Rhea is a leader who speaks the languages of auditing, banking, regulation, and technology.
Third line of defense. Mastered the art of making workpapers stand on their own and assessing controls with evidence.
First and second line of defense. Understands business pressures, intersection of technology and compliance, and end-to-end payment systems.
Fourth line of defense. Deep experience with troubled institutions, enforcement actions, interagency policy, third-party risk management, and operational resilience.
A self-starter who relentlessly upskills to understand and counter emerging threats.
Coordinated activities for the Emerging Technology workstream.
Served as SME, analyzing global practices in Information and Communication Technology (ICT) risk management.
Performed a "stocktake" of cybersecurity regulations against Insurance Core Principles. Work was adopted as a template for other members.
The financial system faces novel, systemic risks from the rapid convergence of three powerful forces:
An ever-increasing attack surface and the threat of sophisticated state and non-state actors exploiting interconnected systems.
Opportunities for efficiency are matched by risks from poorly understood models, data integrity issues, and vectors for manipulation.
A long-term paradigm shift that threatens to render current cryptographic standards obsolete, requiring immediate strategic foresight.
Addressing interconnected risks demands a professional who has deliberately cultivated expertise across three distinct domains.
"The value is not in any single pillar, but in the unique perspective created at their intersection."
Translating emerging threats into tangible experiences that drive understanding and action.
The quantum threat is not theoretical. Adversaries are harvesting encrypted data today, waiting for quantum computers powerful enough to decrypt it tomorrow.
This interactive demo illustrates the "Store Now, Decrypt Later" attack vector—helping stakeholders understand why post-quantum cryptography migration must begin now, not when quantum computers arrive.
Automated cybersecurity assessment for financial institutions. Leverages AI agent architecture with ReAct reasoning to deliver transparent, step-by-step risk analysis.
Evaluates security controls against PCI-DSS, SOC 2, GDPR, and NIST CSF frameworks. Features privacy-focused design with local LLM inference capability and dynamic risk scoring engine.
"Like any predator, cyber criminals attack the weak and the slow. You don't need to be faster than the bear... just faster than the person next to you."
Rhea Nygard has the perspective to ensure the financial system stays one step ahead.