Investment banking and financial advisory sit at the intersection of confidential deal intelligence, regulatory scrutiny, and sophisticated threat actors who understand exactly what is at stake when a merger is pending or a capital raise is in progress. The CISOs in this feature are protecting some of the most sensitive financial information in the world, across firms whose reputations depend on discretion, whose regulatory obligations span dozens of jurisdictions, and whose clients trust them with material non-public information that adversaries would pay dearly to access. Their backgrounds span intelligence community operations, global bank security leadership, internal audit, and network engineering, and their programs reflect what security looks like when the information being protected moves markets.
Yatin Choksey — CISO, Moelis and Company
Yatin Choksey has served as CISO at Moelis and Company since May 2016, building and sustaining the global cybersecurity program for one of the world’s leading independent investment banks. His background spans more than twenty years of security architecture and strategic planning across financial, legal, and manufacturing industries, with deep technical expertise in virtual environments, mobile security, and cloud security combined with a collaborative management approach that has earned him consistent recognition as a problem solver in complex situations. His accomplishments include strategizing zero trust architecture for a top-50 global law firm operating across 19 countries and establishing corporate-wide buy-in to train existing technical staff as information security officers across 38 international business units, achieving synchronized security policies and operations at scale. At Moelis, his security program protects a firm whose advisors handle some of the most sensitive M&A and restructuring mandates in global finance.
John Cadavid — CISO, UBS
John Cadavid joined UBS as CISO for Global Functions and Americas in July 2024, serving as deputy to the group CISO and leading the Cyber Intelligence Center, security incident management, security assessments, third-party security, emerging technology and AI security, and cyber risk advisory globally. Before UBS, he spent three years at Barclays as CISO International and CSO Americas, covering the investment bank, markets, corporate bank, consumer bank, and wealth management across all regions while serving as global head of third-party security and IAM and leading cybersecurity, incident management, crisis management, cyber and fraud fusion, physical security, and operational resilience across the Americas. Before Barclays, he spent a year as head of cyber security at BNP Paribas and more than seventeen years at Citi across roles spanning security operations center analyst, global control and risk management, global head of business operations and service management, head of Asia Pacific cyber security and networks based in Singapore, head of Latin America and Mexico cyber security, and ultimately COO and global head of business operations and service management for cyber security and networks. That seventeen-year Citi career, built progressively through regional and global security leadership across Asia, Latin America, and the Americas, reflects an investment banking security leader whose institutional depth in global financial services security governance is as comprehensive as it gets.
David Gotard — CISO, Societe Generale Americas
David Gotard has served as CISO and managing director at Societe Generale Corporate and Investment Banking since October 2022, accountable for security strategy, program execution, and regulatory engagement across five countries while maintaining cross-border influence over Group cybersecurity and technology functions in Paris. His current mandate includes globally responsible risk governance for Bernstein, a joint venture between Societe Generale and AllianceBernstein spanning three organizations across multiple jurisdictions. He also acts as a cybersecurity executive partner to SG investment bankers, advancing commercial relationships with security technology companies and channeling direct market intelligence into program innovation. His path to the CISO seat ran entirely through Societe Generale, where he spent more than five years as head of equities, equity derivatives, and commodities technology before moving into head of digital data security and protection. That front office technology background, built inside the trading and derivatives business before transitioning to security leadership, gives him an unusually grounded understanding of the financial systems and data flows he now protects.
Peter Keenan — CISO, Lazard
Peter Keenan has served as CISO at Lazard since 2015, overseeing the global information security strategy and program for one of the world’s preeminent financial advisory and asset management firms, operating from 43 cities across 27 countries with origins dating to 1848. His responsibilities span technology risk, information security, and privacy risk management across a firm whose M&A advisory, restructuring, capital raising, and asset management practices handle sensitive client information across every major financial market. He holds certifications spanning CISSP, CEH, CFE, CAMS, CCNA, and CCDA, reflecting a technical and regulatory breadth that covers broker-dealer, banking, AML, fraud, KYC, PCI-DSS, SOX, FFIEC, GLBA, and Basel compliance frameworks. That combination of deep technical credentialing, broad regulatory expertise, and a decade of sustained CISO leadership at one of the world’s most storied advisory firms reflects a security leader whose program has matured alongside the firm it protects.
Lori Cole — CISO, BlueMatrix
Before stepping into the CISO role at BlueMatrix, the research infrastructure platform trusted by more than 1,000 institutional financial firms across 50-plus countries, Lori Cole built one of the more unconventional paths to financial services security leadership in this feature. She spent more than six years as an intelligence analyst at the National Security Agency working counter-terrorism, counter-narcotics, and strategic nuclear target development before moving to Booz Allen Hamilton as a mission technical lead and digital network intelligence analyst. She then deployed as a forward cyber analyst at CyberPoint International in Abu Dhabi, returned to serve as a cyber threat analyst at BB&T and senior threat intelligence consultant at Recorded Future, and spent more than a year as deputy CISO at Hanesbrands before joining Citi as SVP and global cyber investigations program manager. At Citi, she also served as a cyber operations officer in the US Army Cyber Command concurrently and led an action group on ethical use of AI and machine learning across the firm. BlueMatrix operates at the infrastructure layer beneath institutional investment research, determining what research can be accessed, how it is structured and governed, and how its use is traced, which makes the security mandate genuinely consequential across the buy-side and sell-side ecosystem she now helps protect.
Elsa Ferreira — CISO, Evercore
Elsa Ferreira has served as CISO at Evercore since February 2016, having spent the preceding four years at the same firm as director of internal audit and risk management before stepping into the security leadership role. Before Evercore, she was a manager at EisnerAmper, partnering with public and private financial and insurance organizations on operational reviews, system evaluations, and compliance audits, and before that a manager in AXA Equitable’s internal audit function. Her path from financial audit and risk management into CISO leadership is less common than the technical engineering routes that dominate security career narratives, and it gives her a governance, controls, and regulatory compliance foundation that shapes how she approaches information security at a firm whose advisory work on M&A, restructuring, and capital markets demands the highest standards of confidentiality and operational integrity. She holds CISA and Certified Fiduciary and Risk Specialist designations.
The Investment Ecosystem Runs on Confidentiality
The firms and platforms in this feature exist to help clients make consequential financial decisions, and the information that flows through their systems, pending deals, restructuring plans, research that moves markets, and capital allocation strategies, is among the most sensitive in any industry. A security failure is not just a data breach. It is a breach of the fundamental trust that clients place in institutions they rely on at the most consequential moments in their financial lives. The leaders in this feature build their programs with that reality at the center, because in investment banking and financial advisory, confidentiality is not a compliance requirement. It is the product itself.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.