Cyber and Operational Risk Management
April 30 - May 1, 2019 · Vancouver, BC
Featuring These Industry Experts
Saad Ali, Director, Governance, Controls and Operational Risk, CIBC
As the leader of the Governance, Controls and Operational Risk team in CIBC Finance, Saad Aliis responsible for ensuring the bank has a robust governance framework which meets regulatory standards, industry best practices, and complies with the enterprise’s risk appetite. He plays a multi-dimensional role with managing risk arising from business transformation processes and identifying enhancement opportunities within a Shared Services model. Saad has over 10 years of experience from various Financial Institutions with roles in Internal Audit for Capital Markets, Regulatory Risk and Finance. He is also a CPA and CA from PwC with a specialization in financial institutions and asset management. Saad is also involved in teaching roles with York University and CPA Ontario.
Manish Khera, Associate Partner, Forensic & Integrity Services, EY
Manish Khera is an Associate Partner in Ernst & Young LLP’s Forensic Integrity Services practice. Nationally, he leads Cyber Investigations, Digital Forensics and Data Analysis for Canada. This group assists clients in responding to, investigating and remediating cyber and security incidents, as well as investigating and solving cybercrime with a focus on strategic consulting, identification, preservation, collection, extraction of electronic records in support of litigation and investigation. Prior to joining the firm, he was the Vice President, Chief Information Security and Privacy Officer at Sentry Investments. Manish has also led the Merchant Compliance and Data Breach Investigation team for JP Morgan Chase globally, where he oversaw complex high-profile global cyber breaches of large merchant companies within the JPMC portfolio. Manish also formerly led the Data Protection, Consulting, 3rd party assessment and Application Security programs at RBC globally. In several situations, Manish was injected in high profile Fortune 500 company breaches where his role was to oversee the crisis and maintain stability in the midst of newsworthy incidents.
Manish has led the IT Security program at the post-breach TJX Companies, and earlier in his career, was both a computer forensic and security assessment consultant conducting complex investigations and leading both full penetration tests and vulnerability assessments. Manish has significant expertise in responding to all forms of computer crimes, attacks and abuses. He has led as well as supported complex cyber investigations involving crisis & incident management, corporate espionage, advanced computer intrusions, denial of service, insider attacks, malware outbreaks, internet fraud and theft of trade secrets. As a former CISO and CPO in financial services, Manish has a wealth of experience in guiding the protection of computer assets, policies, and intellectual property. He has worked in financial services environments with both automated and manual fraud detection controls and enabled the integration of programmed enforcement mechanisms to disallow the external sharing of fraud data and policies.
Manish recently led a large scale Cyber incident investigation at a major US retailer whereas the adversary was able to exfiltrate 3rd party authorized gift cards. The adversary leveraged phishing, Office 365 user and admin credential compromise, and remote connection/control IT admin tools while performing anti-forensics to remove audit trails. Manish and team found the points of entry and persistence, and working with the client, methodically closed the gaps and allowed for a return to business as usual while detailing a remediation plan to subvert future nefarious actors and chronicling a client/partner external report for 3rd party concerns.
Franco Oboni, President & Principal Consultant, Oboni Riskope Associates Inc.
Franco is a consultant, prolific author and co-author of the 2007 book: “Improving Sustainability through Reasonable Risk and Crisis Management”. He regularly teaches MBA risk management modules. Clients include Global 1000 companies, mining, insurances, railroads, etc. Studies support arduous decisions shading light and conveying pertinent information to decision-makers.
Katherine Macpherson, Senior Manager & Operational Risk National Leader, Financial Services Advisory, EY
Katherine’s professional experience spanning over 17 years includes over 12 years with the Office of the Superintendent of Financial Institutions (OSFI), where she mastered a deep first-hand understanding OSFI’s Corporate Governance Guideline, E-13 and E-21 Guidelines, the regulatory criteria/approach for assessing effectiveness of Risk Management Control Functions at financial institutions, and the many approaches taken to implement effective and sustainable Risk Management frameworks. Katherine is currently EY’s Operational Risk Practice Leader in Canada and provides specialized services in non-financial/operational risk management, corporate governance, regulatory affairs, and regulatory compliance management. Since joining EY, Katherine has helped numerous clients ranging from crown corporations to financial institutions in the banking and insurance sectors tackle transformative initiatives, strengthen and streamline core risk management processes and design and document effective risk management frameworks.