Don't Let 2020 be the Year of Hindsight. Act Now to Manage Your IT Risk.
The financial services industry is built on a robust IT infrastructure that is decades old. This sector is also an early adopter of digital transformation initiatives and the technology built upon this infrastructure is increasingly complex. We have seen IT outages and glitches costing in the millions of dollars, and cyber attacks becoming more frequent and sophisticated to cause disruption. As a result, regulators are under increasing pressure to act as it becomes clear organizations cannot self-govern their IT risk.
At the Cyber Resilience Summit: Managing IT Risk in Financial Services, CISQ will frame these issues and provide guidance on how to make systems rock-solid and resilient. Speakers will discuss how the financial sector, regulators, and national governments are working together to improve resiliency and stability.
Thank you to speakers and to everyone attending the event! Presentations are shared below.
KEYNOTE: KEVIN FEDIGAN, RESILIENCY-MINDED CIO
Kevin Fedigan is a senior technology leader with a deep expertise in building resilient products and systems. He has held senior technology roles in a fintech of its time - DLJdirect, Pershing - a global financial solutions provider, and BNYMellon - one of 30 Global Systematically Important Banks (G-SIBS). Within BNY Mellon, Kevin became the Divisional CIO of their Broker Dealer Services Division, where he oversaw the modernization of its US Government Clearance platform which increased resiliency and future proofing of a platform that supports upwards of $10T in US Treasuries clearance on a given day. He then became the CIO of BNY’s Asset Servicing Division where he was responsible for the end-to-end technology deliverables for the largest line of business within the bank. Kevin has won a number of industry and company awards, including being named in Computerworld’s 2014 Premier 100 IT Leaders, as well as in CIO.com’s 2016 Analytics 50 Honorees, and has spoken at industry conferences around the globe.
Some of the key themes Kevin will be sharing with us is how he fostered a measure-first culture, the importance of developing a robust risk management cycle, how he managed the collaboration between product, operations and development teams, and the roles of suppliers and third parties in reducing IT risk.
WAR STORIES - HOW TO GET IN CONTROL OF YOUR SOFTWARE AS SEEN FROM A C-LEVEL PERSPECTIVE
Theis Eichel, Partner, PricewaterhouseCoopers
Markus Friede Hens, Senior Manager, PricewaterhouseCoopers
Theis Eichel works with enterprise organizations to audit IT systems, systems development, and software outsourcing. He runs a Center of Excellence (CoE) at PwC to measure software quality and resilience to industry standards and advises executives on how to take a standards-based approach to IT and business risk. He will discuss how standards can be used to improve outcomes, demonstrate impartiality, and reduce compliance and audit overhead.
MEASURING TECHNOLOGY RESILIENCE
Frederic Veron, Principal, Ernst & Young
Frederic Veron is a senior executive at EY with extensive experience in the financial services technology industry, most recently in CIO/CTO roles at Fannie Mae and Deutsche Bank. He will define technology resilience and discuss how to measure it. Frederic will uncover a blind spot overlooked by enterprise IT leaders, auditors, and regulators. He will emphasize code quality and its impact on resilience.
11:00AM: GETTING PRACTICAL ABOUT SUPPLIER RISK
David Norton, Advisory Board Member, CISQ
David Norton is an advisor to CISQ, an industry body that develops and promotes standards for software quality measurement across industries. The standards are used in software development and maintenance and in contracts with suppliers as requirements for code delivery. David will explain how to use standards in contracts and service level agreements (SLAs) to reduce risk and cost. He will share sample contract language and best practices for working with suppliers to deliver trustworthy software and software-intensive systems.
Objectives for attendees
- Clearly understand the risk enterprises are facing from increasing IT complexity and mission criticality
- Learn how to engage auditors not with hindsight but with foresight to mitigate IT risk
- Learn how to use software quality standards with suppliers for the development of new solutions and the maintenance and support of existing systems
- From a regulatory perspective, hear what industry can do to put its own house in order to stave off greater regulation
The Consortium for Information & Software Quality™ (CISQ™) is an IT industry leadership group that develops international standards to automate software quality measurement and its members promote the development and sustainment of secure, reliable, and trustworthy software. Through the work of CISQ, industry-supported standards have been developed to measure software size, structural quality, and technical debt from source code. These standards are used by IT organizations, IT service providers, and software vendors in contracting, developing, testing, accepting, and deploying software applications. www.it-cisq.org
About QA Financial
QA Financial is an independent information, research and events company. Our content is focused on how financial firms are managing and improving the quality of their software. www.qa-financial.com