The organizations in this feature are household names operating across dozens of countries, serving millions of customers, and managing security programs of a scale that most enterprises will never approach. The leaders protecting them have built careers across financial services, defense, healthcare, automotive, and technology, and their programs reflect what enterprise security looks like when the stakes are measured in global operational continuity, regulatory exposure across multiple jurisdictions, and the kind of reputational risk that comes with protecting brands that the entire world recognizes.
John R. Miller — Global Chief Information Security Officer, Barclays
John R. Miller joined Barclays as global CISO in October 2024, bringing more than twenty-three years of security leadership at Citi. His tenure at Citi spanned vulnerability assessments and single sign-on authentication leadership, managing director of global security operations, managing director of global head of cyber security and network services, and ultimately head of cyber security services, where he was responsible for cyber security fusion centers, the cyber intelligence center, security engineering and architecture, and global security operations. Before stepping into the Barclays CISO role, he spent nine months as managing director and head of cyber defense at Wells Fargo. That thirty-year career built almost entirely inside two of the world’s largest financial institutions gives him a depth of enterprise banking security experience that is difficult to match, and he brings it to a global bank whose security program operates under some of the most demanding regulatory scrutiny in the industry.
Gary Harbison — Senior Vice President and Global Chief Information Security Officer, Johnson and Johnson
Gary Harbison has served as global CISO at Johnson and Johnson since November 2022, leading information security for one of the world’s largest healthcare and pharmaceutical companies. Before J&J, he spent nearly four years as SVP and global CISO at Bayer, and before that nearly five years as CISO at Monsanto, where he built and led the Information Security Office with global ownership of security strategy, IT risk management, cyber threat and intelligence, business continuity, and the global privacy program. His earlier career at Monsanto spans security architect, information security officer, and security architecture lead roles going back to 2009, and before Monsanto he spent nearly ten years as a security architect at Anheuser-Busch. He also began his career in IT and security engineering roles at Scott Air Force Base through DITCO and NCI Consulting. Alongside his executive roles he serves as adjunct professor in the cybersecurity master’s program at Washington University in St. Louis, advises multiple cybersecurity startups, sits on multiple executive advisory boards for cybersecurity companies, and serves as a board advisor to Mercy on its Digital Data and Information Systems Security Committee. That combination of defense, global consumer goods, agriculture, and pharmaceutical security leadership, anchored by deep community engagement, makes him one of the more broadly credentialed global CISOs in this feature.
Kristie Pfosi — Global Chief Information Security Officer, Marelli
Kristie Pfosi leads IT, OT, and product cybersecurity globally at Marelli, an automotive tier 1 supplier with 50,000 employees across 170 locations in 25 countries and revenues exceeding ten billion euros. Her background is built almost entirely in automotive cybersecurity, a specialized discipline that sits at the intersection of embedded systems, vehicle software, supply chain security, and increasingly stringent regulatory requirements. She spent more than three years as executive director of product cybersecurity at Aptiv, leading a global center of excellence for on-vehicle and embedded product security across all global product lines, including penetration testing, vulnerability management, incident response, and security by design. Before Aptiv, she led automotive cybersecurity and privacy at Mitsubishi Electric Automotive America, and before Marelli’s current role she served as senior director of enterprise security and CISO at Delta Faucet Company covering IT, OT, and product security. She also runs Edge Technologies Consulting, an advisory practice she founded in 2019. Holding a Top Secret SCI clearance and a PMP certification alongside deep automotive OT and product security expertise reflects a profile that is genuinely uncommon in the global CISO landscape.
Christine Herman — Senior Vice President and Global Chief Information Security Officer, Allstate
Christine Herman joined Allstate as SVP and global CISO in October 2025, bringing a career shaped by financial services security, defense, and fintech. She spent nearly two years as managing director and global head of employee platforms cybersecurity at JPMorgan Chase, responsible for designing and delivering security solutions for the technology stack powering more than 300,000 globally distributed employees. Before JPMorgan, she served as EVP and chief technology and security officer at Finance of America Companies, where she held combined accountability for IT, software engineering, digital product, enterprise infrastructure, and cybersecurity across a portfolio of mortgage and financial services companies. Earlier in her career she spent more than three years at Morgan Stanley as global head of operational assurance and global technology lead for incident response, and before that spent five years in technical director, journeyman operator, and threat analyst roles at the United States Department of Defense. She also guided a cybersecurity startup through acquisition as head of strategy. That arc from DoD cyber operations through investment banking and mortgage technology to a global insurance CISO seat reflects a security leader whose experience spans the full range of what enterprise and government security demands.
Jairo Orea — Global Chief Information Security Officer, Royal Caribbean Group
Jairo Orea has served as global CISO at Royal Caribbean Group since November 2020, protecting the digital and operational infrastructure of one of the world’s largest cruise and travel companies across its fleet of ships, global office operations, and customer-facing platforms. Before Royal Caribbean, he spent nearly three years as global CISO at Kimberly-Clark and seven years as VP of cybersecurity consulting and chief information security architect at UnitedHealth Group. His earlier career spans more than six years at ING across chief information security officer, chief information security architect, and head of data management roles, and more than ten years as CISO at ING in an earlier capacity going back to 1994. That three-decade career across financial services, healthcare, consumer goods, and hospitality security reflects a leader whose cross-sector depth is genuinely unusual even among global CISOs, and whose experience protecting organizations that operate in dozens of countries simultaneously shapes how he approaches security governance at Royal Caribbean’s scale.
Aman Raheja — Global Chief Information Security Officer, Hewlett Packard Enterprise
Aman Raheja joined Hewlett Packard Enterprise as global CISO in January 2025, bringing a career that spans more than two decades of security and technology leadership across financial services, healthcare, and enterprise technology. He spent more than five years at Humana across multiple CISO roles, progressing from CISO through CISO and head of IT operations, CISO with IT risk and IT vendor management office responsibility, and ultimately CISO with added data governance accountability. Before Humana, he spent more than four years as US CISO and head of enterprise information security solutions and then global CISO at BMO Financial Group, where he also served as vice chair of the Canadian Banking Association’s Cyber Security Specialist Group and sat on advisory boards at IANS, Symantec, and Akamai Technologies. His earlier career includes deputy CISO and senior director of information risk management at Express Scripts, and security leadership roles at Citi across application security, business information security, and group information security officer functions. He serves on the board of directors of HITRUST, on the industry advisory board of SixThirty, and as a member of the Forbes Technology Council and board of directors of the National Technology Security Coalition. That path from application security practitioner through banking CISO and healthcare CISO to global enterprise technology CISO reflects a career built methodically across every layer of the security leadership stack.
Alonzo Ellis — Global Chief Information Security Officer, Morgan Stanley
Alonzo Ellis has served as global CISO at Morgan Stanley since September 2021, leading security for one of the world’s most prominent investment banks and wealth management firms. Before Morgan Stanley, he spent more than eight years at Vanguard, progressing from department head of enterprise security and fraud through principal and ultimately chief security officer and CISO. His earlier career includes director and senior technology risk officer at Citigroup’s global COO office, where he led IT risk and security for Smith Barney, Equity Research, and the Private Bank across the US, Switzerland, Hong Kong, Singapore, and London, completing more than 100 information security and business continuity audits with a 98 percent success rate against internal audit and external regulators over three years. Before Citigroup, he spent four years running OZ World Media, a secure B2B digital publishing company he founded and later sold. He also held principal roles at Capgemini leading the IT risk practice for Fortune 1000 clients including Bank of America, Citigroup, Microsoft, and ING Bank. He holds multiple patents and speaks at security conferences as a subject matter expert. That combination of entrepreneurial experience, consulting depth, and successive CISO roles at two of the most scrutinized financial institutions in the world makes him one of the more distinctively credentialed leaders in this feature.
What Global CISOs Carry That Others Do Not
Leading security at a global organization is a different discipline than leading it at a regional or national one. The regulatory environments multiply. The threat actor interest intensifies. The board reporting demands sharpen. The operational complexity of protecting employees, customers, and systems across dozens of countries simultaneously requires a security program that is both strategically coherent and locally executable. The leaders in this feature have built careers precisely at that intersection, and the organizations they protect are better for it.
Discover more CISOs in various sectors and locations:
