Virtual Council

Amna Awan is the Head of Security Risk Management within the Global Information Security organization. Her team has responsibility for security governance, risk, and compliance including: customer trust, third party risk, global policies, standards, ISO 27001, PCI-DSS, CMMC Level 2, SOX ITGC, security awareness training, cyber risk quantification, metrics, risk management and reporting.

Al Yang is the CEO and Co-founder of SafeBase, a Trust Center and AI-powered Questionnaire Automation platform designed to eliminate friction from the security review process. A Y Combinator alum, SafeBase has raised over $50 million from top-tier investors. Its 202 acquisition by Drata, a leading compliance automation platform, marks Al’s third successful exit. Based in San Francisco, Al is a proud father of two and an avid golfer. He is passionate about startups and actively mentors and advises emerging companies, drawing on his experience in building and scaling high-growth businesses.

Dr. Sergio E. Sanchez brings more than two decades of passion and expertise to his role as Chief Information Services Officer for a nonprofit organization in the USA. In his day‑to‑day, Sergio partners with end users and staff across the country (and even into Europe and the Caribbean!) to ensure everyone can focus on the work that matters most—serving others—while the technology hums along smoothly and securely behind the scenes. Before joining that organization, Sergio wore many hats in healthcare and tech. He helped keep hospitals safe from cyber threats, streamlined life‑science operations so critical systems never missed a beat, and even spent time at Apple, where he led teams of friendly “Geniuses” who solved customer problems with a smile. Early in his journey, he built and supported video games and infrastructure at a well‑known studio, proving that no challenge was too big or too playful. Sergio’s academic path is just as rich: he earned his medical doctor’s degree in Mexico City, then went on to Columbia University for a master’s in computer science. He’s also a lifelong learner with certifications ranging from cloud computing to data privacy—and he genuinely loves cracking open a new puzzle, whether it’s a technical problem at work or a DIY 3D‑printing project in his garage. Outside the office, you’ll often find him coaching youth soccer, sharing scuba‑diving adventures as a certified instructor, or practicing his Italian over a plate of pasta. Fluent in English and Spanish (and happily muddling through French and Portuguese), Sergio believes the best solutions come when people connect heart to heart—and keyboard to screen.

Bank of America Corporation is a multinational investment bank and financial services company. offering personal, business, and wealth management services. The company is headquartered in Charlotte, North Carolina.

Matt has been focused on IT Security Architecture at Northwell over 4 years……He also has experience with: vendor negotiations & purchasing, web application design, help desk management, network / database / VPN design & management. Northwell manages over 800 care locations in New York state including 3800 physicians and over 78000 employees.

Mr. Swope brings over 20 years of experience in IT Project Management, BI Solutions Development, IT Security, IT Controls (CoBIT, SOX 404/MAR, etc) IT Risk Management, and HealthCare Compliance, to both the public and private sectors. His focus is on identifying gaps relating to key IT security processes and the implementation of IS Security and Risk Management programs to Health Care, Pharmaceutical and various commercial clients. Has a proven track record of delivering the following: • Interpreting and applying 21 CFR Part 11, GLP, GMP, GCP, and QSR regulations • MDM and Data Governance • Identity Access Management • HIPAA Risk Assessments and GAP analysis • Information Assurance Program Management - SCRUM, AGILE, SDLC, Six Sigma • Implemented large security, risk and compliance initiatives of SOX-404 IT, HIPAA/HITECH, including security policies, procedures and controls. • "Big Data", Data Management and Health Care Data Analytics • Federal Information Security Management Act (FISMA) Compliance Reviews • Implemented the security standards - 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule He has supported these Information Assurance and IS Security initiatives for organizations that include: Excellus BCBS, Medimmune/Astra Zeneca, ENDO Pharmaceuticals, Novo Nordisk, Daiichi-Sankyo Solutions, Catalent Pharma Solutions, Johnson and Johnson, District of Columbia Government office of the Chief Financial Officer, District of Columbia Water and Sewer Authority, City of Richmond, Virginia Department of Public Utilities, Virginia State Department of Health, and the Kentucky Department of Health Services, as well as the U.S. Department of Labor.

NewYork-Presbyterian is one of the nation’s most comprehensive, integrated academic healthcare systems, dedicated to providing the highest quality, most compassionate care and service to patients in the New York metropolitan area, nationally, and around the world. In collaboration with two renowned medical schools, Weill Cornell Medicine and Columbia University Vagelos College of Physicians and Surgeons, NewYork-Presbyterian is consistently recognized as a leader in innovative, patient-centered clinical care, research and medical education. Steve is the Senior Architect/SME in various Microsoft Technologies and has over 20 years’ experience managing and designing email systems and directory services. Steve has multiple advanced certifications and over 16 years’ experience training system engineers in multiple Microsoft technologies. Managed, designed, and migrated Exchange systems with 10+ servers in multiple locations.