Skip navigation Jump to main navigation

Morningside Campus Access Updates

Access to the Morningside campus is restricted. Read More.
Close alert

Shahryar Shaghaghi

Professor of Professional Practice, Enterprise Risk Management; Technology, Risk Management and Cybersecurity Executive

Shahryar is a Professor of Professional Practice and a member of Enterprise Risk Management (ERM) leadership team. For more than 5 years, Shahryar has been a lecturer with ERM, focusing on IT Risk Management and Strategic Communications courses. Shahryar brings significant industry experience, over 30 years of wide range of leadership roles in technology, risk management, cybersecurity and data privacy.

By leveraging his extensive cybersecurity, technology, and risk management implementation and leadership experience garnered from his tenure with major global consulting, financial services, and government entities, Shahryar has successfully helped many organizations achieve their goals and optimize their critical and strategic programs while managing and mitigating risks. Some highlights of his career and key accomplishments are listed below:

  • Chief Technology Officer with Quantum Xchange, developed and executed Quantum Xchange’s technology roadmap to enhance the company’s broader post-quantum crypto-agile infrastructure strategy, through continued product innovation
  • Partner and practice leader in Technology and Risk Management with major management consulting organizations including Deloitte, Kurt Salmon, BDO, and CohnReznick
  • As the Executive Vice President and Head of IT Risk Management at Citigroup (at the time the largest bank in the world), led the largest risk and compliance implementations in the history of the bank and achieved “satisfactory rating” from OCC and FRB
  • Served as the senior advisor to the Federal Reserve Bank of NY to oversee and review all FRBNY’s cybersecurity program policies, standards, and frameworks for the FRBNY’s Internal Audit
  • Led New York City Department of Education’s Cybersecurity Assessment and enhancement programs
  • As a member of AICPA’s Center for Audit Quality (CAQ) and Assurance Services Executive Committee (ASEC) Cybersecurity Working Group, Shahryar developed SOC for Cybersecurity (SOC 3) attestation framework
  • Built and led Cybersecurity, Privacy, and Technology Consulting practices for BDO and CohnReznick
  • Developed Deloitte’s Information Security Practice and designed the Operations Maturity Model (OMM) for Accenture
  • Consulted and led various Global Technology Transformation and Risk Management programs for major organizations including American Express, JPMC, BNP Paribas, Mass Mutual, AXA-XL, Brown Brothers, Fidelity, Adidas, etc.
  • Presented and advised Board of Directors with cybersecurity and data privacy reporting and conducted training and workshops
  • Performed interim CISO role for some clients and provided cybersecurity education and advisory services to Audit Committee of Board of Directors
  • Advised various organizations on risk quantification by aligning business risks to technology and cyber risks
  • Managed engagements using industry recognized standards and frameworks such as NIST CSF, NIST SP 800-53, ISO 27001, FFIEC, SOC 2, COBIT, CMMI, HIPAA, PCI DSS, HITRUST, CIS, ITIL, GDPR and CCPA
  • Throughout his career provided internal awareness, external market presence, and brand recognition through teaching and training, white papers, publications, webinars, and speaking engagements
  • Participated and led various inclusive diversity groups at Deloitte and Citigroup


  • M.S., Embry-Riddle Aeronautical University
  • B.S., Bethune Cookman University