Kathy Kayton

Cyber Strategy, Governance & 2LoD Leadership

• Co-led the development of DTCC’s Cyber Security Risk Reimagined strategy, and contributed to the CSRO Roadshow, effectively articulating updates to the evolving 2LoD operating model, credible challenge methodology, and Board-level metrics roadmap.
• Key role in designing and implementing the CSRO Target Operating Model, overseeing RAACI mapping, governance documentation, credible challenge procedures, and coordinating a multi-phase buildout in collaboration with an external consulting firm.
• Co-authored core policy documents, including the Cyber Security Policy, governance documentation framework, CSRO Book of Work, and operational model standards.

Executive Reporting & Cyber Transparency

• Developed and implemented the Bi-Weekly Status Insight program, providing comprehensive executive-level reporting on over 49 cyber initiatives.
• Delivered more than 41 board-aligned summaries, enhancing visibility into the organization’s cybersecurity posture, operational status, and risk trends.
• Authored reporting template, step-by-step guide, classification rules, and quality-control framework to ensure accurate, consistent, trendable reporting for senior leadership.

Enterprise Risk, Controls & Resilience Programs

• Developed the CRI-to-Budget Mapping Framework, embedding governance expectations into investment decisions, and ensuring CRI-aligned budget traceability across CSRO initiatives.
• Designed and launched the DTCC Exchange for Cyber, a central hub for cybersecurity communications, training, and governance documentation—enhancing transparency and enterprise risk awareness.

Innovation, Culture & Organizational Enablement

• Established TheHub, DTCC's digital innovation and collaboration platform, and introduced the Challenge the Status Quo program, enabling grassroots innovation, developing recognition models, submission templates, and integrating feedback loops that strengthened enterprise processes.
• Co-created the CSRO Insights & Improvement Center (CIIC), centralizing lessons learned, process improvements, and cross-functional engagement.
• Co-created 'Meet Moe'—a behavioral storytelling mechanism used in roadshows to translate risk governance behaviors into relatable, real-world examples.

Regulatory & Policy Management

• Reviewed and updated quarterly CCAS/PFMI disclosures relating to operational risk, service provider oversight, and governance responsibilities under SEC 17ad-22 and 17ad-25.
• Established cybersecurity policy and standards review cycles aligned to SEC, FFIEC, PFMI, and NYDFS 500 requirements.

Associate Director, Security Program Governance of functions focused on improving cybersecurity by enforcing strong risk controls, maintaining compliance, security policy updates, annual risk assessments, designing security services, standard alignment (CRI Profile, NIST CSF), and automated GRC risk management.

Senior Technology Risk Analyst with functions focused on leading, coordinating, and executing comprehensive cybersecurity assessments and remediation initiatives, including vendor management, cross-departmental collaboration, regulatory compliance mapping, and effectively communicating cybersecurity objectives and strategies to internal and external stakeholders.

Sr. GRC and Security (Consultant) of functions focused on delivering expert Governance, Risk, and Compliance (GRC) advisory services, conducting risk and security assessments, and supporting clients in achieving regulatory and security objectives across major frameworks.

Sr. ITGC (Consultant) of functions focused on leading and enhancing IT security audit processes, ensuring consistent compliance with industry standards such as SOC 2, NCUA, and PCI. This involves conducting thorough audits, developing tools to monitor compliance, and collaborating with external auditors to strengthen risk management and internal controls.

Process Management & Release Manager of functions focused on optimizing and overseeing process management and release activities across development, testing, and production environments, driving operational efficiency, transparency, and strategic alignment by managing cross-functional teams, resolving system and reporting challenges, and implementing robust processes that enhanced quality, reduced risk, and delivered significant organizational impact.

Audit Manager of functions focused on leading and overseeing all aspects of the audit program, ensuring the effective planning, execution, and completion of multiple audits, and special projects. This includes managing audit staff, conducting risk assessments, guiding audit methodologies, and presenting strategic recommendations to executive leadership and the Board to support organizational governance and risk management.

Sr. IT Control Advisor of functions focused on leading and managing comprehensive audit and risk management programs across financial, operational, and IT domains—including planning and executing global audits, developing and implementing recommendations to enhance internal controls (such as over balance sheet disclosures, transfer pricing, cash management, and regulatory compliance), implementing and overseeing governance, risk, and compliance systems like Archer GRC, managing user access and reporting, and using a consultative approach to identify and mitigate business and technology risks, supporting regulatory compliance, internal control enhancement, process optimization, and the overall effectiveness and profitability of IT business processes.

IT Audit Consultant of functions focuses on leading comprehensive audit and risk management activities by documenting, assessing, and testing business processes and controls, overseeing system compliance with regulatory standards, executing audit programs, and leveraging data analytics to support organizational objectives in regulatory, financial, and operational domains.

IT Internal Audit Manager of functions focuses on the establishment and leadership of IT audit functions by strategically planning and executing risk-based audits, ensuring regulatory and contractual compliance across diverse business segments, managing and mentoring audit teams, and implementing frameworks and metrics to support organizational risk management and internal control objectives.