2. Service Provider Oversight:
A Cybersecurity Challenge
A discussion on Information Security and the
unique risks and vulnerabilities that firms can
encounter when contracting with third party
providers
3. Panelists
• Moderator:
Joe Krause, Director, Cybersecurity PwC
• Panelists:
Amy Carroll, CISO Janus
Derek Bridges, DST Systems
Ken Mortensen, Managing Director PwC
4. Amy Carroll
VP / CISO Janus Capital Group
• Amy Carroll joined the Janus Capital Group in January 2011 in the newly created role of Vice President,
Operational Risk and Process Management. In this role Amy has built out a team responsible for risk
management programs to support Technology and Operations. The group is directly responsible for
Business Continuity, Cyber Security, Software Quality Assurance, Operational Risk/Process Improvement
and the Project Office. Amy is the CISO for Janus Capital Group.
• Prior to her move to Denver, Amy worked at Evergreen Investments for nine years. The last six years her
role was Vice President, Technology Risk where she was responsible for Information Security, Business
Continuity, Quality Assurance and the PMO. She was a member of the Operational Risk Committee and
the Technology Executive Steering Committee. Amy started her career at MFS Investments as a client
representative in the Transfer Agent, later transferred to Technology where she became Group Vice
President, Technology Client Support responsible for the technology needs of the Service Company,
Retirement Plan Services, and Corporate Services.
• Amy earned a Bachelor of Arts degree in history and political science from the University of
Massachusetts, Amherst and her MBA from Suffolk University in Boston, MA.
5. Ken Mortensen
Managing Director C&P, PwC
• Ken is the part of the leadership for PwC US’s Cybersecurity, Privacy & IT Risk practice as the Global Risk
Assurance Health Industries Privacy and Security Leader and serves as counselor advising PwC’s
international legal teams on U.S. privacy and security laws and regulations and transborder data flow
issues. He supports privacy offerings including advanced, technology-enabled solutions to coordinate
crossborder privacy and data protection compliance solutions through PwC’s global network of firms
incorporating a broader focus on cybersecurity risks.
• Prior to joining PwC, Ken was the Vice President, Assistant General Counsel & Chief Privacy Officer at CVS
Caremark, responsible for overseeing information governance addressing retail and healthcare operations.
Ken created and oversaw the privacy and information security programs to ensure compliance with CVS
Caremark’s FTC Consent Agreement and OCR Resolution Agreement, including successfully addressing all
aspect of the OCR Corrective Action Plan within less than the three years permitted in the Resolution
Agreement. He also implemented a Privacy-by-Design program relating to CVS’s ExtraCare program and
mobile app development. Before to coming to CVS Caremark, he was Boston Scientific Corporation’s first
ever Chief Privacy Officer where he had responsibility for building a global corporate privacy and security
program.
• Ken earned a Bachelor’s degree in Electrical Engineering from Drexel University, a Master’s of Business
Administration from Villanova University, and JD from Villanova University School of Law.
6. Derek Bridges
Enterprise Risk Officer, DST Systems
• Derek joined DST Systems, Inc. (DTS) in April of 2015 as the organization’s first Enterprise Risk Officer. He
is responsible for assessing and mitigating significant competitive, technology, and regulatory risks across
the enterprise. He leads the efforts to assess, identify, monitor, and reduce pertinent business risks that
could interfere with DST’s objectives and strategic goals. As part of his responsibilities, Derek interacts
with clients performing validation procedures on DST. He is also a member of the team assessing and
monitoring DST suppliers.
• Prior to joining DST, Derek was the Chief Risk Officer and Chief Regulatory for a community bank. He also
has more than 15 years of risk management consulting experience with Big 4 accounting firms.
• Derek received a bachelor of science degree in business administration/accounting with an emphasis in
management information systems from the University of Kansas. He is a Certified Information Systems
Security Professional (CISSP), Certified Information Systems Auditor (CISA), and a Certified Internal Auditor
(CIA).
7. Joe Krause
Director Cybersecurity, PwC
• Joe is a Director with PwC’s Risk Assurance practice, focused on Cybersecurity for the Northeast market.
He has over 19 years of experience in working in Federal and Private Sector verticals, assisting enterprise
class organizations in the development and management of Information Security governance programs, as
well as performing security compliance and IT risk assessments against a variety of Information Security
frameworks.
• Joe began his career in Cybersecurity as a Computer Scientist at the National Security Agency where he
was a member of the Advanced Data Communications Engineering team before taking positions in the
private sector. Joe joins us from Coalfire Systems, Inc. where he was Vice President of Technology Audit
and Assessment Services (TAAS) for Coalfire’s East Region, including offices in Boston, New York,
Washington, D.C., Atlanta, and Denver. At Coalfire, Joe led an organization of over 60 Cybersecurity
professionals, and served as Delivery Engagement Lead for Coalfire’s largest and most complex
customers. Prior to Coalfire, Joe served as Vice President of Product Management for Trustwave, a global
Managed Security Services firm.
• Joe earned a Bachelor’s degree in Mathematics from the University of Maine, a Master’s of Science in
Computer Science from The Johns Hopkins University in Baltimore, MD., and a Master’s of Business
Administration from Suffolk University in Boston, MA.