Tracey Dedrick
Is a C-suite executive experienced in risk, compliance, treasury and investor relations. She was executive vice president (EVP) and head of enterprise risk management for Santander Holdings US, where she was responsible for enterprise risk, operational risk and market risk for the Americas. Prior to this role, she was EVP, chief risk officer and a member of the executive team for Hudson City Bancorp, where she built regulatory compliant risk, compliance and information security functions. Prior to that, Dedrick spent nine years at MetLife, where she successively built the capital markets function for the newly demutualized company as assistant treasurer; reinvented the investor relations function, helping to double the share prices as head of investor relations; and installed a market-consistent economic capital model as head of market risk, leading to the eventual disposition of the annuity business. Additionally, Dedrick serves on the boards of the Royal Shakespeare Company of America and the Royal Oak Foundation. She previously served on the conference committee of the US State of New Jersey Women’s Banking Association and on the board of Children’s Aid and Family Services.
As ISACA’s incoming chair of the Board of Directors, how do you see ISACA® growing and adapting to the constantly changing marketplace and needs of its constituents over the next year?
That is a good question. Since I joined the board, we have been focused on putting ISACA in the best position to continue to be a leader in its space. We have been laying the groundwork that will enable us to react more quickly to a constantly changing marketplace. We have added a number of people to the board who have significant business experience and experience in strategy; we have a new management team with deep experience in learning and development; we are investing in our infrastructure in the form of new technology; we are conducting new training internally and adopting an agile work environment. Next, we will be focusing on acquiring the data we need to determine where and what our membership and the marketplace want and need. We have all talked about how we can engage younger people in our organization, gain more diversity and expand our global footprint, but we have never had solid data from which to make good decisions. We receive a lot of data from the chapters, but truthfully, the majority of the membership does not engage in the chapter model, so we are losing input from a great number of our constituency. This means we have to find ways to access the full membership for data. Further, we need data from the people we wish to engage with, such as the younger generations. Once we have the data, we will figure out how we can “win” in the marketplace and deliver value to the organization.
What in your past experience has best prepared you for this position on the ISACA Board?
I have C-suite experience in taking organizations that are operating suboptimally and fixing them based upon a lifetime of experience in strategy, risk and compliance, finance, capital markets, investor relations, regulatory management, and crisis management. My experience ranges from working in Fortune 50 companies to small private institutions. All of these experiences are relevant to this organization.
What do you see as the biggest risk factors being addressed by ISACA constituents?
As a board member listening at chapters’ events, I can tell you that I worry about the seeming inability of the membership to communicate effectively to the people above them about the needs and risk within the organization. A large part of what ISACA does is provide the technical skills members need to progress in their careers, and most of our members are in middle management. They are in areas that are critical to the organization but are not revenue producing, and they do not have a seat at the table with management. As a result, they do not feel that they get the time, attention and resources they need to ensure the safety and security of the enterprise. I hear this lament a lot. We all know information security can be highly technical and the devil is in the details. Those at the top are not generally technology experts, so it is often a matter of finding a way to communicate in a manner in which executive leadership can understand and absorb. Communicating effectively is equally as important as what you know.
You have extensive experience in executive leadership. How do you see the role of executives changing to meet the challenges of information security?
Carrying on a theme that Brennan Baybeck put forward as incoming Board Chair last year, having good information security is now table stakes. Enough chief executive officers (CEOs) have lost their jobs and shareholder value has been destroyed over information security issues for executives to get the message. Executives are paid to identify, understand and weigh risk and make good choices that lead to shareholder/stakeholder value creation. Today, this often means making significant changes in the business through digital transformation, the use of blockchain, robotic process automation (RPA), artificial intelligence (AI), big data and the Internet of Things (IoT). Executives need to stay on top of the changing business landscape and the risk scenarios that are created as a result of that rapidly changing landscape. To do that, they need to equip themselves with the ability to ask the right questions, whatever that entails. Two examples are: not being afraid to say “I do not understand, explain it to me,” and hiring the best people you can who are experts in areas in which you are not.
What do you think are the most effective ways to address the skills, gender and diversity gaps in the technology space?
Ensure that women and other diverse candidates have role models at all levels across the organization. Organizations are good at having diversity up to a point but, as the pyramid narrows, diverse candidates become very scarce. I was surprised to learn how much it meant to other women in the organization that I had gotten this or that promotion. It gave them hope that it was actually possible for them as well.
Another way to address these gaps is to create education degrees and certifications that fulfill a technical market gap but do not require the full broad education required at institutions of higher learning, and making those affordable. I would also like to see greater efforts to retool the skills of people who have lost their jobs midcareer in an affordable and effective way.
What has been your biggest workplace or career challenge and how did you face it?
There have been many “biggest challenges” I have had to face over the years, each one seeming to be the “biggest” at the time it occurred. I would say that when you get to my age, there is little you have not faced, and it is a matter of staying focused and not letting the problem overwhelm. My mantras are: 1. Keep perspective. The challenge may seem overwhelming at the outset, but “This, too, will pass”; 2. Get as much information together as soon as you can about the issue; 3. Prioritize and attack the issue in a thoughtful and organized manner, and it will eventually lead to the changes; 4. Galvanize the troops and make the goal clear so everyone is aligned; and 5. Celebrate all wins.
What is the biggest risk challenge being faced in 2020? How should it be addressed?
I think it is safe to say COVID-19 and the impact on the economy and business models.
What are your three goals for 2020?
- Continue to improve governance and accountability at the board and management levels of ISACA
- Acquire the data we need to make solid, data-driven decisions regarding ISACA’s strategy on growing relevant products, content and membership
- Continue to invest in and execute on ISACA’s technology infrastructure
What industry-related sources (blogs, newsfeeds, etc.) do you read on a regular basis?
I tend to read broader and more strategy-related content such as McKinsey, Arnold & Porter, EY and just about anything fellow Board member Greg Touhill recommends.
What is on your desk right now?
My taxes, board books of three institutions, a photo of my parents, and a photo of Winston Churchill standing in the rubble of England’s Parliament building after it was bombed during World War II.
How has social media impacted you professionally?
I am not sure that it has. I have tended to avoid social media, generally speaking. The one exception is LinkedIn, but I can hardly call myself an active user.
What is your favorite benefit of your ISACA membership?
The real benefit for me has been being on the Board with such wonderful people who all care so much and work so hard to push this great organization forward.
What is your number-one piece of advice for IT risk professionals?
Since most of the membership is midcareer, I would say listen to your organization’s earnings call. Find out what is important to management and the investor community and, if you do not understand what/why, find someone to explain it to you. Then couch your needs in terms of those objectives, and you may find it easier to get time, attention and resources.
What do you do when you are not at work?
Spoil a nice walk by playing golf; do things for my parents, whom I am still lucky to have; stare at my garden and think about what I will have to move in the fall; make order out of chaos by cooking; and entertain friends who do not mind my experimenting on them. And read. I am a voracious reader.