Director, CISO Policy, Risk & Control Head, Citi
Leora Bersohn is Head of Policy, Risk & Control for Citi’s Cyber and Information Security Program. This function manages updates to Citi’s enterprise-wide Cybersecurity Policy, Standards, and Risk Appetite Statement; maintains the Citi-wide information sensitivity classification framework; and governs the CISO organization’s risk management activities, including the quarterly Manager’s Control Assessment process, internal and external audit interaction, industry certifications, issue management and reporting, as well as third party management, business continuity, and cross-border data clearance governance.
She previously worked at Morgan Stanley, where she was responsible for driving the FFIEC Cyber Security Assessment Tool (CAT) maturity process, providing guidance to senior management on GLBA and FFIEC compliance, and interfacing with regulators and auditors to represent the US banks’ first-line security function. Prior to Morgan Stanley, Leora worked at Citi, where she managed the continual improvement of Citi’s technology policy and standards.
Leora holds a bachelor’s degree in English from Harvard, as well as an M.A., M.Phil., and doctorate in English from Columbia University. She is a Certified Information Security Manager (CISM).