Board of Directors 


To contact an ISACA board member, please email

Vice-Chair Theresa Grafenstine
Chair Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CISSP, CPA, is an Advisory Managing Director at Deloitte Consulting in Arlington, VA, USA. Before joining Deloitte, Grafenstine served as inspector general of the US House of Representatives, where she was responsible for planning and leading independent, non-partisan audits, advisories, and investigations of the financial and administrative functions of the House. Prior to joining the House Office of Inspector General (OIG), Grafenstine served at the Department of Defense (DoD) OIG, where she led acquisition audits of major weapon systems and was selected to respond to high-profile Congressional audit requests. She is a past chair of ISACA’s Audit Committee, Finance Committee, Communities Committee, and Relations Board and a past president of the ISACA National Capital Area Chapter. Grafenstine also serves on the board of directors of the American Institute of Certified Public Accountants (AICPA) and as the audit committee chair of the Pentagon Federal Credit Union. She has received numerous awards and accolades, including the Golden Gov Federal Executive of the Year and, most recently, the 2015 John W. Lainhart IV Common Body of Knowledge Award and the 2014 John Kuyers Best Speaker/Conference Contributor Award from ISACA.

Director Robert Clyde Vice-Chair Rob Clyde, CISM, NACD Board Leadership Fellow, is managing director of Clyde Consulting LLC, which provides board and executive advisory services to cybersecurity software companies. He is the executive chair of the board of directors for White Cloud Security (trusted app list enforcement), and independent board director for Titus (leader in data protection, categorization and classification). He serves as an executive advisor to HyTrust (multi cloud workload security) and BullGuard Software (consumer and smart home cybersecurity). Prior to becoming vice-chair, he chaired the board-level ISACA Finance Committee and has served as a member of ISACA’s Strategic Advisory Council, Conference and Education Board and the IT Governance Institute (ITGI) Advisory Panel. Previously, he was CEO of Adaptive Computing, which provides workload management software for some of the world’s largest cloud, high-performance computing (HPC), and big data environments. Prior to founding Clyde Consulting, he was chief technology officer (CTO) at Symantec and a co-founder of Axent Technologies. Clyde is a frequent speaker at ISACA, cybersecurity conferences and for the National Association of Corporate Directors (NACD). He also serves on the industry advisory council for the Management Information Systems (MIS) Department of Utah State University.

Director Brennan Baybeck Director Brennan P. Baybeck, CISA, CISM, CRISC, CISSP, is vice president of Global IT Risk Management for Oracle Corporation. Baybeck leads IT security risk management for Global Customer Support Services at Oracle Corporation. In this role, he also is responsible for leading security, privacy and availability for Global IT’s key enterprise IT services, including GIT’s cloud initiatives. He has more than 20 years of experience in IT security, risk, audit and consulting and has worked in various industries designing, implementing and operating enterprise-wide programs to address global security risks. He has held leadership positions at Sun Microsystems, StorageTek and Qwest Communications, and served as an information security risk consulting manager for several years. Baybeck also has been actively involved with ISACA for more than seven years, serving as chair for various working groups.

Director Zubin Chagpar, Director Zubin Chagpar, CISA, CISM, PMP, is responsible for Amazon Web Services’ public sector business in the Middle East and Africa. He has more than 17 years of experience working in technology and management for Silicon Valley-based companies including Google, VeriSign and Exodus (now CenturyLink). At Google, he was responsible for the deployment of their Global Content Distribution Network, the backbone of YouTube. Chagpar started his career working on a virtualization solution, a precursor to cloud computing, for microprocessor design giant, Synopsys. He also was the managing director of the Spain Tech Center, a Spanish government sponsored startup and SME incubator in San Francisco, USA and has made several investments in startups in Europe. Chagpar is an adjunct professor at IE Business School, where he teaches rapid prototyping and market validation. He is a faculty advisor for Wharton Business School’s Global Consulting Practicum.

Director Peter Christiaans Director Peter Christiaans, CISA, CISM, CRISC, PMP, is senior manager of Deloitte Consulting LLP. Christiaans has more than 20 years of technology and management consulting experience, and has served a number of Fortune 500 clients, both domestically and internationally. His focus areas include technical management, application integration, architecture and system and business process re-design. Christiaans manages or leads some of Deloitte’s largest and more complex and highly visible client engagements, as well as directs internal firm initiatives to expand the firm’s scope of services, build the practice, strengthen alliances, and build eminence in the marketplace. His industry expertise includes financial services, energy, health care (provider), higher education, manufacturing, retail, technology, telecommunications, transportation and professional services.

Director Hironori Goto  Director Hironori Goto, CISA, CISM, CGEIT, CRISC, ABCP, is a principal consultant with Five-I, LLC. Goto has more than 25 years of IT management experiences in governance, operation, security, risk management and SOX. He has led several global companies as CIO, CISO and director. Goto’s experience includes IT business continuity operation (management) during The Great East Japan earthquake/TSUNAMI/Nuclear disaster of March 2011. An active ISACA volunteer since 2004, Goto was 2015-2017 president of the ISACA Tokyo Chapter. He has also served as chair of the 2014 Asia Pacific CACS/ISRM conference planning committee.

Director Mike Hughes  Director Mike Hughes, CISA, CRISC, CGEIT, is a partner with Haines Watts, a top 15 UK accountancy and business advisory firm, leading its governance, risk and compliance (GRC) and IT advisory service lines. He has a wide range of GRC and IT advisory experience. His career began with eight years in mainstream IT, before he joined KPMG’s IT Advisory Practice, where he specialized in IT audit, governance and risk. At KPMG, Hughes held several senior roles, including the UK service lead for external audit, leading the Midlands Governance & Compliance practice and leading the Midlands Information Security Services team. Hughes has been involved with ISACA for more than 20 years in several roles, both at the local chapter and international levels. He has served on the board of the ISACA Central UK Chapter since its formation, including eight years as president. He continues to serve on the chapter board and he also chairs the UK and Ireland Chapter Leaders Group. At the International level, he has served on the Membership Board, Membership Growth and Retention Committee and Finance Committee. In addition, he contributed to the development of COBIT 5, COBIT 5 for Risk and the Risk Scenarios for COBIT for Risk. He also lectures on preparation courses for the CISA, CISM, CRISC, CGEIT exams.

Director Leonard Ong Director Leonard Ong, CISA, CISM, CRISC, CGEIT, CPP, CFE, PMP, CIPM, CIPT, CISSP ISSMP-ISSAP, CSSLP, CITBCM, GCIA, GCIH, GSNA, GCFA, is associate director at Merck & Co. Inc. Ong has more than 16 years of experience in cyber and corporate security gained in telecommunication, enterprise, banking, and pharmaceutical industries. His roles within the security profession have included information security, corporate security, project management, consulting and business development. He leads the governance, risk management, and compliance platform for Asia Pacific and Japan within IT Risk Management and Security in Merck & Co., Inc. (also known as MSD International). Prior to that, he was with Barclays Capital as Head of Information Security Risk & Operation, Asia-Pacific. During his tenure with Nokia Siemens Networks, he established security professional security services enabling telecommunication carriers to secure their networks. He spent four years in Nokia Corporate Security and was responsible for securing Nokia businesses in seven countries across the region. Ong has served the ISACA Singapore Chapter as president for two terms. He has also served the ASIS International Chapter as honorary chairman for three years. He still actively involved in various voluntary roles in different non-profit associations. Ong has received recognition from leading information security associations, such as ISACA, (ISC)2 and ASIS International. The National Infocomm Competency Centre (NICC) named Ong as IT Specialist of the Year in 2005. He was awarded (ISC)2 Information Security Leadership Achievement (ISLA)—Senior Information Security Professional category in 2011, and ASIS International Professional Certification Board (PCB) Regional Award in 2014. He was instrumental in achieving the K. Wayne Snipes Award in recognition of the ISACA Singapore Chapter being the best very large chapter in Asia. IDG and CEO|CIO Club presented Ong with ASEAN CSO Honoree in 2015. In 2017, Ong was recognized with the Paul Williams award for his inspirational leadership in achieving strategic results and/or driving ISACA’s strategy forward.

Director R.V. Raghu  Director R.V. Raghu, CISA, CRISC, is director of Versatilist Consulting India Pvt. Ltd. Raghu cofounded Versatilist, which provides consulting, training and auditing services in information security, IT service management, business continuity and enterprise risk management. Raghu has more than a decade of extensive, hands-on, global experience across various verticals, such as engineering, manufacturing, IT, ITeS, BFSI, chemicals, mining and telecom. He has provided training, consulting and implementation support for establishing management systems compliant to ISO international standards and other frameworks, such as CMMI and COBIT. He is a gold level member of ISACA and is immediate past president of the ISACA Bangalore Chapter, where he has served as director of membership, secretary, vice president previously.

Director Jo Stewart-Rattray Director Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, is director of information security and IT assurance at BRM Holdich. She also chairs ISACA’s Women’s Leadership Council. Stewart-Rattray has more than 25 years’ experience in the IT field; some of which were spent as CIO in the utilities space, and 19 in the information security arena. She underpins her IT and security background with her qualifications in education and management. She specializes in consulting on governance and strategy for industry sectors including banking, finance, utilities, automotive manufacturing, tertiary education, retail and government. She was a member of CIGRE’s international working group B5.38, which assessed information security risks in power system operations within SCADA systems and the implementation of appropriate controls. Stewart-Rattray contributes to cyber security-related research initiatives. She is past international vice president of ISACA and past president of the ISACA Adelaide Chapter. She also is past chair of ISACA’s Audit Committee, Leadership Development Committee and Security Management Committee. Stewart-Rattray also sits on the Australian Computer Society’s National Congress.

Director Ted Wolff  Director Ted Wolff, CISA, is head of IT & Security Global Assurance practices in Vanguard’s Global IT & Security Risk and Control group. Prior to joining his current role, Wolff was head of Strategic Partner Relationship Management in Vanguard’s Global Sourcing Office (GSO) and previously led Vanguard’s corporate IT Audit group. Prior to Vanguard, Wolff was a vice president and IT audit director for Wachovia Corporation, with responsibility for the Wealth and Capital Markets businesses. He also served in several audit leadership positions with the FleetBoston Financial Group for business units, including Information technology and Mortgage Banking. Wolff earned a bachelor’s of science degree from Carnegie Mellon University in Applied Mathematics and is a Certified Information Systems Auditor. He is active in local and international leadership activities for ISACA and has previously participated in advisory councils at Appalachian State and Temple Universities.

Director Tichaona Zororo Director Tichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor, CIA, CRMA, is an IT Advisory executive with EGIT | Enterprise Governance of IT (Pty) Ltd., an IT Advisory firm based in South Africa. He has several years of in-depth experience in mainstream IT, IT auditing, security, governance and risk across private and public sectors in Africa, Europe and Asia. Zororo is an advisor to a number of boards and boards of directors, IT and business leaders across the globe on the utilization of disruptive technologies to create and preserve stakeholder value, governance and management of enterprise IT, IT risk, cybersecurity and IT auditing. He was involved in the development of numerous ISACA white papers and COBIT 5 publications. A renowned COBIT 5 expert, advisor and accredited trainer, Zororo is credited for being the first COBIT 5 Certified Assessor in Southern Africa. He has served on the ISACA Framework Committee, CGEIT Test Enhancement Subcommittee and the External Advocacy Committee. Zororo is the current president of ISACA South Africa Chapter.

Chair Christos K. Dimitriadis, Past Chair Chris K. Dimitriadis, Ph.D., CISA, CISM, CRISC, is group director of Information Security for INTRALOT (Greece). He has built INTRALOT’s Global Information Security operations and is now responsible for the alignment of the Group’s security strategy with the business needs and the oversight of its execution. In addition to leading information security, information compliance and intellectual property protection at INTRALOT Group, Dimitriadis has designed INTRALOT’s innovation program in 2013 and is heading the office of the CTO, managing business transformation projects since 2015. He has been working in the area of information security for 16 years, he holds two patents in fraud prevention and game design and has authored more than 150 publications. He has received innovation awards from the European Lotteries Association, and the John W. Lainhart IV award for major contributions to ISACA’s common body of knowledge. He has also received the ISACA Presidents Award for Illustrious Service in 2014. He has served ISACA as a Director for four terms, chaired the Knowledge Board, the External Relations Committee, the COBIT for Security Task Force, and has been a member of the Relations Board, Academic Relations Committee, Journal Editorial Committee and Business Model for Information Security Workgroup. Dimitriadis has also served as a member of the Permanent Stakeholders Group (PSG) of the European Network and Information Security Agency (ENISA) for 2012-2015. He holds a degree in Electrical and Computer Engineering and a Ph.D. in Information Security.

Past Chair Robert E Stroud Past Chair Robert E Stroud, CGEIT, CRISC, is Chief Product Officer at XebiaLabs, where he is focused on enterprises’ needs to scale DevOps across large organizations. He previously served as Principal Analyst for Forrester Research, Inc., where he helped large enterprises successfully drive their DevOps transformations and guided them through organizational change. He is a globally recognized speaker on the “Age of the customer,” DevOps, transition of technology, governance, risk, security, service management and cybersecurity. Stroud spent more than 15 years in multiple roles at CA Technologies in product management and product strategy, and predicting changing trends in the domains of assurance, cybersecurity, governance security and risk. He also advised organizations on strategies to ensure maximum business value from their investments in IT-enabled business governance. Stroud has served in multiple roles at ISACA including international vice president, Strategic Advisory Council, Governance Committee, and chair of ISACA’s involvement in ISO standards. Stroud contributed to multiple framework and standards publications including COBIT 4.0, 4.1 and COBIT 5; guidance for Basel II, Risk IT, Val IT; and multiple mappings of COBIT to various frameworks and standards. Previously, Stroud served on the itSMF International Board, the board of the itSMF USA and multiple local chapters. Additionally, he served as a member of the ITIL Update Project Board for ITIL 2011 and in various roles in the development of ITIL v3.

Past Chair Tony Hayes Past Chair Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, is appointed Deputy Director-General of the Department of Communities, Child Safety and Disability Services in the Queensland Government (Australia). He has extensive experience across the Queensland public sector at the senior executive level in various departments such as the Public Service Commission and Queensland Health. Currently, he is a member of ISACA’s Governance Committee. He has been a member of ISACA since 2003 and has served on several ISACA volunteer bodies, including as a member of the Strategic Advisory Council and as president of the IT Governance Institute Board of Trustees. Prior to his role as chair, he was a director of ISACA and served as chair of the Relations Board and the Finance Committee. Hayes is also an adjunct professor and member of the Business Information Systems Advisory Committee for the School of Business at the University of Queensland.

Director and CEO Matt Loeb Director and CEO Matt Loeb, CGEIT, FASAE, CAE, is chief executive officer of ISACA. Prior to joining ISACA, he completed a 20-year career as staff executive for the Institute of Electrical and Electronics Engineers (IEEE) and as the executive director of the IEEE Foundation. His experience includes enterprise strategy, corporate development, global business operations, governance, publishing, sales, marketing, product development and acquisitions functions in a variety of for-profit and nonprofit organizations. He is a member of ISACA, CESSE and NACD, and a senior member of IEEE. Additionally, he is an ASAE Fellow and serves on ASAE’s board of directors.