Shahryar Shaghaghi

Shahryar is a senior executive in technology and risk management, focused on cybersecurity and data privacy programs and has over 30 years of experience across a wide range of organizations in various leadership roles. Lecturer at Columbia University for more than 4 years, focusing on IT Risk Management and Strategic Communications courses for the Enterprise Risk Management Graduate Program.

By leveraging his extensive cybersecurity, technology, and risk management implementation and leadership experience garnered from his tenure with major global consulting, financial services, and government entities, Shahryar has successfully helped many organizations achieve their goals and optimize their critical and strategic programs while managing and mitigating risks. Some highlights of his career and key accomplishments are listed below:

• Partner and practice leader in Technology and Risk Management with major management consulting organizations including Deloitte, Kurt Salmon, BDO, and CohnReznick
• As the Executive Vice President and Head of IT Risk Management at Citigroup (at the time the largest bank in the world), led the largest risk and compliance implementations in the history of the bank and achieved “satisfactory rating” from OCC and FRB
• Served as the senior advisor to the Federal Reserve Bank of NY to oversee and review all FRBNY’s cybersecurity program policies, standards, and frameworks for the FRBNY’s Internal Audit
• Led New York City Department of Education’s Cybersecurity Assessment and enhancement programs
• As a member of AICPA’s Center for Audit Quality (CAQ) and Assurance Services Executive Committee (ASEC) Cybersecurity Working Group, Shahryar developed SOC for Cybersecurity (SOC 3) attestation framework
• Built and led Cybersecurity, Privacy, and Technology Consulting practices for BDO and CohnReznick
• Developed Deloitte’s Information Security Practice and designed the Operations Maturity Model (OMM) for Accenture
• Consulted and led various Global Technology Transformation and Risk Management programs for major organizations including American Express, JPMC, BNP Paribas, Mass Mutual, AXA-XL, Brown Brothers, Fidelity, Adidas, etc.
• Presented and advised Board of Directors with cybersecurity and data privacy reporting and conducted training and workshops
• Performed interim CISO role for some clients and provided cybersecurity education and advisory services to Audit Committee of Board of Directors
• Advised various organizations on risk quantification by aligning business risks to technology and cyber risks
• Managed engagements using industry recognized standards and frameworks such as NIST CSF, NIST SP 800-53, ISO 27001, FFIEC, SOC 2, COBIT, CMMI, HIPAA, PCI DSS, HITRUST, CIS, ITIL, GDPR and CCPA
• Throughout his career provided internal awareness, external market presence, and brand recognition through teaching and training, white papers, publications, webinars, and speaking engagements
• Participated and led various inclusive diversity groups at Deloitte and Citigroup