Tom Kartanowicz

CISO Americas Commerzbank AG

Cyber Risk and Information Security professional with strong technology background, having experience in systems and security administration, software development and support. Advocate of the second line of defense and alignment of cyber risk and operational risk. Focus on risk management, cyber strategy, regulatory compliance, awareness and training and policy management. Clear and concise communication of security issues to business units and management. Speaker and panelist on all topics cyber. Current Responsibilities include: Cyber Risk Management framework development, including KRIs, risk appetite framework and Combined US Operations cyber risk leadership. Presenting Firm's cyber posture to senior management through security committees. 2nd line of defense and governance/risk/compliance focus. Working as part of global information security team with frequent coordination with Head Office colleagues. Develop and manage the Information Security Training and Awareness program ensuring that users and technical staff understand their responsibilities and the available mechanisms for protecting the firm’s information assets. Develop and implement a comprehensive Information Security risk management program allowing the prioritization of security risk remediation activities. Validate the firm’s compliance with all Information Security policies and regulations via regular gap analyses both firm-wide and within individual business units. Identify key enterprise security initiatives and align with business operational interests.