Carolann is KPMG’s Chief Information Security Officer and Executive Director, Security and Risk for the U.S. member firm of KPMG, LLP. She is a member of the firm’s technology executive leadership team
Carolann joined KPMG in 2013 to oversee KPMG’s cyber security governance, risk and compliance as well as cyber incident response design and execution. In her role, Carolann ensures that security is not seen as a barrier to progress, but as a partner in mitigating risks while achieving business goals. She currently leads teams that are dedicated to promoting security within the firm as well as for that of the firm’s clients.
Under Carolann’s leadership, there has been a significant effort to raise security awareness for employees. Understanding that security begins with the individual, Carolann created a security awareness campaign around a Siberian Husky named Cy as a Security Ambassador. With regular articles on the firm’s intranet portal, screensavers, posters, phishing and USB drive assessments, and quizzes, the goal was to help employees keep firm and client data safe. The campaign increased security awareness for 30,000 employees as shown in benchmarking data from before and after its introduction.
Other successful initiatives Carolann has led include a vulnerability management program, a theft-mitigation program and an IT and cyber-risk management report enabling informed decision making by the firm’s board and management committee.
Prior to joining KPMG, Carolann worked for McKinsey & Company. She was in an IT security leadership role alongside the firm’s global CISO. In that role, Carolann was responsible for optimizing risk assessment production, developing data classification policies, leading a brand protection study to assess security threats, and negotiating an outsourced security incident event management system. Carolann also held a seat on the firm’s IT Governance Committee.
Carolann holds a bachelor of business studies degree from Waterford Institute of Technology, as well as the Certified Information Systems Security Professionals designation (ISC)² Information Security Certification.