Get to know ISACA’s Board of Directors

John De Santis

Chair John De Santis is a former company builder, chairman and CEO of multiple enterprises with experience in the software, networking and information security domains. He has more than 40 years of international and US-based experience at venture-backed technology start-ups and large global public companies in the telecom and IT fields. He currently serves on the boards of directors in a fiduciary capacity for organizations active in cybersecurity and artificial intelligence spaces, including Cequence Security and ValiMail, leading innovators in cybersecurity, and NoHold and Tweelin, early-stage innovators in the application of artificial intelligence.

De Santis holds a bachelor’s degree (concentration: Philosophy and Mathematics) from Fairfield University, and is a dual citizen of Italy and the United States maintaining homes in both countries. In addition to his work experience in the United States, he lived and worked in Europe and the United Kingdom for over 20 years.

ISACA Board Committees: Compensation & Human Capital Management; and Executive Committees

Jamie Norton

Vice Chair Jamie Norton, CISA, CISM, CGEIT, CISSP, CIPM, FGIA serves as chief information security officer for the Australian Securities and Investments Commission (ASIC). He also serves on the advisory board at Crisis Commanded, enabling clients to decisively take control during crisis response, and Avertro, a cybersecurity startup transforming GRC into a threat defense capability. He has over 25 years’ experience in managing security resilience for State and Federal Government agencies and commercial organisations. He was previously Partner with corporate advisory and restructuring firm McGrathNicol, and chief information security officer (CISO) at the Australian Taxation Office (ATO), one of Australia’s largest federal government agencies, where he led the security governance, risk, intelligence & operations, testing and forensics teams. He has chaired and supported several senior industry and interdepartmental committees on cyber strategy and resilience and the senior Australian representative at international government forums on cybercrime. He has previously held leadership roles at NEC, Tenable, Check Point, and the World Health Organization.

Jamie has been involved with ISACA for nearly 20 years, at the local chapter board, conference organiser and most recently with the CISM Certification Working Group. He holds degrees in accounting and information technology from the Australian National University, is a Fellow of the Governance Institute of Australia and an affiliate member of Chartered Accountants Australia and New Zealand. Jamie is a regular and accomplished industry speaker and media commentator on cyber security. He is based in Australia.

ISACA Board Committees: Innovation & Technology Committee; Audit & Risk

Tracey Dedrick

Director and 2020-2021 ISACA Board Chair Tracey Dedrick is a board member and chair of the Risk Committee for First Bank Puerto Rico. She was formerly the lead director, chair of the Governance Committee and chair of the Risk Committee for Sterling FSB, and before that, EVP and Head of ERM for Santander Holdings US, where she was responsible for enterprise risk, operational risk and market risk for the Americas. Prior to these roles, she was EVP, Chief Risk Officer and a member of the executive team for Hudson City Bancorp, where she built regulatory compliant risk, compliance and information security functions. Prior to that, Dedrick spent nine years at MetLife, where she successively built the capital markets function for the newly demutualized company as assistant treasurer, reinvented the investor relations function, helping to double the share prices as head of investor relations, and installed a market-consistent economic capital model as head of market risk, leading to the eventual disposition of the annuity business. Dedrick is a past ISACA board chair, a former chair of ISACA’s Governance and Nominating Committee, and recently served as ISACA’s interim CEO. Currently, she is serving as ISACA board director and vice chair of ISACA’s Audit and Risk Committee. She is based in the United States.

ISACA Board Committees: Audit & Risk

Stephen Gilfus

Stephen is chairman at Gilfus Education Group, a Washington, D.C.-based education and workforce consulting firm and think tank with a strong focus on strengthening and scaling existing organizations while also building capacity in growing industry sectors (cybersecurity, A.I., safety, and risk). He has founded and scaled various for-profit and not-for-profit entities.

Gilfus started his career as a founder, business and technology architect of Blackboard Inc., a global e-learning software, technology, and infrastructure company that was used by over 20,000 organizations in more than 70 countries, with 20 million instructors/trainers and learners worldwide. He is a seasoned and entrepreneurial board member and operator with over 25 years of experience guiding, strategically growing, and supporting mission-based organizations, not-for-profits, education businesses and institutions, government entities, education companies, and the entrepreneurs serving them.

Gilfus also has extensive experience evaluating and combining synergistic value and managing transactions for business combinations, roll-ups, acquisitions, and divestitures, as well as start-up experience with high-growth organizations serving global education, Fortune 1000 corporations, and government institutions. He is passionate about empowering organizations and people with capabilities that can positively impact industries, while improving the lives of individuals. He is based in the United States.

ISACA Board Committees: Compensation & Human Capital Management and Innovation & Technology Committees

Niel Harper

Director Niel Harper, CDPSE, CRISC, CISA, CISSP, NACD Certified Director, is a technology and cybersecurity executive and the global chief security officer at JetBrains. He has previously served in chief information security officer roles at Doodle, the International Criminal Police Organization (INTERPOL) and the United Nations Office for Project Services (UNOPS). He has had senior leadership and advisory experience with Aspen Institute, Bemol, Canonical, CIBC, Deloitte Consulting, European Commission, and the Internet Society, among others. Harper has more than 20 years of deep interdisciplinary knowledge across the domains of IT risk management, cybersecurity, privacy, Internet governance & policy, and digital transformation.

He is the recipient of the 2025 Security Magazine Top 10 Cybersecurity Leaders Award, 2024 ISC2 Global Achievement Award, 2021 ISACA Technology for Humanity Award and the 2021 IFSEC Caribbean Security & Resilience Award. Harper has also been recognized by the World Economic Forum as a Young Global Leader and a Global Shaper. He has held fellowships to the American Registry for Internet Numbers (ARIN), British Computer Society, OECD Technology Foresight Forum, and the Royal Society of Arts. He obtained a master of laws (LLM) from the University of Strathclyde in Internet Law & Policy (specializing in cybercrime, privacy, and security), a master in business administration (MBA) from the University of Leicester, a CERT certificate in cyber-risk oversight from Carnegie Mellon University, and an executive certificate in cybersecurity leadership and strategy from Florida International University. He is based in Germany.

ISACA Board Committees: Audit & Risk Committee

Gabriela Hernández-Cardoso

Director Gabriela Hernández-Cardoso, NACD Certified Director, has spent her career in both public and private sectors. In 2010, she was appointed president and CEO of GE Mexico, and in 2013, she was named Latin America general counsel for GE. Prior to joining GE, Gabriela worked in the Mexican government, holding positions in the NAFTA negotiation team, under-attorney for consumer protection and in the Ministry of Communications and Transportation, first as General Director for Telecommunications and then as Undersecretary for Communications, a presidential appointment. In the private sector, she has had experience in corporate law and international trade, working in companies such as Motorola and Tellabs. Gabriela earned her law degree with honors from Escuela Libre de Derecho, completing post-graduate studies. She is a Yale World Fellow (2016). She taught the course “Building a Business in a Failed State—A Practicum for Hope Village, Somalia” at Yale, leveraging the student´s talent to create a sustainable business model for Hope Village bringing economic resources, purpose and dignity to the population. This was the beginning of a continued effort to pursue social enterprises to enhance the intersection of public, private and social sectors in order to target a culture shift and create a virtuous circle with the main focus areas: tools for the XXI Century human being, a conscious economic vehicle and the rule of law as a backbone.

Gabriela is also an independent board member of diverse institutions and corporations in Mexico and other countries. As an active board director, her focus is pursuing purpose capitalism with a focus on sustainability/environmental, social and governance. She is based in Mexico.

ISACA Board Committee: Compensation & Human Capital Management Committee

Jason Lau

Director Jason Lau, AAIA, CGEIT, CRISC, CISA, CISM, CDPSE, CISSP, HCISPP, FIP, CIPP/E, CIPM, CIPT, CEH, is a globally recognized cybersecurity and privacy leader with over 25 years of experience building and scaling security programs across highly regulated industries. He currently serves as the founding global Chief Information Security Officer (CISO) at Crypto.com, where he leads global security and privacy initiatives for a platform serving more than 180 million users.

Jason is a recipient of the (ISC)² Lifetime Achievement Award, the highest honor in cybersecurity, recognizing a career marked by sustained excellence and global impact. He also serves as a Global Board Director at ISACA, and sits on advisory boards for leading security organizations including Black Hat, 1Password, and HackerOne, among others. Previously, he was a Cybersecurity Advisor at Microsoft, where he led strategic initiatives across threat intelligence, incident response, and risk governance for Fortune 200 companies.

Beyond industry accolades, Jason has helped shape some of the world’s most consequential cybersecurity, data privacy, and AI policies, certifications, and regulatory frameworks—advising enterprises, governments, and global think tanks including the World Economic Forum and the Centre for Information Policy Leadership (CIPL). He has contributed to several cybersecurity patents and maintains a strong focus on the intersection of AI and cybersecurity, with an emphasis on AI-driven threat detection and response.

Consistently ranked among the Top 30 CISOs globally, Jason is also an Adjunct Professor in Cybersecurity, mentoring the next generation of security professionals. He remains a leading voice in the evolution of cybersecurity governance, strategy, and risk management.

Massimo Migliuolo

Director Massimo Migliuolo is an experienced CEO from the technology sector, currently serving as executive chairman at Intuin and founder and director of Cedro and Kibe, three companies created with his sons, where he is engaged in developing value chain optimization in the sustainability, retail and construction verticals. Previously, Massimo was the chief executive officer of Vads and Vads Lyfe, both owned by government-controlled Telekom Malaysia. While at Telekom Malaysia, Massimo also served as chief executive officer of Intelsec, where he executed on customer partnerships and joint ventures. Before that, Massimo served as a senior executive at Cisco for twelve years, including as vice president of emerging markets and vice president of mobile operations worldwide, as well as in various roles with AT&T Network Systems and Lucent Technologies. He splits his time between Malaysia and Switzerland.

ISACA Board Committees: Compensation & Human Capital Management and Innovation & Technology Committees

Pamela Nigro

Director and 2022-2023 ISACA Board Chair Pamela (Pam) Nigro, CRMA, CISA, CGEIT, CRISC, CDPSE, is currently Vice President of Security and Security Officer at Medecision, responsible for governance, risk, cybersecurity and cyber resilience. She is a subject matter expert in HIPAA, HITRUST, SOC 2, Sarbanes-Oxley (NAIC-MAR), and IT/cybersecurity controls. She also serves as an Adjunct Professor at Lewis University in Illinois, USA, teaching graduate-level courses on healthcare data security privacy, ethics, risk, and IT governance and compliance. She is a certified ISACA trainer, and a "Distinguished Toastmaster" from Toastmasters International, frequently speaking at industry conferences. She is based in the United States.

ISACA Board Committee: Audit & Risk; Compensation & Human Capital Management; and Governance & Nominating Committees

Maureen O'Connell

Director Maureen O’Connell, NACD Certified Director, has executive experience in both finance and education. Most recently, she was executive vice president and CFO of Scholastic Corp., where she was responsible for finance, operations, supply chain, technology, HR and legal. O’Connell has also served as president at Gartner and CFO of Barnes & Noble. She has more than 30 years of progressive experience in finance and operations management and has been named “Financial Executive Who Will Make a Difference in the Next Decade” by CFO magazine. She also received the CFO World-Class Award from CFO Studio and was named one of the 30 Outstanding Women in Business by Treasury & Risk Magazine. She is based in the United States.

ISACA Board Committees: Audit & Risk Committee

Erik Prusch

Director Erik Prusch is chief executive officer for ISACA. Prior to joining ISACA, Erik was chief executive officer at Harland Clarke Holdings Corp., a provider of integrated payment solutions and integrated marketing services. He has also served as CEO for Outerwall, Lumension, NetMotion Wireless, Clearwire and Borland Software Corporation. Additionally, he has been a board member for Rover Group Inc., RealNetworks, WASH, Calero Software and Keynote Systems. Previously in his career, Erik served as chief financial officer for a number of public companies, such as Identix and Borland, and for divisions of public companies, such as Gateway Computers and PepsiCo. He began his career at Deloitte & Touche (then Touche Ross). Erik holds a bachelor’s degree from Yale University and an MBA from NYU’s Stern School of Business. He is based in the United States.

Tim Sattler

Director Dr. Tim Sattler, CISA, CISM, CGEIT, CRISC, CDPSE, CISSP, CCSP, ISO 27000 LI/LA, is a recognized information security and cybersecurity leader with over two decades of experience shaping enterprise security strategies across diverse industries. Currently serving as the head of corporate information security and CISO at Jungheinrich AG, a global intralogistics leader, Dr. Sattler spearheads the organization’s information security and cybersecurity initiatives. He has established company-wide ISMS programs and developed multiple security capabilities from the ground up. Before joining Jungheinrich, Dr. Sattler held senior security leadership roles at Kuehne + Nagel, Bauer Media Group, and Nordcapital Group. His early consulting roles honed his technical expertise and strategic advisory skills. Dr. Sattler holds a doctorate in physics from the University of Hamburg. He has earned numerous professional distinctions, including the CGEIT and CRISC Worldwide Excellence Awards, as well as the CISM Geographic Excellence Award from ISACA. In 2019, he received the CISO Award from the German CISO Alliance.

A dedicated ISACA volunteer since 2010, Dr. Sattler served as president of the ISACA Germany chapter from 2019 to 2025, having previously held the role of vice president. He has contributed extensively to ISACA through multiple international committees, working groups, and task forces. Dr. Sattler is passionate about advancing digital trust, fostering responsible innovation, and mentoring the next generation of cybersecurity professionals. He is based in Germany.

ISACA Board Committees: Innovation & Technology Committee

Asaf Weisberg

Director Asaf Weisberg, CSX-P, CISM, CRISC, CISA, CGEIT, CDPSE, is a highly experienced IT and cyber security executive with strong strategic skills, and the founder & CEO of introSight Ltd. Over the years at introSight, he developed a unique quantitative risk management methodology, led development efforts of cyber risk management best practices and IT related regulation for governmental agencies, and directed countless business-centric projects in various areas of IT governance, risk and compliance. He has more than 25 years of hands-on, managerial, and mentoring experience in cybersecurity and various other IT disciplines. Weisberg has been a member of ISACA and a chapter leader for more than 18 years and served as the president of the ISACA Israel Chapter. He is based in Israel.

ISACA Board Committee: Audit & Risk and Innovation & Technology Committees