Massachusetts’ financial services ecosystem blends global asset managers, insurers, broker-dealers, and fast-scaling fintechs—each operating under intense regulatory and customer-trust pressure. Security leaders here are expected to protect sensitive financial data, keep critical services resilient, and satisfy overlapping compliance demands (privacy, payment security, public company disclosure, and sector-specific controls) while enabling rapid product and platform change. The CISOs below reflect that mix of governance maturity, operational execution, and business-facing leadership.
Rick Vadgama — Chief Information Security Officer, GEICO
Rick Vadgama is a global CISO and cybersecurity and IT operations leader with 20+ years of experience driving transformation across security, privacy, cloud, incident response, M&A, AI, and DevOps. In his role at GEICO, he emphasizes strategic investment optimization, program maturity, and regulatory alignment across frameworks and obligations including PCI DSS, GDPR, CCPA, HIPAA, SOX, and SEC cybersecurity disclosure. He is known for communicating complex risk clearly to senior executives and for shaping industry direction through advisory board roles with security and venture organizations.
Tom Sheehy — Chief Information Security Officer, Fidelity Investments
Tom Sheehy is a cybersecurity and financial technology executive with extensive experience leading large-scale programs in highly regulated environments. At Fidelity Investments, his background across fintech, API ecosystems, electronic trading, operations, risk, and compliance supports a security approach that is both strategic and execution-focused. He is recognized for identifying process inefficiencies, responding effectively to change, and delivering resilient security outcomes in complex financial services settings.
Stephen Scharf — Managing Director and Global Chief Information Security Officer, BlackRock
Stephen Scharf is an experienced security executive with 25+ years across technology risk, cybersecurity, resiliency, business continuity, consulting, and physical security, including long-standing CISO/CSO leadership reporting to executive management and presenting to boards. As Managing Director and Global CISO at BlackRock, he brings deep expertise in building security programs from the ground up, aligning initiatives to business needs, and driving change in matrixed global organizations. His prior experience establishing global security leadership structures and engaging regulators across critical financial services environments underscores a strong blend of governance, influence-driven leadership, and operational rigor.
Jason Facey — Chief Information Security Officer, Moors & Cabot
Jason Facey serves as Chief Information Security Officer at Moors & Cabot, alongside long tenure in technology leadership within the firm. His background includes security and infrastructure experience from earlier roles in systems security and enterprise IT support, supporting a pragmatic approach to protecting brokerage operations and client data. His leadership reflects continuity and deep institutional knowledge—critical traits in financial services environments where reliability, trust, and controlled change matter.
Michael Kroupa — Chief Information Security Officer, Natixis Investment Managers
Michael Kroupa is Chief Information Security Officer at Natixis Investment Managers, building on a long career spanning information security leadership and infrastructure operations. His trajectory includes progressive security responsibility within investment management, paired with earlier hands-on experience in networking and end-user infrastructure roles. This combination supports a security posture grounded in operational execution and practical risk reduction across enterprise environments.
Scott Whittaker — Chief Information Security Officer, Brightside
Scott Whittaker is CISO at Brightside, a fintech platform focused on financial wellness, where he leads information security, privacy, and resilience programs in a regulated environment. With 20+ years in IT and security, he has built and scaled programs for growth-stage companies across regulated sectors and has extensive experience with audit and assurance work spanning standards and requirements such as ISO 27001, SOC 2, HIPAA, PCI, SOX, and CJIS. His focus on security as a business enabler shows up in operational maturity, customer assurance, and board-level risk communication.
Massachusetts Financial Services Security Outlook
Across insurers, asset managers, broker-dealers, and fintech platforms, Massachusetts’ financial services CISOs operate at the intersection of resilience, regulatory scrutiny, and customer trust. The leaders featured here demonstrate how modern security programs are built: grounded in governance and compliance, strengthened by operational excellence, and designed to enable the business while managing risk at scale.
Next, explore Cybersecurity Leaders to Watch in Massachusetts’ Insurance Industry to see how CISOs protect policyholder data, underwriting systems, and claims platforms in regulated insurance markets.