The Securities and Exchange Commission (SEC) announced June 2 that Christopher R. Hetner will become senior advisor to the chair for cybersecurity policy, and will serve as a senior advisor to SEC Chair Mary Jo White on all cybersecurity policy matters.
In his new role, Hetner will be responsible for coordinating efforts across the agency to address cybersecurity policy, engaging with external stakeholders and further enhancing the SEC’s mechanisms for assessing broad-based market risk.
Hetner is the current cybersecurity lead for the Technology Control Program within the SEC’s Office of Compliance Inspections and Examinations (OCIE), where he coordinates cybersecurity efforts across OCIE and advises on enforcement matters. He joined the SEC in January 2015.
“Cyberattacks are a constant threat to our markets,” White said. “With the cyber field steadily evolving and expanding, it is imperative we continue to enhance our coordinated approach to cybersecurity policy across the SEC and engage at the highest levels with market participants and governmental bodies concerning the latest developments in this area. We are very fortunate that Chris will take on this important role where he will apply his expertise and decades of experience in information security.”
Hetner has more than 20 years of experience in information security and technology. He joined the SEC from Ernst and Young (EY) where, from November 2012 to January 2015, he led the Wealth and Asset Management Sector Cybersecurity practice. At EY, his team advised and delivered cybersecurity and risk management capabilities across major clients.
Prior to joining EY, he was the chief information security officer (CISO) at GE Capital where he was responsible for the global cybersecurity program. He worked at GE from July 2008 to October 2012 and before that, he implemented information security and regulatory compliance programs for Citigroup’s Institutional Client Group global business and technology units.
Hetner holds industry-leading certifications including the CISSP (Certified Information Systems Security Professional), NSA INFOSEC (National Security Agency Information Security) Assessment Certification and CISM (Certified Information Security Manager).