Our UK / EU and US Steering Committees provide governance on Committees and Products development, help to set the annual agenda for the Shared Assessments program, and provide leadership for all major initiatives undertaken by the Shared Assessments Program Committees. We are happy to announce our annual leadership transition on the Shared Assessments Steering Committees.
We are thankful for Philip Bennet’s leadership over the past year and are pleased to announce new leadership for 2023:
- Chair Emeritus, US: Philip Bennett, Manager, Information Security Governance Horizontal Services, Navy Federal Credit Union
- Chair, US: Paul Kooney, Managing Director, Security & Privacy Management, Protiviti, Inc.
- Vice-Chair, US: Dave O’Connor, Director of Information Technology, Iron Mountain
- Co-Chair, UK/EU: Martin Freeman, Cyber Security & Compliance Managing Director, Calastone
- Co-Chair, UK/EU: Sean O’Brien, Managing Director, DVV Solutions
US Steering Committee Chair Emeritus: Philip Bennett
Philip Bennett is Manager, Information Security Governance Horizontal Services at Navy Federal Credit Union, Vienna, Virginia.
Philip has led cyber security advisory and assurance teams in the financial sector since 2002. He has driven innovation in best practices for cyber security third party risk management at a top ten financial sector company. He also led the cyber security team providing input into M&A transactions. In March 2020, he joined the Navy Federal Credit Union in Vienna, Virginia to lead cyber security horizontal governance functions including: metrics and related C-suite reporting, data security event management, phishing, education and awareness, and communications.
Philip is passionate about making certain the implementation of cybersecurity-related governance and risk management solutions, and their operational processes, are practical to consider the organization’s business drivers, culture, risk appetite, size, and budget.
Connect with Philip via LinkedIn.
US Steering Committee Chair: Paul Kooney
Paul Kooney is Managing Director of Protiviti, Inc’s Security & Privacy Management, with extensive knowledge and experience in the following:
- Developing information security programs
- Performing compliance assessments
- Developing vendor risk management programs
- Providing information security assessment services.
In his over twenty years in the information technology and information security fields, Paul has managed and delivered security services for client organizations in the financial, healthcare, manufacturing, retail, entertainment, energy, transportation, and other industries to assess information security needs and implement solutions.
Paul is experienced in assessing information security policy, procedures, and standards against compliance and regulatory requirements such as ISO 27001 and 27002, PCI DSS, NIST Cyber Security Standard, and numerous other federal and state regulations concerning information security.
Connect with Paul via LinkedIn.
US Steering Committee Vice-Chair: Dave O’Connor
Dave is a Director of Information Technology at Iron Mountain overseeing the Global Customer Assurance Program, hosting audits by customers in many heavily regulated verticals. In addition to his role in supporting third party risk assessments he also manages the Security Policy, IT Risk, and GRC Application functions. Dave has a background as a technical security engineer and moved into third party risk almost a decade ago as customer requirements for third party due diligence and security contractual terms became increasingly common. He serves as Co-Chair of the Shared Assessments Products Development Committee.
Connect with Dave via LinkedIn
UK/EU Steering Committee Co-Chair: Martin Freeman
Martin Freeman is the Cyber Security & Compliance Managing Director at Calastone.
A dedicated and very experienced Information Security Professional, Martin Freeman, Cyber Security, and Compliance Managing Director, Calastone, is passionate about his subject matter with demonstrable ability to work under pressure, independently or as part of a team combining and utilizing excellent negotiation, interpersonal, management and presentation skills. He is acknowledged internally and externally as a subject matter expert. Martin has proven knowledge of appropriate common requirements and standards such as Data Protection and ISO27001 as well as extensive experience in audit and third party vendor risk management. A member of the Institute of Information Security Professionals (MCIIS), Martin has attained ISACA – Certified Information Security Manager (CISM) and ISC2 – Certified Information Systems Security Professional (CISSP) certification.
Connect with Martin via LinkedIn.
UK/EU Steering Committee Co-Chair: Sean O’Brien
Sean O’Brien is Managing Director for DVV Solutions. Sean has over 25 years of hands-on experience in delivering IT security and GRC managed services and remains a practicing Certified Third-Party Risk Professional (CTPRP) and Assessor (CTPRA). Sean leads the DVV Solutions consultancy team in defining the operational and regulatory requirements required to deliver a robust program of risk assurance and third-party due diligence. Sean is an active member of the Shared Assessments community holding the post of co-chair of the EMEA Best Practices Steering Committee and sits on Global Risk and ESG committees to provide a regional perspective into the development of Shared Assessments’ global standards and practices for third-party risk frameworks and compliance.
Connect with Sean via LinkedIn.