The investment, private equity, and venture capital sector in the United States and Europe operates at the intersection of capital, data, and complex global operations. Firms in this industry manage highly sensitive financial, transactional, and investor information while supporting portfolio companies across multiple sectors and jurisdictions. As cyber risk increasingly impacts deal activity, regulatory obligations, and operational resilience, security leaders in investment firms are expected to combine deep technical expertise with a strong understanding of business risk, governance, and transformation.
David Stern — Chief Information Security Officer, KKR & Co. Inc
David Stern serves as Chief Information Security Officer at KKR & Co. Inc, where he focuses on modernizing and strengthening the firm’s information security program. His experience spans governance, risk, and compliance (GRC), security engineering and architecture, threat intelligence, security operations, and incident response. David is known for building and leading teams that execute effectively and deliver measurable outcomes. His work emphasizes program maturity, talent development, and alignment between security initiatives and organizational priorities, supporting KKR’s global investment operations.
Steve Hortsman — Chief Information Security Officer, TPG
Steve Hortsman is the Chief Information Security Officer at TPG Global, a role he has held since 2016. He leads cybersecurity and technology risk efforts across the firm’s global operations. Prior to TPG, Steve served as Vice President and Senior Engineer at Goldman Sachs and spent more than a decade at Archon Group as Director and Global Head of Technology Risk. His earlier career included senior consulting and technical leadership roles, providing a strong foundation in infrastructure, risk management, and security operations within financial and investment environments.
João Pedro Gonçalves — Managing Director, Head of Cyber Security Strategy, CVC
João Pedro Gonçalves is Managing Director and Head of Cyber Security Strategy at CVC. He brings over 15 years of experience in cybersecurity, digital transformation, and technology leadership across multiple industries. João previously led a multi-year digital transformation at EQT and was involved in high-profile IPOs and M&A activities. His background includes enterprise architecture, automation, governance, and incident management. He holds Bachelor’s and Master’s degrees in Information Systems and Computer Engineering, an Oxford Saïd certification in Private Markets Investments, and authored Reporting Cyber Risk to Boards: CISO Edition.
Jim Goddard — Senior Operating Executive & Chief Security Officer, Hellman & Friedman
Jim Goddard is Senior Operating Executive and Chief Security Officer at Hellman & Friedman, where he works with portfolio companies on cybersecurity and technology risk matters. He previously served as Chief Information Security Officer at Kaiser Permanente and CommonSpirit Health, and held cybersecurity leadership roles at HP and IBM. In 2012, Jim completed a research grant with DARPA. He is a graduate of the United States Military Academy at West Point, holds a master’s degree from the University of Colorado at Boulder, a Harvard Business School executive leadership certificate, and several cybersecurity patents.
Christine Nagy — Global Chief Information Security Officer, Advent International
Christine Nagy is Global Chief Information Security Officer at Advent International, with more than 20 years of experience in information technology and cybersecurity leadership. She has supported organizations across biotechnology, banking, and financial services, developing systems for mission-critical environments. Christine’s experience includes platform modernization, virtualization across public and private clouds, compliance, disaster recovery, and IT service management. She is known for leading cross-functional teams, managing complex technology programs, and delivering security initiatives that support operational requirements across diverse business environments.
The Growing Role of Cybersecurity Leadership in Investment Firms
As investment firms continue to scale globally and rely on digital platforms to support deal execution and portfolio oversight, cybersecurity leadership has become a core operational function. The CISOs highlighted here reflect the growing importance of security, risk management, and technology governance in private equity and venture capital, helping firms navigate increasingly complex cyber and regulatory landscapes.