CISO Financial Services NY schedule

During this 5-minute networking session, the aim of the game is to go and meet two people you don't already know.  

• How can sleepless nights, board politics, and regulator heat be managed without burnout? 

• Which AI-driven threats and hybrid risks are keeping CISOs awake in 2026? 

• When speed clashes with security and compliance with agility, how can the trade-offs be survived? 

• What do CISOs wish had been known before stepping into the role? 

Albert Laweh Tetteh, Chief Information Officer - GCB Bank Limited 

• “Never trust, always verify” sounds good, so why does it stall in practice and slow workflows? 

• How can systemic risk from multi-cloud reliance be contained before it cascades? 

• Regulators are demanding proof - what evidence convinces them that Zero Trust works? 

• Can airtight access controls and smooth user experience ever succeed at the same time? 

An informal, interactive session where attendees ask questions directly to a panel of veteran CISOs and cybersecurity leaders. The session is designed to foster candid discussion around today's most urgent topics- real insights in real time. 

Focus Areas: AI risk and security, regulatory complexity (SEC, NYDFS, DORA), board-level communication, and building resilient cyber teams.  

Moderator: Alexander Abramov, Head of Information Risk -Financial Services 

Jessica Wilson, Business Information Security Officer – Bank of America 

• How can deepfake fraud, model poisoning, AI-powered phishing, and AI in credit or lending decisions be stopped? 

• Who owns AI risk, and which frameworks or guardrails keep innovation safe? 

• Who carries the liability when AI fails in FS? 

• How is AI risk best reported in board language? 

• What playbooks work for AI-specific incidents like data leakage or model poisoning?

The moderator throws out a statement, and you raise your hand: yes, no, or maybe.  

Topics include third-party risk, overlapping compliance, board metrics that miss the point, and whether resilience plans would hold up.  

Speaker and topic to be announced 

• Where do compliance frameworks overlap across borders, and how can the duplication be cut? 

• What makes a compliance budget credible as resilience spend? 

• When does compliance move from obligation to competitive advantage? 

• Which signals of audit readiness build market trust? 
  

Moderator: Alexander Abramov, Head of Information Risk -Financial Services 

Noreen Fierro, Enterprise Chief Ethics & Compliance Officer - Principal Financial Group  

Nishit Mehta, Vice President, Analytics Solutions Manager – JPMorganChase 

• Which pipeline controls are best enforced through policy-as-code? 

• How can security checks be safely delegated to dev teams in regulated contexts? 

• What metrics demonstrate DevSecOps reducing audit findings? 

• Where does human review still outperform automated tools in FS? 

Every week there’s another “must-have” tool. In this session we run through common practices — IaC scanning, SAST/DAST, secrets management, SBOMs, automated checks, and more. For each one, you vote: real value or just noise. A few volunteers share why. 

Jessica Wilson, Business Information Security Officer – Bank of America 

Speaker and topic to be announced 

• Manual evidence collection is too slow- how can automation close the gap? 

• Multi-cloud means fragmented visibility and limited operational control -how do you fix it? 

• Can resilience be stress-tested before regulators force the issue with penalties? 

• Where’s the breaking point when trying to balance cost, performance, and security in multi-cloud?

• Where does privileged access and hybrid work create fraud blind spots? 

• Can behavioral analytics catch risk early enough to stop escalation? 

• How can HR, legal, compliance, and the CISO work from one playbook? 

• What builds trust culture without slipping into surveillance overkill? 

Albert Laweh Tetteh, Chief Information Officer - GCB Bank Limited  

• Which ransomware attack patterns and entry points are hitting FS the hardest? 

• How should payment dilemmas be handled under regulatory scrutiny in 2026? 

• Where do incident response playbooks usually break down? 

• What resilience gaps do tabletop exercises expose? 

• What risks come with AI-on-AI escalation between defenders and adversaries? 

• How can effective oversight frameworks be built for AI-augmented SOCs? 

• What early wins, and early fails are showing up in adopting agentic AI for FS security? 

• How can human analysts stay in the loop when machines move first? 

• How can the gap between visibility and operational control be closed? 

• Which compliance evidence must be automated in multi-cloud to satisfy regulators? 

• Can cloud resilience be stress-tested before regulators force the issue? 

• Where’s the breaking point when balancing cost, performance, and security? 

• How can Zero Trust be implemented across hybrid and multi-cloud environments? 

• What evidence of resilience does regulators expect to see? 

• How can systemic risk from single-cloud dependence be avoided? 

• Can customer experience be protected while workflows are locked down? 

• How do you embed post-quantum readiness into cloud strategy? 

• How can you secure serverless and containers without slowing delivery? 

• What AI analytics improve cloud threat detection accuracy? 

• Which cloud security capabilities will be baseline by 2028? 

Experts go head-to-head, using real incidents and risks from the field. We’ll start with a live poll to see where the room stands, then run it again at the end to track if minds have shifted. 

The debate centers on one tough question: should we ever let technology act on its own during a live cyber incident in financial services? 

The audience is part of it too so ask your questions, share your views, and see how your take stacks up against your peers. 

Jessica Wilson, Business Information Security Officer – Bank of America 

• How can skilled staff be retained under relentless pressure? 

• What’s the best way to upskill for AI-augmented SOCs and DevSecOps? 

• Where’s the balance between automation and analyst engagement? 

• How can cultures be built that truly sustain team performance? 

• Who owns AI risk when models impact lending, underwriting, or fraud detection? 

• How do you embed AI monitoring into cyber risk management? 

• What guardrails prevent AI misuse without stifling innovation? 

• How do you prepare for AI-specific incidents like data leakage or model poisoning? 

Which crisis hurts FS most today: AI fraud, regulator-pressure ransomware, or an insider leak? Pick one and solve it. Split into three teams (Technical, Board & Regulators, Communications & Customers). Each team has 8 minutes to agree on their top two actions in the first 24 hours, followed by quick share-backs and audience reactions.