Manish is currently the Head of Application Security, Data Protection & Security Consulting for Royal Bank of Canada Manish is the former Canadian Chief Information Risk officer, Head of Global Merchant Cyber Security Investigations and PCI Compliance for JP Morgan Chase. His responsibilities included management of the IT Risk posture in Canada for the firm, global head of merchant breach investigations, merchant PCI compliance, and merchant service provider registration. Manish sat on the Payment Processing Information Sharing Council of the FS-ISAC representing the firm externally on the unique risk of being both an acquirer and issuer of credit cards. Prior to joining JPMC, Manish was the head of the IT Security function for TJX Companies responsible for IT Risk Assessments, Policy Administration, Security Project Management office, Identity Management, Security Administration, the Security Operations Center and Security Engineering. Manish is a self motivated and effective technical leader with strong business and regulatory acumen, large budget and team management expertise, excellent interpersonal, communication, written, and presentation skills. He is an accomplished Information Security leader with nearly 20 years of results-oriented experience in the fields of IT Security and Privacy Consulting, Data Protection, Forensic investigations, Fraud Detection, & IT Audit and holds a number of technical certifications including Certified Information Systems Security Professional (CISSP), EC-Council C|CISO & Forensic Technology Encase Certified Examiner (ENCE).

Head of Application Security, Data Protection & Security Consulting @ Office of the CISO • Deliver leadership around enterprise change relating to application security, data protection & security consultancy • Provide coverage as the designated delegate of the CISO • Build cultural awareness around the risks of cyber security losses that transcend the traditional, very technical approaches of the past From March 2015 to Present (10 months) Toronto, Canada AreaSenior Director, Cyber Security and Resilience @ Industry Cyber Security leadership for Technology, Communications, Entertainment & Media, Retail & Consumer, and Transportation & Logistics (TCRC) verticals • Deliver leadership around the go to market strategies for Cyber related services within TCRC From September 2014 to March 2015 (7 months) Toronto, Canada AreaExecutive Director, Information Risk Management @ Head of Canadian IT Security Risk Management, & Global Merchant Investigations and Compliance • Lead Cyber Security investigations involving firm's third party merchant and service provider base • Responsible for IT risk across Canada, accountable for providing governance, guidance and independent oversight of business units and functional groups • Establish security governance framework by developing IT Risk strategy, assessment methodology, executive level risk committees and implementing oversight methods to minimize security risks • Lead merchant services investigations and PCI compliance globally • Firm representative on FS-ISAC PPISC (Payment Processing Information Sharing Council) to support the firm mandate around information security as it relates to the laws and regulation in this space • Lead Canadian incident response related to data breaches, inappropriate access and misconduct From June 2012 to September 2014 (2 years 4 months) Toronto, Canada AreaAVP, IT Security Director @ •Head of the IT Security function including Risk Assessments, Policy Administration, Security Project Management office, Identity Management, Security Administration, Global Security Operations Center and Security Engineering •Define and manage an IT Security capital and expense budget of approximately $20M USD •Member of Executive IT Management •In charge of setting strategy for IT Security across company and member of Information Management Steering Committee •Lead team (FTE/FTC) of upwards of 60 towards common goal of improved risk posture •Define vision and strategy for global information security program aligned to business priorities •Outline and deliver organizational roadmap to establish skills gaps and recruitment of top talent •Represent IT Security to external regulators (PCI, FTC, and SOX) and defend risk posture •Offer programmatic and process focused response to IT Security risks •Communicate and evangelize IT Security program throughout business via metrics dashboard, and in person presentation •Manage regulatory requirements from SOX, HIPAA, CTPAT, Data Privacy and the FTC •Deliver effective incident response program in a highly sensitive post data breach environment •Direct Enterprise role based Identity Management program with centralized Security administration through use of IBM Tivoli Identity Manager •Define Threat and Vulnerability Management program to both quantify and assist in remediation of IT Security Risks From June 2010 to July 2012 (2 years 2 months) Greater Boston AreaManager, Information Security @ Led the overall direction and development of risk management strategies that guided identification, quantification, and mitigation of information systems risks and vulnerabilities for the firm. • Held ultimate responsibility on information security program for the firm. • Defined and managed a $2.5 million dollar budget allocated to security risk mitigation. • Performed detailed analysis on the firm’s information systems to ensure adequate security measures were in place. • Identified data protection goals and provided recommendations to reduce the firm’s risk profile. • Developed and implemented information security standards providing protection of personally identifiable data based on US (including Mass Data Privacy, FTC Red Flag and Gramm Leach Bliley), EU Privacy & DPA regulations. • Partnered with IS Controls in support of external audits from regulatory bodies such as SEC, OCC, & FINRA, large clients such as Vanguard, and vendors. • Partnered with Disaster Recovery and Business Continuity Planning groups to build resilient highly available architectures and provide work at alternate site and home solutions. • Performed vendor management due diligence on all high priority 3rd party firms. • Chaired regular information security roundtables on a variety of technology risk management issues. • Developed and managed implementation of encryption standards for TLS, SSL, and PKI digital certificate process in support of business requirements of low impact security solutions that allow for transfer of confidential data with ease. • Produced a Training and Awareness program overseeing content, distribution, and certification in support of business requirement of minimizing confidential data loss. • Delivered Information Security strategy to highest levels of senior management including members of the executive committee for budget allocation to the IS Security program. • Presented program requirements in support of OCC, SAS70, and SEC external audits From November 2007 to June 2009 (1 year 8 months) Greater Boston AreaDirector, Forensic Technology @ Led the Boston Forensic Fraud Detection Technology service line through the development of evidence handling, chain of custody, lab security requirements, and staff mentorship. • Built the Boston office Forensic Technology lab and service line for KPMG. • Led teams of 10-15 managers and staff in the investigation of fraudulent activities (network intrusion incidents, phish email scams), as well as computer forensic engagements, HIPAA readiness assessments, and electronic discovery events for the financial services and healthcare industries. • Partnered with IT Audit in the response to a NASD3110/3010 violation for a gap assessment of the information security and electronic communications retention policies of one of the largest investment management companies. • Oversaw the program development of a Computer Emergency Response Team for a financial services firm as it related to network intrusion, phish email compromise, and associated incident response. • Developed and managed the budget for the Boston Forensic Technology investigation team. • Managed utilization metrics, time reporting, and skill growth of technology investigation staff. • Interfaced with senior management of financial services firms to convey technical matters in a business impact sense. From September 2006 to November 2007 (1 year 3 months) Greater Boston AreaManager, Security Services @ Led security attack and penetration, network vulnerability assessment, IT Controls and ISO 17779 security policy design, analysis, testing, risk assessment, incident response program development, and privacy remediation for Fortune 100 financial services clients. • Supervised teams of 15-20 staff during several network vulnerability assessments, penetration tests, computer forensic, and electronic discovery investigations for healthcare, financial services companies, and litigation support firms. • Managed multi-year large staff application risk assessment and remediation project for a $50 million dollar centralized financial transaction system. • Led engagement to implement encryption standards for a PKI digital certificate process, tape backup, and SSLVPN. • Conducted HIPAA and PCI readiness assessments, acted as Information Security expert for Sarbanes Oxley 404 General Computing Controls audit testing and helped define agreeable processes, issues, and controls with client control performers. • Supported retail/pharmaceutical firm on risk mitigation for HHS – HIPAA Privacy to avoid noncompliance penalties. • Managed and conducted large scale computer crime investigations involving forensics tools. Conducted data, email, and network traffic analysis to aid in computer forensic investigations. • Ran engagements involving Disaster Recovery, Business Continuity, and Pandemic planning. From May 2002 to September 2006 (4 years 5 months) Greater New York City AreaSystems Engineer @ Led data security team in analyzing and implementing security solutions and policies for clients. • Gathered requirements, installed, and configured Enterasys and Cisco routers, switches, Checkpoint firewalls, Dragon Intrusion Detection, encrypted VPNs, wireless, and network management software From August 1999 to April 2002 (2 years 9 months) Greater Philadelphia AreaSystems Engineer @ Provided advanced technical analysis and research to design, implement, and support client-specific solutions that required a high degree of customized and secure system integration. • Secured Reuter’s data servers on customer premise via services configuration and firewalls From March 1998 to August 1999 (1 year 6 months) Greater New York City AreaSystems Engineer @ Provided Tier 2 support to corporate clients involving complex networking and systems design. • Developed Microsoft specific solutions for corporate clients involving Windows Server and Exchange platforms From July 1995 to March 1998 (2 years 9 months) Toronto, Canada Area

B.A.Sc., Computer Engineering @ University of Toronto From 1991 to 1995 Manish Khera is skilled in: IT Audit, Security, CISSP, Risk Assessment, Vulnerability Management, Privacy, Data Privacy, HIPAA, GLBA, SOX, Computer Forensics, Risk Management, Compliance, Compliance Management, IT Governance