Get to know ISACA’s Board of Directors
Comprised of executive leaders from technology and business functions at organizations, as well as ISACA members with deep knowledge of the association and our community, the Board acts in the interests of ISACA’s stakeholders of members, partners, credential holders, learners and enterprise customers. It assures the growth of ISACA’s professional community worldwide and oversees its financial stability.
John De Santis
Chair John De Santis is a former company builder, chairman and CEO of multiple enterprises with experience in the software, networking and information security domains. He has more than 40 years of international and US-based experience at venture-backed technology start-ups and large global public companies in the telecom and IT fields. He currently serves on the boards of directors in a fiduciary capacity for organizations active in cybersecurity and artificial intelligence spaces, including Paladin Cloud, Cequence Security and ValiMail, leading innovators cybersecurity, and NoHold and Tweelin, early-stage innovators in the application of artificial intelligence.
De Santis holds a bachelor’s degree (concentration: Philosophy and Mathematics) from Fairfield University, and is a dual citizen of Italy and the United States maintaining homes in both countries. In addition to his work experience in the United States, he lived and worked in Europe and the United Kingdom for over 20 years.
ISACA Board Committees: Compensation & Human Capital Management; and Executive Committees
Niel Harper
Vice Chair Niel Harper, CDPSE, CRISC, CISA, CISSP, NACD Certified Director, is a technology and cybersecurity executive and the Chief Information Security Officer and Data Protection Officer at Doodle. He was previously the Chief Information Security Officer and Data Privacy Officer at the United Nations Office for Project Services (UNOPS). He has had senior leadership and advisory experience with AT&T, Bemol, Canonical, CIBC, Deloitte Consulting, European Commission, and the Internet Society, among others. Harper has more than 20 years of deep interdisciplinary knowledge across the domains of IT risk management, cybersecurity, privacy, ICTs for development (ICT4D), and technology law & policy.
He is the recipient of the 2021 ISACA Technology for Humanity Award and the 2021 IFSEC Caribbean Security & Resilience Award. Harper has also been recognized by the World Economic Forum as a Young Global Leader and a Global Shaper. He has held fellowships to the American Registry for Internet Numbers (ARIN), British Computer Society, OECD Technology Foresight Forum, and the Royal Society of Arts. He obtained a master of laws from the University of Strathclyde in Internet Law & Policy (specializing in cybercrime, privacy, and security), a master in business administration (MBA) from the University of Leicester, and an executive certificate in cybersecurity leadership and strategy from Florida International University. He is based in Germany.
ISACA Board Committees: Innovation &Technology Committee
Brennan P. Baybeck
Director and 2019-2020 ISACA Board Chair Brennan P. Baybeck, CISA, CISM, CRISC, CISSP, is SVP & CISO for Customer Success Services at Oracle Corporation. In his role, Baybeck leads a global team that addresses cyber security risk management for one of the largest lines of business at Oracle. He is responsible for leading security, privacy and resiliency for customer facing services, including Oracle’s Security Services. He has more than 30 years of experience in IT security, governance, risk, audit and consulting, and has worked in various industries designing, implementing and operating enterprise-wide programs to address global security risks. He has held other leadership positions at Sun Microsystems, StorageTek and Qwest Communications, and served as a security risk consulting director at a global consulting company for several years. Baybeck also has been actively involved with ISACA for more than 30 years, as ISACA’s International Board Chair and a board Director for several years, and served many years as a chapter board leader. He currently serves as a Director on the global ISACA Board. He is a recipient of the Western Michigan University’s Business Information Systems Outstanding Alumni Award in recognition of his distinguished service and accomplishments. He is based in the United States.
ISACA Board Committees: Compensation & Human Capital Management; Governance & Nominating; and Executive Committees
Tracey Dedrick
Director and 2020-2021 ISACA Board Chair Tracey Dedrick is a board member and chair of the Risk Committee for both First Bank Puerto Rico and Sterling FSB. She is also Lead Director for Sterling FSB. Dedrick was EVP and Head of ERM for Santander Holdings US, where she was responsible for enterprise risk, operational risk and market risk for the Americas. Prior to this role, she was EVP, Chief Risk Officer and a member of the executive team for Hudson City Bancorp, where she built regulatory compliant risk, compliance and information security functions. Prior to that, Dedrick spent nine years at MetLife, where she successively built the capital markets function for the newly demutualized company as assistant treasurer, reinvented the investor relations function, helping to double the share prices as head of investor relations, and installed a market-consistent economic capital model as head of market risk, leading to the eventual disposition of the annuity business. Dedrick is a past ISACA Board Chair and current Board Director and recently served as ISACA’s Interim CEO. She is based in the United States.
ISACA Board Committees: Audit & Risk; Compensation & Human Capital Management; and Governance & Nominating Committees
Stephen Gilfus
Director Stephen Gilfus is general partner at Oversight Ventures, an education and workforce-based investment firm focused on knowledge and learning solutions in growing industry sectors (cybersecurity, A.I., safety, and risk). He is also chairman of the board of the Gilfus Education Group, a DC-based education and training industry think tank he founded in 2008. Gilfus started his career in 1997 as one of the founders and business architects of Blackboard Inc., a global eLearning software and eLearning technology and infrastructure company. He is a seasoned and entrepreneurial board member, operator, investor, and founder with over 25 years of experience guiding, strategically growing, and supporting mission-based organizations, not-for-profits, education businesses and institutions, industry investors, government entities, education companies, and entrepreneurs serving them.
Gilfus also has extensive experience evaluating and combining synergistic value and managing transactions for business combinations, roll-ups, acquisitions, and divestitures, as well as start-up experience with high-growth organizations serving global education, Fortune 1000 corporations, and government institutions. He is a limited partner and industry advisor at New Markets Venture Partners and an operating partner and advisor for The Vistria Group, a middle-market private equity firm. He is passionate about empowering organizations and people with capabilities that can positively impact industries while improving the lives of individuals. He is based in the United States.
ISACA Board Committees: Compensation & Human Capital Management and Innovation & Technology Committees
Gabriela Hernández-Cardoso
Director Gabriela Hernández-Cardoso, NACD Certified Director, has spent her career in both public and private sectors. In 2010, she was appointed President and CEO of GE Mexico, and in 2013, she was named Latin America General Counsel for GE. Prior to joining GE, Gabriela worked in the Mexican government, holding positions in the NAFTA negotiation team, Under-Attorney for Consumer Protection and in the Ministry of Communications and Transportation, first as General Director for Telecommunications and then as Undersecretary for Communications, a presidential appointment. In the private sector, she has had experience in corporate law and international trade, working in companies such as Motorola and Tellabs. Gabriela earned her law degree with honors from Escuela Libre de Derecho, completing post-graduate studies. She is a Yale World Fellow (2016). She taught the course “Building a Business in a Failed State—A Practicum for Hope Village, Somalia” at Yale, leveraging the student´s talent to create a sustainable business model for Hope Village bringing economic resources, purpose and dignity to the population. This was the beginning of a continued effort to pursue social enterprises to enhance the intersection of public, private and social sectors in order to target a culture shift and create a virtuous circle with the main focus areas: tools for the XXI Century human being, a conscious economic vehicle and the rule of law as a backbone.
Gabriela is also an independent board member of diverse institutions and corporations in Mexico and other countries. As an active board director her focus is pursuing purpose capitalism with a focus on Sustainability/Environmental, Social and Governance. She is based in Mexico.
ISACA Board Committee: Compensation & Human Capital Management Committee
Jason Lau
Director Jason Lau, CGEIT, CRISC, CISA, CISM, CDPSE, CISSP, HCISPP, FIP, CIPP/E, CIPM, CIPT, CEH, is a seasoned professional with over 25 years of experience working with global Fortune 500 companies, and demonstrated expertise in cybersecurity, data privacy, corporate governance, risk management and management consulting. He currently serves as the Chief Information Security Officer at Crypto.com, overseeing a global platform with over 100 million users, and previously held cybersecurity advisory leadership positions at Microsoft. In addition, Lau serves as an adjunct professor for cybersecurity and privacy at the HKBU School of Business and an elected official member of the Standing Committee on Technological Developments for the Privacy Commissioner for Personal Data (PCPD). Lau also sits on the Advisory Board for BlackHat MEA and formally on the Advisory Board for the International Association of Privacy Professionals (IAPP) as well as being honored as an IAPP Westin Emeritus Fellow. Lau’s board accreditations include being a Senior Accredited Board Director from the Singapore Institute of Directors, and a Fellow of the HK Institute of Directors and completed executive director corporate governance leadership programs at Stanford University.
Lau participates in multiple global think tanks as a cybersecurity and data privacy subject matter expert, including the World Economic Forum and Centre for Information Policy Leadership (CIPL), and is a contributor to the Forbes Technology Council. His contributions to the industry have consistently earned him a spot on the IDG Top CSO30 list, and he has also been awarded Business Magazine Executive of the Year for Cybersecurity and Data Privacy. He splits his time between Singapore and Hong Kong.
ISACA Board Committees: Innovation & Technology Committee
Massimo Migliuolo
Director Massimo Migliuolo is an experienced CEO from the technology sector, currently serving as executive chairman at Intuin and founder and director of Cedro and Kibe, three companies created with his sons, where he is engaged in developing value chain optimization in the sustainability, retail and construction verticals. Previously, Massimo was the Chief Executive Officer of Vads and Vads Lyfe, both owned by government-controlled Telekom Malaysia. While at Telekom Malaysia, Massimo also served as Chief Executive Officer of Intelsec, where he executed on customer partnerships and joint ventures. Before that, Massimo served as a senior executive at Cisco for twelve years, including as vice president of emerging markets and vice president of mobile operations worldwide, as well as in various roles with AT&T Network Systems and Lucent Technologies. He splits his time between Malaysia and Switzerland.
ISACA Board Committees: Compensation & Human Capital Management and Innovation & Technology Committees
Pamela Nigro
Director and 2022-2023 ISACA Board Chair Pamela (Pam) Nigro, CRMA, CISA, CGEIT, CRISC, CDPSE, is Vice President of Security and Security Officer at Medecision, where she is responsible for all cybersecurity efforts that secure and protect information important to Medecision and its customers, while ensuring the overall cyber resiliency of the company. Previously, she was Vice President of Information Technology and Security Officer at Home Access Health Corporation. She is a recognized subject matter expert in HIPAA, HITRUST, SOC 1, SOC 2, Sarbanes-Oxley (NAIC-MAR), and IT/cybersecurity controls and risk assessments. Nigro is also an adjunct professor at Lewis University in Illinois, USA, where she teaches graduate-level courses on healthcare data security, privacy, ethics, risk, IT governance and compliance, and management of information systems in the MSIS and MBA programs. She has more than 25 years of experience in the information technology industry and holds numerous IT certifications. She has also been awarded “Distinguished Toastmaster” from Toastmasters International. Nigro is a frequent speaker at industry conferences. She is based in the United States.
ISACA Board Committee: Audit & Risk; Compensation & Human Capital Management; and Governance & Nominating Committees
Jamie Norton
Director Jamie Norton, CISA, CISM, CGEIT, CISSP, CIPM is a Partner at McGrathNicol, a specialist Advisory and Restructuring firm committed to helping businesses improve performance, manage risk, and achieve stability and growth. He also serves on the Advisory Board at Avertro, a cybersecurity startup enabling informed and defensible data-driven decisions about organisational cyber resilience and AI safety. He has over 25 years’ experience in managing security resilience for State and Federal Government agencies and commercial organisations. He is the former Chief Information Security Officer (CISO) at the Australian Taxation Office (ATO), one of Australia’s largest federal government agencies, where he led the security governance, risk, intelligence & operations, testing and forensics teams. He has chaired and supported several senior industry and interdepartmental committees on cyber strategy and resilience and the senior Australian representative at international government forums on cybercrime. He has previously held leadership roles at NEC, Tenable, Check Point, and the World Health Organization.
Jamie has been involved with ISACA for nearly 20 years, at the local chapter board, conference organiser and most recently with the CISM Certification Working Group. He holds degrees in accounting and information technology from the Australian National University and is an affiliate member of Chartered Accountants Australia and New Zealand. Jamie is a regular and accomplished industry speaker and media commentator on cyber security. He is based in Australia.
Maureen O'Connell
Director Maureen O’Connell, NACD Certified Director, has executive experience in both finance and education. Most recently, she was executive vice president and CFO of Scholastic Corp., where she was responsible for finance, operations, supply chain, technology, HR and legal. O’Connell has also served as president at Gartner and CFO of Barnes & Noble. She has more than 30 years of progressive experience in finance and operations management and has been named “Financial Executive Who Will Make a Difference in the Next Decade” by CFO magazine. She also received the CFO World-Class Award from CFO Studio and was named one of the 30 Outstanding Women in Business by Treasury & Risk Magazine. She is based in the United States.
ISACA Board Committees: Audit & Risk Committee
Erik Prusch
Director Erik Prusch is Chief Executive Officer for ISACA. Prior to joining ISACA, Erik most recently was chief executive officer at Harland Clarke Holdings Corp., a provider of integrated payment solutions and integrated marketing services. He has also served as CEO for Outerwall, Lumension, NetMotion Wireless, Clearwire and Borland Software Corporation. Additionally, he has been a board member for RealNetworks, WASH, Calero Software and Keynote Systems. Previously in his career, Erik served as chief financial officer for a number of public companies, such as Identix and Borland, and for divisions of public companies, such as Gateway Computers and PepsiCo. He began his career at Deloitte & Touche (then Touche Ross). Erik holds a bachelor’s degree from Yale University and an MBA from NYU’s Stern School of Business. He is based in the United States.
Asaf Weisberg
Director Asaf Weisberg, CSX-P, CISM, CRISC, CISA, CGEIT, CDPSE, is a highly experienced IT and cyber security executive with strong strategic skills, and the founder & CEO of introSight Ltd. Over the years at introSight, he developed a unique quantitative risk management methodology, led development efforts of cyber risk management best practices and IT related regulation for governmental agencies, and directed countless business-centric projects in various areas of IT governance, risk and compliance. He has more than 25 years of hands-on, managerial, and mentoring experience in cybersecurity and various other IT disciplines. Weisberg has been a member of ISACA and a chapter leader for more than 18 years and served as the president of the ISACA Israel Chapter. He is based in Israel.
ISACA Board Committee: Audit & Risk and Innovation & Technology Committees