Ireland’s financial services sector is broader than banking alone—spanning payments, asset management, fund services, insurance, fintech, and global technology providers that support regulated workflows. That mix brings constant pressure: strict oversight (DORA, GDPR and more), heavy third-party dependencies, and always-on digital channels that can’t afford downtime. The leaders below sit where operational resilience, regulation, and modern security execution collide.
Katherine Cancelado — Chief Information Security Officer, Confirmo
Katherine Cancelado is CISO at Confirmo, where she defines and executes the firm’s global information security, cyber resilience, and technology risk strategy. As a PCF-49 approved CISO, she oversees security governance and regulatory compliance, including MiCA and DORA, to protect systems supporting regulated stablecoin payment services. Her background spans cloud security strategy, penetration testing, vulnerability assessment, security hardening, and auditing, with experience across ISO 27K, PSD2, FFIEC, and GDPR-aligned initiatives.
Andrea Manning — Group Chief Information Security Officer, Acorn Life DAC
Andrea Manning is Group CISO at Acorn Life DAC, blending cybersecurity leadership with privacy and data protection expertise. Her work is strongly regulation-driven, with hands-on focus on implementing frameworks such as DORA, and sustained interest in AI governance and ethics. With prior leadership in data privacy and cybersecurity consulting, she emphasizes practical security awareness, pragmatic governance, and controls that help regulated organizations innovate while staying compliant (GDPR, NIS2, and emerging EU data/AI legislation).
Conor Flynn — Chief Information Security Officer, Waystone
Conor Flynn serves as CISO at Waystone, leading security strategy and execution for a major financial services provider supporting regulated clients. He brings a long track record as a founder and managing director of an information security assurance business, alongside earlier experience in enterprise IT environments. His profile reflects a governance-and-assurance mindset—well-suited to the due diligence, client assurance, and control expectations that shape modern funds and financial services operations.
Des O’C — Group Chief Information Security Officer, Paysend
Des O’C is Group CISO at Paysend, with a career rooted in product and application security leadership. Prior roles include leading product security and AppSec programs across global technology environments, backed by earlier experience as a senior software engineer. That blend—engineering depth plus security leadership—maps well to fintech realities: securing fast-moving platforms, building security into SDLC, and aligning risk reduction with product delivery.
Kelvin Garrahan — Chief Information Security Officer, AIG
Kelvin Garrahan is CISO at AIG, responsible for enterprise-wide cybersecurity strategy that protects critical assets, supports regulatory compliance, and enables business innovation. His role emphasizes proactive risk mitigation, threat intelligence, resilience, and building a security-aware culture—core priorities for large insurers managing complex ecosystems, sensitive data, and extensive third-party exposure.
Graham Carey — Chief Information Security Officer, Confluence
Graham Carey is CISO at Confluence, bringing long-standing experience running ISO 27001-aligned security management systems and leading assurance across confidentiality, integrity, and availability for client and business information. His scope includes information security risk management, incident response, business continuity/disaster recovery, third-party management, and audit readiness—capabilities that matter heavily in financial technology firms supporting institutional clients and regulatory-grade due diligence.
Ronan Timmons — Chief Information Security Officer, Investec (Ireland)
Ronan Timmons is CISO at Investec (Ireland). His role sits at the intersection of cybersecurity strategy, operational resilience, and governance for a regulated financial institution, aligning security priorities with business and risk objectives in a market defined by stringent oversight and complex threat exposure.
Keeping Ireland’s Financial Engine Resilient
What ties these leaders together isn’t just “security”—it’s the ability to translate regulation into execution, and execution into resilience. In Ireland’s financial services landscape, CISOs have to be fluent in supervision and audit expectations and credible with engineers and operators. The result is security programs that hold up under real incidents, real customers, and real regulators—without slowing the business to a crawl.