executive positions in large global financial institutions, consultancies and FinTechs, in various roles including platform and software development, solution architecture, large-scale program management, vendor selection and implementation, and strategy development and execution.

With a background covering the front, middle and back office, Mark brings to Chartis a holistic view of business, technology and regulatory issues across the enterprise, and how these issues can be addressed by leveraging appropriate technology solutions. His primary focus has been risk technology, and his work in this area includes: leading the global teams for risk technology at RBS Capital Markets and AIG; working with middle- and front-office technology teams at Barclays Capital; extensive consulting experience with major consulting organizations including EY and Deloitte; and extensive vendor experience, including time at Algorithmics and Misys (now Finastra). Mark has an MA from Oxford University and is a Fellow of the Institute of Chartered Accountants in England and Wales.

Mr. Clinton is President and CEO of the Internet Security Alliance. Twice listed in “Corporate 100” most influential individuals in corporate governance. Primary author/editor of Cyber Risk Management Handbook published by NACD, endorsed by DHS and DOJ. PWC has independently assessed the books and found their use produces a variety of positive security outcomes. Mr. Clinton testifies before Congress, NATO, the G-20 Summit, and Federal Reserve.  He teaches for NACD and Wharton, is Chair of IT Sector Coordinating Council, Subject Matter Expert for CISA’s, certified in cyber risk management by Carnegie Mellon, and author of books and articles internationally. 

William Guenther is the Advanced Cyber Security Center’s (ACSC) Executive Chairman and organized the founding partners for the nonprofit in 2011 through his regional competitiveness consulting firm, Mass Insight Global Partnerships. 

The Boston-based ACSC advances member cyber defense strategies through regional, national and global practice-sharing networks of industry leaders and provides professional opportunities for rising talent.

With more than 30 years of experience in cyber security, national security and critical infrastructure protection, Keith currently holds the position of National Security Advisor for the Federal Reserve Banks.  In his present role he serves as the primary liaison between the Federal Reserve Banks, the intelligence community, and federal law enforcement.  His mission is to ensure that our nation’s central bank benefits from timely and relevant classified national security information associated with global threat actors and associated risks.

Jenny W. Hedderman Esq. is Risk Counsel from the Office of the Comptroller in Massachusetts. Attorney Hedderman specializes in compliance, internal controls and risk management in the areas of statewide accounting, payroll, financial reporting, and statewide financial audits for the 154 state agencies.  Her current focus is developing the Comptroller’s Statewide Risk Management program, including cybersecurity internal controls and cybersecurity awareness to reduce fraud and cyber incidents.  Recent projects include the CTR Cyber Center website (macomptroller.org/ctr-cyber/) with Cybersecurity Department Responsibilities, Cybersecurity Tips of the Week, CTR Cyber 5 (5 minute videos) and other internal controls to improve financial responsibility and protection of data, assets and resources across the Commonwealth. Attorney Hedderman is Chair of the State Records Conservation  Board as well as Adjunct faculty in Business Law at Endicott College.

Prior to joining Risk, he reported on the futures and foreign exchange industries for Dow Jones' Financial News and the Euromoney group of publications. Osborn holds a bachelor's degree in English literature from the University of Warwick.