CISO FSI Singapore schedule

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

With the rapidly changing and often turbulent landscape of the digital world, the combination of multiple bad actors has led to a higher complexity of digital risks especially within the financial sector. The amalgamation of 5G high speed connectivity, AI, IOT and quantum computing have exposed new vulnerabilities in the industry, mine rich in two things that influence the way the world turns – money and data.

Join us for a comprehensive deep dive into the digital storm, balancing the agility needed to combat this emerging threat.

• Shifting from reactive to proactive offensive tactics by leveraging shared and coordinated efforts amongst CISOs across industries
  
  
• Breaking the silos to foster cross-industry cyber-collaboration
  
  
• Creating community and united front to maintain cybersecurity as a ‘shared responsibility’

Moderator
Jenny Tan Immediate Past President ISACA Singapore Chapter

Panellists
Ts. Prasad Jayabalan Head of Cybersecurity Strategy and Architecture Axiata Group

Frankie Shuai APAC CISO Global Asset Management Organization

Henry Ong Senior Manager of Security Engineering – APJ Tenable

In today’s fast-paced financial service industry, AI adoption is transforming how we operate, bringing both innovation and risk. As departments implement AI solutions without governance, Shadow AI emerges. In this talk, we’ll explore the challenges striking a balance between speed and security, managing Shadow AI, and the emotional responses individuals and organization face when navigating technological change.

Join us to discover strategies for combatting Shadow AI while driving innovation and learn how industry standards and future AI advancements will shape the next phase of adoption. 

• Proactive vs Reactive Security: Which Approach Best Protects Against Vulnerabilities?
  
  
• Beyond Compliance: Policy Driven vs Paper Exercise
  
  
• Security: A Business Accelerator or a Roadblock? Striking the Right Balance for Financial Institutions
  
  
• Turning Awareness into Action: Leveraging Automation for Stronger Cybersecurity

Traditional vulnerability management approaches often fail due to slow remediation cycles, fragmented toolsets, and a lack of real-time visibility across endpoints. The result? A growing backlog of exploitable vulnerabilities that threat actors are ready to weaponise.

In this session, we’ll explore:

• Why patching delays are leaving financial institutions exposed and how attackers exploit this gap.
• How real-time visibility into every endpoint is critical for proactive security and compliance.
• The role of prioritised remediation in reducing risk without disrupting business operations.
• Why a unified approach to vulnerability remediation and compliance is the key to staying ahead of threats.

This discussion will provide actionable strategies for accelerating remediation, improving endpoint resilience, and reducing the risk of costly security breaches.

• Looking into regulatory issues in the usage of blockchain applications, including 3^rd party licensing, and safeguarding customer assets
• Exploring potential new applications and protocols in the ecosystem such as tokenisation of real-world assets, stablecoin insurance etc
• Showcasing the tools and measures to mitigate cyber-risk for developers including audits and smart contracts

• Evaluating build, buy, and leverage strategies using a one-way or two-way door approach.
• Embedding secure-by-design principles to strengthen banking infrastructure.
• Implementing shiproom, continuous compliance, and security processes as enablers, not blockers.
• Driving awareness through phishing simulations, rewarding secure behaviours and tracking key effectiveness metrics.
• Ensuring safe integration of cloud identity platforms and Secure GenAI in banking operations.

As financial institutions race to embrace AI and combat increasingly sophisticated cyber threats, there's a critical vulnerability hiding in plain sight: the fragmenting DevSecOps toolchain itself.

This isn't just another tool consolidation story – it's a wake-up call about how the very infrastructure meant to secure our financial systems might be our biggest vulnerability. This session reveals how leading FSIs are transforming their security posture and development velocity by consolidating fragmented toolchains into a unified, AI-powered platform.

Drawing from real-world implementations with some of the largest financial institutions in the world, we'll explore:

• How disconnected security tools and inconsistent entitlement models create hidden vulnerabilities in your delivery pipeline
• Why traditional multi-tool DevSecOps approaches are incompatible with modern AI-driven security requirements
• How platform consolidation enables faster deployments while strengthening their security controls
• Practical strategies for unifying security governance across the entire software delivery lifecycle

• Explore how higher maturity levels in cybersecurity frameworks are influencing underwriting decisions and how insurers and banks can align their risk management strategies to meet market demands
  
  
• Examine how banks assess and mitigate cybersecurity risks through tailored insurance products, balancing coverage and costs
  
  
• Discuss the growing importance of cybersecurity insurance in the banking sector as a key component of risk management strategies

Moderator
Zhou Zhihao Vice President ISC2 Singapore Chapter

Panellist
Kok Yew Toh Vice President Audit and Regulatory Nomura

Andrew Mahoney Head of Financial Institutions, Financial Services & Professions Group - Asia AON

• Prior to starting the AI pilots, how are APAC FSIs conducting detailed threat modelling assignments.
   
• Best practices in LLM code security and establishing a SBOM (Software Bill of Materials) of the LLM packages being deployed.
  
  
• Reviewing cloud landing zone configurations and endpoint security controls to ensure proper monitoring of LLM model installations for malicious activity
  
  
• How APAC BFSI organisations are already automating security and their use of LLMs in agile software development.

• Addressing challenges in digital currencies and cross-border transactions with next-generation technologies.
  
  
• Lead strategies that combat sophisticated threats within banking
  
  
• Discussing the central role of CISOs in shaping an organizational approach and fraud prevention

Moderator
Tobias Klingel Head of Information Security Aspire App

Panellists

Shebani Baweja CISO, Consumer, Private, Wealth & Business Banking Standard Chartered

Dr. Kawin Boonyapredee Chief Strategy Officer – APAC Applied Quantum

Picklu Paul Senior Engineering Leader - Cybersecurity Grab

• Ensuring emerging technologies align with long-term business outcomes, not short-term fixes.
  
  
• Navigating regulatory pressures while staying agile and competitive in a fast-evolving digital economy.
  
  
• Identifying and prioritising technology investments that deliver lasting value and resilience in a volatile threat landscape.
  
  
• Building a tech strategy that secures buy-in from leadership by connecting cybersecurity, innovation, and business growth.

The Financial Services industry is firmly putting enhancing cyber resilience at the heart of regulations and guidelines being rolled out globally. Examples include the MAS Technology and Risk Management Guidelines, EU DORA and Japan FSA Cybersecurity Guidelines. All of these accept the inevitability of cyber-attacks, and prioritise the ability to contain their impact, something that segmentation is essential for. In this session you will:

• Understand why prevention is becoming economically unviable and containment is realistic
• See how a Zero Trust strategy delivers better resilience
• Learn why segmentation is the key capability that makes this possible

• • Explore how AI and machine learning can enhance detection accuracy, reduce false positives, and improve overall efficiency in identifying suspicious transactions
    
    
  • Examining how AI can monitor high-volume, low-value transactions in real time, especially in digital wallets and cryptocurrency platforms
    
    
  • Discovering potential challenges in integrating AI into existing legacy AML and fraud systems within financial institutions

• Prioritising zero-trust security models and continuous monitoring to enhance safety across public cloud environments
  
  
• Challenges associated with 3^rd party cloud providers and preparing strong SLAs (service-level agreements), robust security controls and clear shared responsibility models for risk management
  
  
• Highlighting response strategies for cloud-based disaster recovery
  
  
• Ensuring business continuity in the event of security breaches and data losses within cloud environments

• Explore strategies to address limited budgets, talent shortages, and rising cyber threats in financial services.
  
  
• Practical tips for meeting stringent regulations without overextending resources.
  
  
• Leverage partnerships, affordable tech, and a security-first culture to stay competitive.

• Proactively closing the gap between traditional cyber-training programs and FSI specific needs such as forensic capabilities and threat intelligence
  
  
• Driving hardline initiatives to appeal cybersecurity roles to professionals while training current employees to meet new challenges
  
  
• Dissolving present challenges with new investments in technology and education for organisational and academic transformation.

Moderator

Neha Agarwal Vice-President, Technology Audit Citi

Panellists
Jannem Yong Senior Vice President, Head of IT Security SBI Digital Markets 

Abbas Kudrati Chief Identity Security Advisor – APAC Silverfort

Sourabh Chitrachar Regional VP (APAC) – Technology Strategy & Ops Liberty International Insurance APAC Retail

Anshul Johri Group CTO Validus

• Supply Chain's "Weakest Link": Lessons from Traceability for FSI.
  Vulnerabilities in one part of the chain can cause cascading failures, and there is a need for accountability and transparency in the flow of data—supply chain or across systems and services in FSIs.
  
  
• AI’s "Black Box": Designing for Trust and Transparency.
  Deploying systems that are effective, explainable, repeatable, and “trustworthy.” Showcasing the importance of designing AI systems to meet regulatory expectations on cybersecurity, avoiding common pitfalls that should not be overlooked.
  
  
• When AI Fails: Why Resilience is Non-Negotiable. Like any other system, AI systems can fail. Ensuring concepts of business continuity and disaster recovery are pertinent. Emphasising resilience against bad actors as well as failures, their monitoring and resolutions.