Tracey Dedrick
Is a C-suite executive experienced in risk, compliance, treasury and investor relations. She was executive vice president (EVP) and head of enterprise risk management for Santander Holdings US, where she was responsible for enterprise risk, operational risk and market risk for the Americas. Prior to this role, she was EVP, chief risk officer and a member of the executive team for Hudson City Bancorp, where she built regulatory compliant risk, compliance and information security functions. Prior to that, Dedrick spent nine years at MetLife, where she successively built the capital markets function for the newly demutualized company as assistant treasurer; reinvented the investor relations function, helping to double the share prices as head of investor relations; and installed a market-consistent economic capital model as head of market risk, leading to the eventual disposition of the annuity business. Additionally, Dedrick serves on the boards of the Royal Shakespeare Company of America and the Royal Oak Foundation. She previously served on the conference committee of the US State of New Jersey Women’s Banking Association and on the board of Children’s Aid and Family Services.
As ISACA’s incoming
chair of the Board of
Directors, how do you see
ISACA® growing and
adapting to the constantly
changing marketplace and
needs of its constituents
over the next year?
That is a good question.
Since I joined the board, we
have been focused on
putting ISACA in the best
position to continue to be a
leader in its space. We have
been laying the groundwork
that will enable us to react
more quickly to a constantly
changing marketplace. We
have added a number of
people to the board who
have significant business
experience and experience
in strategy; we have a new
management team with
deep experience in learning
and development; we are
investing in our
infrastructure in the form of
new technology; we are
conducting new training
internally and adopting an
agile work environment.
Next, we will be focusing on
acquiring the data we need
to determine where and
what our membership and
the marketplace want and
need. We have all talked
about how we can engage
younger people in our
organization, gain more
diversity and expand our
global footprint, but we have
never had solid data from
which to make good decisions. We receive a
lot of data from the
chapters, but truthfully,
the majority of the
membership does not
engage in the chapter
model, so we are losing
input from a great
number of our
constituency. This
means we have to find
ways to access the full
membership for data.
Further, we need data
from the people we wish
to engage with, such as
the younger generations.
Once we have the data,
we will figure out how we
can “win” in the
marketplace and deliver
value to the organization.
What in your past
experience has best
prepared you for this
position on the ISACA
Board?
I have C-suite
experience in taking
organizations that are
operating suboptimally
and fixing them based
upon a lifetime of
experience in strategy,
risk and compliance,
finance, capital markets,
investor relations,
regulatory management,
and crisis management.
My experience ranges
from working in Fortune
50 companies to small
private institutions. All of these experiences are
relevant to this
organization.
What do you see as
the biggest risk factors
being addressed by
ISACA constituents?
As a board member
listening at chapters’
events, I can tell you that
I worry about the
seeming inability of the
membership to
communicate effectively
to the people above
them about the needs
and risk within the
organization. A large part
of what ISACA does is
provide the technical
skills members need to
progress in their careers,
and most of our
members are in middle
management. They are
in areas that are critical
to the organization but
are not revenue
producing, and they do
not have a seat at the
table with management.
As a result, they do not
feel that they get the
time, attention and
resources they need to
ensure the safety and
security of the
enterprise. I hear this
lament a lot. We all know
information security can
be highly technical and
the devil is in the details.
Those at the top are not generally technology
experts, so it is often a
matter of finding a way
to communicate in a
manner in which
executive leadership can
understand and absorb.
Communicating
effectively is equally
as important as what
you know.
You have extensive
experience in executive
leadership. How do you
see the role of
executives changing to
meet the challenges of
information security?
Carrying on a theme
that Brennan Baybeck
put forward as incoming
Board Chair last year,
having good information
security is now table
stakes. Enough chief
executive officers
(CEOs) have lost their
jobs and shareholder
value has been
destroyed over
information security
issues for executives to
get the message.
Executives are paid to
identify, understand and
weigh risk and make
good choices that lead
to
shareholder/stakeholder
value creation. Today,
this often means
making significant
changes in the business
through digital
transformation, the use
of blockchain, robotic
process automation
(RPA), artificial
intelligence (AI), big data and the Internet of
Things (IoT). Executives
need to stay on top of
the changing business
landscape and the risk
scenarios that are
created as a result of
that rapidly changing
landscape. To do that,
they need to equip
themselves with the
ability to ask the right
questions, whatever that
entails. Two examples
are: not being afraid to
say “I do not understand,
explain it to me,” and
hiring the best people
you can who are experts
in areas in which you
are not.
What do you think are
the most effective ways
to address the skills,
gender and diversity
gaps in the technology
space?
Ensure that women
and other diverse
candidates have role
models at all levels
across the organization.
Organizations are good
at having diversity up to
a point but, as the
pyramid narrows, diverse
candidates become very
scarce. I was surprised
to learn how much it
meant to other women in
the organization that I
had gotten this or that
promotion. It gave them
hope that it was actually
possible for them as
well.
Another way to address these gaps is to create education degrees and certifications that fulfill a technical market gap but do not require the full broad education required at institutions of higher learning, and making those affordable. I would also like to see greater efforts to retool the skills of people who have lost their jobs midcareer in an affordable and effective way.
What has been your
biggest workplace or
career challenge and
how did you face it?
There have been many
“biggest challenges” I
have had to face over the
years, each one seeming
to be the “biggest” at the
time it occurred. I would
say that when you get to
my age, there is little you
have not faced, and it is
a matter of staying
focused and not letting
the problem overwhelm.
My mantras are: 1. Keep
perspective. The
challenge may seem
overwhelming at the
outset, but “This, too, will
pass”; 2. Get as much
information together as
soon as you can about
the issue; 3. Prioritize
and attack the issue in a
thoughtful and organized
manner, and it will
eventually lead to the
changes; 4. Galvanize
the troops and make the
goal clear so everyone is
aligned; and 5. Celebrate
all wins.
What is the biggest risk challenge being faced in 2020? How should it be addressed?
I think it is safe to say COVID-19 and the impact on the economy and business models.
What are your three goals for 2020?
- Continue to improve governance and accountability at the board and management levels of ISACA
- Acquire the data we need to make solid, data-driven decisions regarding ISACA’s strategy on growing relevant products, content and membership
- Continue to invest in and execute on ISACA’s technology infrastructure
What industry-related sources (blogs, newsfeeds, etc.) do you read on a regular basis?
I tend to read broader and more strategy-related content such as McKinsey, Arnold & Porter, EY and just about anything fellow Board member Greg Touhill recommends.
What is on your desk right now?
My taxes, board books of three institutions, a photo of my parents, and a photo of Winston Churchill standing in the rubble of England’s Parliament building after it was bombed during World War II.
How has social media impacted you professionally?
I am not sure that it has. I have tended to avoid social media, generally speaking. The one exception is LinkedIn, but I can hardly call myself an active user.
What is your favorite benefit of your ISACA membership?
The real benefit for me has been being on the Board with such wonderful people who all care so much and work so hard to push this great organization forward.
What is your number-one piece of advice for IT risk professionals?
Since most of the membership is midcareer, I would say listen to your organization’s earnings call. Find out what is important to management and the investor community and, if you do not understand what/why, find someone to explain it to you. Then couch your needs in terms of those objectives, and you may find it easier to get time, attention and resources.
What do you do when you are not at work?
Spoil a nice walk by playing golf; do things for my parents, whom I am still lucky to have; stare at my garden and think about what I will have to move in the fall; make order out of chaos by cooking; and entertain friends who do not mind my experimenting on them. And read. I am a voracious reader.