Michelle has over 25 years’ experience within financial services across operations and consulting roles, managing change and delivering solutions for a wide range of stakeholders. As Executive Officer, Michelle leads GNGB in managing the integrity, security and availability of the Superannuation Transaction Network (STN), navigating with Gateways through continuous change and improvement. Engaging with the STN’s wide stakeholder interests, she is a passionate advocate for the STN and the efficiencies it delivers for the benefit of the superannuation industry and Fund members.

Michelle recently co-authored a research paper on cybersecurity in the Australian superannuation ecosystem with PwC (titled ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Craig is the Cybersecurity & Digital Trust Lead Partner in Sydney and leads the firm’s Digital Risk Management capability nationally. He has over 25 years’ experience in professional services working across systems integration, technology risk and cybersecurity.

Craig has extensive experience in the Australian financial services sector, including the superannuation industry. His experience includes assessing and advising local and global organisations on how to enhance their technology and cyber resilience by understanding their environment and adopting industry better practice practices and standards.

Andrea is a Senior Manager in the PwC’s Cybersecurity & Digital Trust practice with over seven years’ experience in technology and cybersecurity governance, risk and compliance, specialised in the financial sector. Andrea has been heavily involved in CPS 234 since the release of the draft, working closely with our clients in an assurance or advisory capacity. In 2020, Andrea assisted in the development of the research paper on cybersecurity in the Australian superannuation ecosystem ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Bruce Young is General Manager, Operational Resilience at APRA, where he is responsible for leading the Operational Resilience business unit which includes operational, compliance, data, technology, cyber, supplier, climate and emerging risk.

Prior to joining APRA in March 2020, Bruce held the position of Chief Risk Officer (CRO) for Commonwealth Bank of Australia’ Technology & Group Operations for over six years including serving as the CRO for Group Strategy, Human Resources, Risk Management, Financial Services & Group Corporate affairs support services for a period of four years.

Bruce also spent over twenty years with Ernst & Young (EY), serving as a risk, audit & advisory partner for sixteen years. He served in a number of roles in EY, including National Director of the EY Oceania Technology and Security Risk Services practice, and IT Risk signing partner for large listed financial institutions.

In his personal time, Bruce volunteers as a director on the Board of Lifeline Harbour to Hawkesbury, and is chair of their Risk and Compliance Committee, and volunteers as a telephone crisis supporter providing crisis support on the Lifeline suicide crisis line.

John is a technology risk and governance leader with over 23 years experience with deep technical background.

As Head of Operational Resilience-Transformation at APRA, he leads a team of specialists responsible to execute the cyber strategy program to improve the cyber resilience across the financial system.

The team also assesses the management of Technology Resilience (including cyber security and IT risk) by APRA regulated entities and provides input to APRA's prudential standards and guidance.

Michelle has over 25 years’ experience within financial services across operations and consulting roles, managing change and delivering solutions for a wide range of stakeholders. As Executive Officer, Michelle leads GNGB in managing the integrity, security and availability of the Superannuation Transaction Network (STN), navigating with Gateways through continuous change and improvement. Engaging with the STN’s wide stakeholder interests, she is a passionate advocate for the STN and the efficiencies it delivers for the benefit of the superannuation industry and Fund members.

Michelle recently co-authored a research paper on cybersecurity in the Australian superannuation ecosystem with PwC (titled ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Jason has over 20 years of data and cyber security experience. As an experienced Information Risk Management and Cyber Security professional, Jason provides the ability to develop and operationalise programs to identify, assess and treat information / data risk.

Jason has assisted a number of financial organisations including superannuation funds with enhancing their approach for assessing and managing cybersecurity risks using both qualitative and quantitative methods. He recently worked with Peter Malan on the co-authored research paper on cybersecurity in the Australian superannuation ecosystem with the Gateway Network Governance Body (titled ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Andrea is a Senior Manager in the PwC’s Cybersecurity & Digital Trust practice with over seven years’ experience in technology and cybersecurity governance, risk and compliance, specialised in the financial sector. Andrea has been heavily involved in CPS 234 since the release of the draft, working closely with our clients in an assurance or advisory capacity. In 2020, Andrea assisted in the development of the research paper on cybersecurity in the Australian superannuation ecosystem ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Bruce Young is General Manager, Operational Resilience at APRA, where he is responsible for leading the Operational Resilience business unit which includes operational, compliance, data, technology, cyber, supplier, climate and emerging risk.

Prior to joining APRA in March 2020, Bruce held the position of Chief Risk Officer (CRO) for Commonwealth Bank of Australia’ Technology & Group Operations for over six years including serving as the CRO for Group Strategy, Human Resources, Risk Management, Financial Services & Group Corporate affairs support services for a period of four years.

Bruce also spent over twenty years with Ernst & Young (EY), serving as a risk, audit & advisory partner for sixteen years. He served in a number of roles in EY, including National Director of the EY Oceania Technology and Security Risk Services practice, and IT Risk signing partner for large listed financial institutions.

In his personal time, Bruce volunteers as a director on the Board of Lifeline Harbour to Hawkesbury, and is chair of their Risk and Compliance Committee, and volunteers as a telephone crisis supporter providing crisis support on the Lifeline suicide crisis line.

John is a technology risk and governance leader with over 23 years experience with deep technical background.

As Head of Operational Resilience-Transformation at APRA, he leads a team of specialists responsible to execute the cyber strategy program to improve the cyber resilience across the financial system.

The team also assesses the management of Technology Resilience (including cyber security and IT risk) by APRA regulated entities and provides input to APRA's prudential standards and guidance.

Michelle has over 25 years’ experience within financial services across operations and consulting roles, managing change and delivering solutions for a wide range of stakeholders. As Executive Officer, Michelle leads GNGB in managing the integrity, security and availability of the Superannuation Transaction Network (STN), navigating with Gateways through continuous change and improvement. Engaging with the STN’s wide stakeholder interests, she is a passionate advocate for the STN and the efficiencies it delivers for the benefit of the superannuation industry and Fund members.

Michelle recently co-authored a research paper on cybersecurity in the Australian superannuation ecosystem with PwC (titled ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Peter has over 22 years’ experience leading IT risk, information security, data governance, internal audit, business process and controls assurance engagements for a wide range of clients in Australia and Europe. He is PwC Australia’s Superannuation Technology Risk and Security Leader with significant superannuation and wealth management experience.

Peter provides cybersecurity and technology risk advisory and assurance services to a range of superannuation funds. He recently co-authored a research paper on cybersecurity in the Australian superannuation ecosystem with the Gateway Network Governance Body (titled ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Jason has over 20 years of data and cyber security experience. As an experienced Information Risk Management and Cyber Security professional, Jason provides the ability to develop and operationalise programs to identify, assess and treat information / data risk.

Jason has assisted a number of financial organisations including superannuation funds with enhancing their approach for assessing and managing cybersecurity risks using both qualitative and quantitative methods. He recently worked with Peter Malan on the co-authored research paper on cybersecurity in the Australian superannuation ecosystem with the Gateway Network Governance Body (titled ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Bruce Young is General Manager, Operational Resilience at APRA, where he is responsible for leading the Operational Resilience business unit which includes operational, compliance, data, technology, cyber, supplier, climate and emerging risk.

Prior to joining APRA in March 2020, Bruce held the position of Chief Risk Officer (CRO) for Commonwealth Bank of Australia’ Technology & Group Operations for over six years including serving as the CRO for Group Strategy, Human Resources, Risk Management, Financial Services & Group Corporate affairs support services for a period of four years.

Bruce also spent over twenty years with Ernst & Young (EY), serving as a risk, audit & advisory partner for sixteen years. He served in a number of roles in EY, including National Director of the EY Oceania Technology and Security Risk Services practice, and IT Risk signing partner for large listed financial institutions.

In his personal time, Bruce volunteers as a director on the Board of Lifeline Harbour to Hawkesbury, and is chair of their Risk and Compliance Committee, and volunteers as a telephone crisis supporter providing crisis support on the Lifeline suicide crisis line.

John is a technology risk and governance leader with over 23 years experience with deep technical background.

As Head of Operational Resilience-Transformation at APRA, he leads a team of specialists responsible to execute the cyber strategy program to improve the cyber resilience across the financial system.

The team also assesses the management of Technology Resilience (including cyber security and IT risk) by APRA regulated entities and provides input to APRA's prudential standards and guidance.

Michelle has over 25 years’ experience within financial services across operations and consulting roles, managing change and delivering solutions for a wide range of stakeholders. As Executive Officer, Michelle leads GNGB in managing the integrity, security and availability of the Superannuation Transaction Network (STN), navigating with Gateways through continuous change and improvement. Engaging with the STN’s wide stakeholder interests, she is a passionate advocate for the STN and the efficiencies it delivers for the benefit of the superannuation industry and Fund members.

Michelle recently co-authored a research paper on cybersecurity in the Australian superannuation ecosystem with PwC (titled ‘Securing the future: Protecting Australia’s superannuation ecosystem against cybersecurity threats’).

Ryan has over 15 years’ experience in information technology with the last 9 years focused on IT risk and cyber security. Ryan has defined, managed and embedded transformation programmes across all industry sectors and capability maturities with a strong focus on cultural change and adoption. These programmes have included proportionate blends of people, processes and technologies, aligned to industry better practice to meet compliance, regulatory and business objectives. This experience puts Ryan in a unique position to make recommendations that allow clients to take advantage of the opportunities that effective security can provide.

Claudia has over 20 years’ experience in Cyber Security and Digital Risk Management. She has been working in the Financial Sector for a number of years assisting clients in uplifting their cyber capability and to meet cyber regulations requirements. Recently she has been working with clients to manage risks introduced by third parties, ISMS Implementations, cyber program uplift aligned to ITIL, ISO 27001, NIST and CPS 234 including CPS 234 Tripartite Reviews.

Bruce Young is General Manager, Operational Resilience at APRA, where he is responsible for leading the Operational Resilience business unit which includes operational, compliance, data, technology, cyber, supplier, climate and emerging risk.

Prior to joining APRA in March 2020, Bruce held the position of Chief Risk Officer (CRO) for Commonwealth Bank of Australia’ Technology & Group Operations for over six years including serving as the CRO for Group Strategy, Human Resources, Risk Management, Financial Services & Group Corporate affairs support services for a period of four years.

Bruce also spent over twenty years with Ernst & Young (EY), serving as a risk, audit & advisory partner for sixteen years. He served in a number of roles in EY, including National Director of the EY Oceania Technology and Security Risk Services practice, and IT Risk signing partner for large listed financial institutions.

In his personal time, Bruce volunteers as a director on the Board of Lifeline Harbour to Hawkesbury, and is chair of their Risk and Compliance Committee, and volunteers as a telephone crisis supporter providing crisis support on the Lifeline suicide crisis line.

John is a technology risk and governance leader with over 23 years experience with deep technical background.

As Head of Operational Resilience-Transformation at APRA, he leads a team of specialists responsible to execute the cyber strategy program to improve the cyber resilience across the financial system.

The team also assesses the management of Technology Resilience (including cyber security and IT risk) by APRA regulated entities and provides input to APRA's prudential standards and guidance.