Board of Directors 


To contact an ISACA board member, please email [email protected].

Chair Christos K. Dimitriadis, Chair Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, is group director of Information Security for INTRALOT (Greece). He has built INTRALOT’s Global Information Security operations and is now responsible for the alignment of the Group’s security strategy with the business needs and the oversight of its execution. In addition to leading information security, information compliance and intellectual property protection at INTRALOT Group, Dimitriadis has designed INTRALOT’s innovation program in 2013 and is heading the office of the CTO, managing business transformation projects since 2015. He has been working in the area of information security for 16 years, he holds two patents in fraud prevention and game design and has authored more than 150 publications. He has received innovation awards from the European Lotteries Association, and the John W. Lainhart IV award for major contributions to ISACA’s common body of knowledge. He has also received the ISACA Presidents Award for Illustrious Service in 2014. He has served ISACA as a Director for four terms, chaired the Knowledge Board, the External Relations Committee, the COBIT for Security Task Force, and has been a member of the Relations Board, Academic Relations Committee, Journal Editorial Committee and Business Model for Information Security Workgroup. Dimitriadis has also served as a member of the Permanent Stakeholders Group (PSG) of the European Network and Information Security Agency (ENISA) for 2012-2015. He holds a degree in Electrical and Computer Engineering and a Ph.D. in Information Security.

Vice-Chair Theresa Grafenstine
Vice-Chair Theresa Grafenstine, CISA, CGEIT, CRISC, CIA, CGAP, CGMA, CPA, is the inspector general of the U.S. House of Representatives (House) (USA). Over the past 24 years, Grafenstine has served in the inspector general community in both the legislative and executive branches of the U.S. federal government. As the inspector general, she is responsible for planning and leading independent, non-partisan audits, advisories, and investigations of the financial and administrative functions of the House. Prior to joining the House Office of Inspector General (OIG), Grafenstine served at the Department of Defense (DoD) OIG, where she led acquisition audits of major weapon systems and was selected to respond to high-profile Congressional audit requests. She is a past chair of ISACA’s Audit Committee, Finance Committee, Communities Committee, and Relations Board and a past president of the ISACA National Capital Area Chapter. Grafenstine also serves on the board of directors of the American Institute of Certified Public Accountants (AICPA) and as the audit committee chair of the Pentagon Federal Credit Union. She has received numerous awards and accolades, including the Golden Gov Federal Executive of the Year and, most recently, the 2015 John W. Lainhart IV Common Body of Knowledge Award and the 2014 John Kuyers Best Speaker/Conference Contributor Award from ISACA.

Director Robert Clyde Director Robert Clyde, CISM, is managing director of Clyde Consulting LLC (USA). He also serves as a director on the boards of White Cloud Security (trusted app list enforcement), TZ Holdings (formerly Zimbra), and Xbridge Systems (data discovery software). He chairs the board-level ISACA Finance Committee and has served as a member of ISACA’s Strategic Advisory Council, Conference and Education Board and the IT Governance Institute (ITGI) Advisory Panel. Previously, he was CEO of Adaptive Computing, which provides workload management software for some of the world’s largest cloud, high-performance computing (HPC), and big data environments. Prior to founding Clyde Consulting, he was chief technology officer (CTO) at Symantec and a co-founder of Axent Technologies. Clyde is a frequent speaker at ISACA conferences and for the National Association of Corporate Directors (NACD). He also serves as an executive advisor to HyTrust and BullGuard and on the industry advisory council for the Management Information Systems (MIS) Department of Utah State University.

Director Leonard Ong Director Leonard Ong, CISA, CISM, CRISC, CGEIT, CPP, CFE, PMP, CIPM, CIPT, CISSP ISSMP-ISSAP, CSSLP, CITBCM, GCIA, GCIH, GSNA, GCFA, COBIT 5 Implementer and Assessor (Singapore), is associate director at Merck. He has more than 16 years of experience in cyber and corporate security in the telecommunication, enterprise, banking and pharmaceutical industries. He leads the governance, risk management, regulatory and compliance platform for Asia Pacific and Japan within IT Risk Management and Security in Merck & Co., Inc. (also known as MSD International). Prior to that, he was with Barclays Capital as Head of Information Security Risk & Operation, Asia-Pacific. During his tenure with Nokia Siemens Networks, he established professional security services for regional telecommunication carriers to secure their networks. He spent four years in Nokia Corporate Security and was responsible for securing Nokia businesses in seven countries in the Asia-Pacific region. Ong has served the ISACA Singapore Chapter as president for two terms. He has also served as honorary chairman for the ASIS International Chapter. He has received recognition from leading information security associations, such as (such as (ISC)2 and ASIS International. The National Infocomm Competency Centre (NICC) named Ong IT Specialist of the Year in 2005. He was awarded (ISC)2 Information Security Leadership Achievement (ISLA)—Senior Information Security Professional category in 2011, and ASIS International Professional Certification Board (PCB) Regional Award in 2014. He was instrumental in achieving the K. Wayne Snipes Award in recognition of the ISACA Singapore Chapter being the best very large chapter in Asia. IDG and CEO|CIO Club presented Ong with ASEAN CSO Honoree in 2015.

Director Andre Pitkowski Director Andre Pitkowski, CGEIT, CRISC, OCTAVE, CRMA, ISO27kLA, ISO31kLA, COBIT 5 Foundations Trainer, is a principal consultant with APIT Consultoria de Informática Ltd. (Brazil). With 25 years’ experience, Pitkowski manages projects for risk assessment on critical assets, risk maps and IT projects for IT governance and compliance (using COBIT) at national and international companies. He frequently presents on COBIT at events worldwide and is a professor of post-graduate and MBA courses at universities in Brazil. He is a member of ISACA’s Framework Committee, subject matter expert for COBIT 5 and COBIT 5 for Risk, and is the Cybersecurity Nexus (CSX) Liaison for Brazil. His is also president of the ISACA Sao Paulo Chapter.

Director Eddie Schwartz Director Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP, is executive vice president of Cyber Services for Dark Matter. He has more than 25 years of experience in the information security field, and is a globally recognized security expert and speaker. He served as president and COO of WhiteOps, global vice president of cyber security services for Verizon, and vice president and chief information security officer (CISO) for RSA. Prior to RSA, he was CSO of NetWitness (which he co-founded and which was acquired by EMC), CTO of ManTech, EVP and general manager of Global Integrity (acquired by INS), SVP of Operations of Guardent (acquired by VeriSign), CISO of Nationwide Insurance, a senior computer scientist at CSC, and a Foreign Service officer with the U.S. Dept. of State. Schwartz is a recipient of the 2015 George Mason School of Business 20 Prominent Patriots in Business Award, and 2013 Computerworld Premier 100 IT Leaders Award. He is a Distinguished Fellow of the Ponemon Institute and an adjunct professor of Cyber Security at George Mason University. He serves on the advisory boards for Observable Networks and My Digital Shield, Inc. He also serves as the vice president and treasurer of the ISSA National Capital Chapter, and has chaired ISACA’s Cybersecurity Working Group.

Director Jo Stewart-Rattray Director Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, is director of information security and IT assurance at BRM Holdich (Australia). Stewart-Rattray has more than 25 years’ experience in the IT field; some of which were spent as CIO in the utilities space, and 15 in the information security arena. She was a member of CIGRE’s international working group B5.38, which assessed information security risks in power system operations within SCADA systems and the implementation of appropriate controls. She regularly contributes to cybersecurity-related research initiatives. She previously served as a Director on the ISACA board, along with past president of the ISACA Adelaide Chapter. She also is past chair of ISACA’s Audit Committee, Leadership Development Committee and Security Management Committee. She also sits on the Australian Computer Society’s National Congress.

Director Tichaona Zororo Director Tichaona Zororo, CISA, CISM, CGEIT, CRISC, Certified COBIT 5 Assessor, CIA, CRMA, is an IT advisory executive with EGIT |Enterprise Governance IT (Pty) Ltd., an IT Advisory firm based in South Africa. He has several years of experience in main stream IT, IT auditing, security, governance and risk, across private and public sectors in Africa, Europe and Asia. He is an advisor to a number of boards and boards of directors, IT and business leaders across the globe on the utilization of disruptive technologies to create and preserve stakeholder value, governance and management of enterprise IT, IT risk, cybersecurity and IT auditing. He was involved in the development of numerous ISACA white papers and COBIT 5 publications. A renowned COBIT 5 expert, advisor and trainer, Zororo is credited for being the first COBIT 5 Certified Assessor in Southern Africa. He has served on the ISACA Framework Committee, CGEIT Test Enhancement Subcommittee and External Advocacy Committee, and is the current president of ISACA South Africa Chapter.

Director Zubin Chagpar, Director Zubin Chagpar, CISA, CISM, PMP, is responsible for Amazon Web Services’ public sector business in the Middle East and Africa. He also heads up AWS’s Lean Enterprise program in EMEA, a program that enables companies to create new business models leveraging startup examples and AWS technology building blocks. Chagpar has more than 15 years of experience working in technology and management for Silicon Valley-based companies including Google, VeriSign and Exodus (now CenturyLink). At Google, he was responsible for the deployment of their Global Content Distribution Network, the backbone of YouTube. Chagpar started his career working on a virtualization solution, a precursor to cloud computing, for microprocessor design giant, Synopsys. He also was the managing director of the Spain Tech Center, a Spanish government sponsored startup and SME incubator in San Francisco, USA, and has made several investments in startups in Europe. Chagpar is an adjunct professor at IE Business School, where he teaches rapid prototyping and market validation. He is a faculty advisor for Wharton Business School’s Global Consulting Practicum.

Director R.V. Raghu  Director R.V. Raghu, CISA, CRISC,is director of Versatilist Consulting India Pvt. Ltd. (India). Raghu cofounded Versatilist, which provides consulting, training and auditing services in information security, IT service management, business continuity and enterprise risk management. He has more than a decade of extensive, hands-on, global experience in various industries, including engineering, manufacturing, IT, ITeS, BFSI, chemicals, mining and telecom. He has provided training, consulting and implementation support for establishing management systems compliant to ISO international standards and other frameworks, such as CMMI and COBIT. He is president of the ISACA Bangalore Chapter, where he has served as director of membership, secretary, vice president previously.

Director Jeff M. Spivey  Director Jeff M. Spivey, CRISC, CPP,is founder and CEO of Security Risk Management, Inc., where he manages innovation initiatives of unified security programs, covering cybersecurity and traditional security risk management programs globally. Spivey has more than 30 years’ experience building enterprise strategy and programs for unified security risk management and security governance capabilities. He is strategy advisor for RiskIQ, discovering cybersecurity threats outside the firewall, and is an Advisory Board member for Netswitch/Securli global integrated cybersecurity platform. He is also a founding member of the Cloud Security Alliance, co-founder of the Global Security Risk Management Alliance (GSRMA), member of the US State Department’s Overseas Security Advisory Council (OSAC). He is also a member of ISACA’s Governance Advisory Council. He has served as chair of ISACA’s Relations Board, co-chair of ISACA’s External Advocacy Committee, trustee of the IT Governance Institute, member of ISACA’s Strategic Advisory Council and member of ISACA’s Knowledge Management Task Force. He is a past president/chairman of the board for ASIS International and served on the Advisory Board for the National Center for Judicial Security.

Past Chair Robert E Stroud Past Chair Robert E Stroud, CGEIT, CRISC, is principal research analyst, Infrastructure and Operations, with Forrester Research, where he is focused on driving the market toward a more refined approach to software defined infrastructure development and delivery, levering DevOps thinking and applying it to infrastructure and cloud. He is a globally recognized speaker on the “Age of the customer,” DevOps, transition of technology, governance, risk, security, service management and cybersecurity. Stroud spent more than 15 years in multiple roles at CA Technologies in product management and product strategy, and predicting changing trends in the domains of assurance, cybersecurity, governance security and risk. He also advised organizations on strategies to ensure maximum business value from their investments in IT-enabled business governance. Stroud has served in multiple roles at ISACA including immediate past chair, international vice president, Strategic Advisory Council, Governance Committee, and chair of ISACA’s involvement in ISO standards. Stroud contributed to multiple framework and standards publications including COBIT 4.0, 4.1 and COBIT 5; guidance for Basel II, Risk IT, Val IT; and multiple mappings of COBIT to various frameworks and standards. Previously, Stroud served on the itSMF International Board, the board of the itSMF USA and multiple local chapters. Additionally, he served as a member of the ITIL Update Project Board for ITIL 2011 and in various roles in the development of ITIL v3.

Past Chair Tony Hayes Past Chair Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, is appointed Deputy Director-General of the Department of Communities, Child Safety and Disability Services in the Queensland Government (Australia). He has extensive experience across the Queensland public sector at the senior executive level in various departments such as the Public Service Commission and Queensland Health. Currently, he is a member of ISACA’s Governance Committee. He has been a member of ISACA since 2003 and has served on several ISACA volunteer bodies, including as a member of the Strategic Advisory Council and as president of the IT Governance Institute Board of Trustees. Prior to his role as chair, he was a director of ISACA and served as chair of the Relations Board and the Finance Committee. Hayes is also an adjunct professor and member of the Business Information Systems Advisory Committee for the School of Business at the University of Queensland.

Past Chair Gregory Grocholski Past Chair Greg Grocholski, CISA, is a member of ISACA’s Governance Committee and past chair of ISACA. He is also vice president, Global Internal Audit, at SABIC, where he leads and manages the internal audit department on a global level, to ensure the implementation of internal audit best practices worldwide. Previously, he was global business finance director for the Ventures and Business Development unit within The Dow Chemical Company, a role he took after serving as chief audit executive at Dow. Grocholski has been chair of ISACA's Finance Committee, Assurance Committee and Knowledge Board, and member of ISACA's Strategic Advisory Council, Audit Committee, Professional Influence and Advocacy Committee, and Professional Issues Task Force. He is a board member of the Michigan Baseball Foundation and vice president/treasurer of the Great Lakes Loons. In 2013, he received the Saginaw Valley State University's Distinguished Alumni Award in recognition of his distinguished service and accomplishments. He was a director of ISACA from 2011-2012, and chair from 2012-2013.

Director and CEO Matt Loeb Director and CEO Matt Loeb, CGEIT, FASAE, CAE, is chief executive officer of ISACA. Prior to joining ISACA, he completed a 20-year career as staff executive for the Institute of Electrical and Electronics Engineers (IEEE) and as the executive director of the IEEE Foundation. His experience includes enterprise strategy, corporate development, global business operations, governance, publishing, sales, marketing, product development and acquisitions functions in a variety of for-profit and nonprofit organizations. He is a member of ISACA, CESSE and NACD, and a senior member of IEEE. Additionally, he is an ASAE Fellow and serves on ASAE’s board of directors.