Home / Banking Strategies / InfoSec superstars: How three women broke barriers in banking and security

InfoSec superstars: How three women broke barriers in banking and security


Editor’s note: In the first of a two-part series, BAI Banking Strategies Online retraces the steps taken by three female InfoSec executives that led to industry success.

When it comes to shattering glass ceilings across all business sectors, the glass remains thick—too thick in some places—and the track record hasn’t always been consistent or successful, with the banking industry and information security still lacking female power players.

Yet several women have distinguished themselves as rising stars and leaders in the competitive and fast-growing niche of IT security within the banking industry. Importance-wise, the achievements of these female professionals reach far beyond gender breakthrough: It’s about what they deliver through their efforts and achievements in financial IT security, and financial services in general.

Take Amy Brady, chief information officer for KeyCorp, who joined the Cleveland, Ohio regional from Bank of America Corp. in 2012. “I’m certainly not someone who grew up dreaming of a career in information security or, even more broadly, a career in technology,” says Brady, who oversees an annual budget of more than $600 million and 4500 employees.

In fact, Brady notes: “I was a music and psychology major in college and never would’ve thought I’d one day be CIO of a major financial institution.” For the first dozen years of her career, Brady worked on the business side of banking where, as she points out, “all the jobs were about people, personal interactions and paper—and only a few were related to technology.”

At that time, “We had technology specialists on staff doing work that very few fully understood, while rest of us did the best we could to adapt to the changes taking place,” Brady recalls. But as time went on, the industry began to introduce new technology to improve service and efficiency in all areas of the business.”

“I knew,” Brady says, “that I had to change my viewpoint on technology, to get out in front of it rather than merely coping with it, and to fully understand the opportunities it could bring.” And so she did; the forward-thinking Brady led an innovation team in 2000 that not only put her at the forefront on an industry trend, but cast her as a leader among females in the industry.

“I realized how technology was going to dramatically change our industry and that I wanted to be a part of creating and shaping that change,” she says. “With that tipping point, I immersed myself in technology and have never looked back.”

Like Brady, Shelbi Rombout, didn’t choose either banking or InfoSec as her initial career. She began in network engineering, working for a company that during her time there began to outsource more of its tech work.

“I made the move to project management,” says Rombout, who today serves as deputy chief information security officer for MasterCard of Purchase, N.Y. “While I liked it, it wasn’t where I wanted to be; security had always been an interest of mine, even when I was on the tech side. And, I could see that’s where our industry was heading.”

In a most prescient move, Rombout leapt to full-time security consulting in the early 2000s and from there, assumed InfoSec roles at Bank of America and U.S. Bancorp before moving to Mastercard.

Other times, getting into that coveted leadership spot means starting in the right place, but practicing patience—lots of patience.

Viviane Stover had worked in information security since 1997, largely the within manufacturing, telecommunications and energy sectors, before landing as an InfoSec manager at the $3.5 billion-asset Five Star Bank of Rochester, N.Y. in May. Stover was drawn not just by the myriad opportunities for an experienced InfoSec professional in financial services, but also the progressive stance of the industry.

“The regulations of this industry are dramatically more robust, the level of security is better and the consequences are of a much greater weight,” says Stover. Her InfoSec group is separated out from under IT to function as its own separate group—putting closer to the C-suite. “It makes the security here much more established and gives me lots of leverage to be taken more seriously… There’s always that struggle of security not being easily understood.”

In part two: What happens when smart women tackle tough InfoSec challenges

Karen Epper Hoffman has been writing about banking and technology issues for nearly a quarter of a century for publications including American Banker, Bloomberg Businessweek and Financial Times’ The Banker. She has also spoken and moderated panels at industry conferences. She lives in Olympia, Wash.