US Banks Chief Information Security Officer, Morgan Stanley
Karl Schimmeck is Managing Director, Chief Information Security Officer for Morgan Stanley US Banks. He is responsible for the design and management of the strategy, policy, controls and the implementation of the Bank’s Information Security, Cybersecurity, Data Protection and Resilience programs. He regularly interfaces with management, boards, regulators, and law enforcement on sensitive matters and is experienced in complex incident response, crisis management, and global cybersecurity regulations.
Karl has held leadership positions overseeing key components of Morgan Stanley’s information security and cybersecurity capabilities. He most recently led the Global Security Assurance team which encompasses security architecture, cloud security and security observability & monitoring. Prior to that Karl led the Global Vulnerability Management team which included vulnerability management, application security, penetration testing and cybersecurity exercises. In addition to his operational responsibilities, he also established and led the Government Partnerships and Industry Engagement office which manages Morgan Stanley’s global engagement with the government agencies, financial regulators and private sector partnerships on technology and security risks and financial sector specific issues.
Prior to joining Morgan Stanley, he was Managing Director, Cybersecurity, Business Resiliency & Operational Risk at the Securities Industry and Financial Markets Association (SIFMA) where he led financial sector advocacy on cybersecurity, operational resilience and technology risk and contributed to the development of the NIST Cybersecurity Framework. He started in financial services working in Operational Risk at Goldman Sachs with a focus on risk measurement, control design and automation. Prior to that he worked in product management and solution design for Parametric Technology Corp. (PTC) supporting the design and delivery of product data management and computer aided design solutions. He started his career by serving as a communications and information systems officer in the United States Marine Corps, achieving the rank of Captain.
Throughout his career, Karl has provided extensive industry leadership. He was a contributor to the founding of the Financial Services Analysis and Resiliency Center (FS-ARC) and Sheltered Harbor. He served in several leadership roles within the Financial Services Sector Coordinating Council (FSSCC) contributing to the creation of industry-wide products for destructive malware best practices, the utilization of clearances within the financial sector and insider threat best practices. He is currently on the Board of Directors of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Board of Directors of the Cyber Risk Institute (CRI).
Karl holds an MBA from the NYU Stern School of Business and a BS in Operations Research and Industrial Engineering from Cornell University.