SEC Cybersecurity Risk Governance Requirements – Christopher Hetner – CSP #122
In April, the SEC is expected to finalize new rules on cybersecurity. The rules will require every publicly traded company to file disclosures with descriptions of their security strategy, governance, and risk management. Companies will need to explain to shareholders how they assess cyber risk, describe their security policies, and demonstrate a significant level of board oversight on cybersecurity issues.
The SEC rules are qualitatively different from existing cyber regulatory frameworks, such as HIPAA and PCI DSS, which skew toward enforcing technical controls handled by the IT department. The SEC rules, in contrast, demand that C-suites and boards get more involved and demonstrate a strategic approach to managing cyber risk.
Guest
Chris Hetner is a Senior Executive, Board Director, and leader in Cybersecurity recognized for raising cyber risk to the Corporate Board level to protect industries, infrastructures, and economies. He creates operational resilience by aligning robust Cybersecurity strategies with business objectives. Mr. Hetner’s professional judgment combined with a public company perspective and SEC regulatory and investor oversight experience has led to his success in corporate and government roles. Currently, he is on the board of directors of a PE Fund TCIG, a Senior Advisor for the Chertoff Group, the Special Advisor for Cyber Risk for the NACD, Chair Cybersecurity and Privacy for the NASDAQ Center for Board Excellence and a National Board Member of the Society of Hispanic Professional Engineers.
He served as the Senior Cybersecurity Advisor to the Chair of the United States Securities and Exchange Commission and as Head of Cybersecurity for the Office of Compliance Inspections and Examination at the SEC. He also represented the Chair of the SEC as a senior member of the US Department of the Treasury Financial Banking Information Infrastructure Committee. His greatest contributions included vision for and implementation of the first agency wide Cybersecurity governance structure, threat intelligence program, and incident response capabilities. The Cybersecurity framework he implemented improved the National Examination Program’s ability to monitor and respond to Cyber risks and threats across the US Securities market.
Host
Todd Fitzgerald promotes CISO/CPO leadership via the SCMedia CISO STORIES weekly podcast, advisory board participation, and international speaking engagements. Todd serves as VP, Cybersecurity Strategy, Cybersecurity Collaborative. Todd authored 5 books, including #1 New Release (2024) Privacy Leader Compass: A Comprehensive Roadmap for Building and Leading Practical Privacy Programs, and #1 Best-selling (2019-2023) and 2020 CANON Cybersecurity Hall of Fame book, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. Named 2016–17 Chicago CISO of the Year, Todd’s senior leadership positions include Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, Wellpoint/National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.
