People

2019 Cindy Harro headshot 2 (002)

Cindy Harro

SVP, Cloud Risk, Security and Regulatory Governance - Bank of America


Cindy manages global cybersecurity regulation, framework (i.e. NIST, FFIEC) and internal bank policy compliance risk assessments for all Cloud Service Provider (CSP) scenarios (SaaS, PaaS, IaaS) at Bank of America. She is leading a cross-financial services industry effort to develop standard security controls and requirements for CSPs managing financial data.  Cindy is developing a method to capture and review CSP concentration risk resulting from increasing levels of CSP use across the financial services industry.  

Previously, Cindy was the Security, Compliance and Risk Program Director for IBM's "Watson Platform for Health" PaaS cloud. She directed a global organization of SW development and infrastructure management professionals to build SW and environments that comply with cybersecurity frameworks and laws, such as HIPAA.  She defined cybersecurity and regulatory compliance requirements for SW developers and architects in an Agile environment, managed SW application vulnerability scanning & penetration testing and performed regulatory compliance risk assessments. Cindy performed a similar role for an IBM Analytics Cloud before joining IBM Watson Health.