Scott Corzine
Senior Managing Director

Cybersecurity Strategy, Risk Management, & Operational Resilience

Scott Corzine is a Senior Managing Director at Ankura where he advises risk, compliance, legal, and audit officers and board committees on operational risk and resilience, specializing in cybersecurity compliance, assessments, technical testing, strategy, and maturity road maps. Most recently, Scott has focused his consulting and advisory work on crisis management governance frameworks, and on the cybersecurity, business continuity, disaster recovery, and emergency management tools that well-prepared and resilient organizations should have in place. He is based in New York.

  • Experience

    Scott has extensive experience in providing operational risk and resilience services, strategies and management frameworks to a broad portfolio of private, public and education sector clients around their governance, risk and compliance initiatives and supporting their response to disruptions and crises. He understands the complex but practical relationship among cybersecurity, operational downtime, organizational resilience and sustaining long-term organizational reputation through confidence in leadership and oversight decision-making, governance and management.

    He is a trusted advisor to officers and board committees with oversight and fiduciary responsibilities for their organizations’ regulatory compliance, cybersecurity and crisis preparedness, organization, governance and strategy. His consulting is often performed as work product directed by legal counsel under privilege.

    Scott has led large teams of information security and data governance experts in assessing gaps in the cybersecurity programs of Fortune 500 and mid-market insurance companies and banks against the New York State Department of Financial Services’ new cybersecurity regulation, 23 NYCRR Part 500. This team is conducting expert risk and gaps analyses, developing aggressive compliance strategies and roadmaps through this continuous process regulation, and guiding implementation of clients’ cybersecurity programs. Services include identifying high functioning candidates for the role of Chief Information Security Officer, and advising on program governance.

    In other regulated industries, Scott has led teams that have performed HIPAA Security and Privacy Rule assessments and gap analyses, provided compliance roadmaps, and validated remediation efforts for leading clinical and teaching healthcare facilities, electronic patient record providers, consulting and law firms. His teams have conducted readiness assessments for clients facing audits from the Office of Civil Rights of the Department of Health and Human Services. They have conducted Payment Card Industry security assessments and examined the security and fraud controls used by global retailers and ecommerce companies, comparing them to industry best practices.

    Scott has provided advisory services for leading credit rating agencies around the cybersecurity threat to “backbone” systems of elements of critical national infrastructure, and how system compromise could cascade through member institutions and create widespread impact. Scott’s specialized teams have been asked by utilities and transportation authorities and airports to conduct cybersecurity risk assessments of their industrial control systems (ICS), business continuity programs, and approach to enterprise risk management.

    Global telecommunications, retail, multi-system operator, manufacturing, mining, call center, pharmaceutical, hospitality/gaming, food products and technology companies have engaged Scott to conduct ISO 27002 cybersecurity assessments, cybersecurity industry benchmarking, and business continuity program analyses, and to develop improved operational resilience strategies and crisis management governance frameworks.

    In the federal government sector, Scott has been Principal Investigator on two research teams engaged by the Airport Cooperative Research Program of the Transportation Research Board of The National Academy of Sciences, and by the Federal Emergency Management Agency. The ACRP teams studied and reported on resilience issues in the US airport sector and developed custom software products to assist airports in developing their business continuity and emergency management plans. For FEMA, Scott led a team that developed continuity of operations planning curricula and facilitated business recovery workshops in FEMA Regions I, II and III, and for New York State Division of Homeland Security and Emergency Services.

    In the education sector, Scott has led teams that have been engaged by numerous universities, colleges and large public school systems to review their safety, security and emergency management programs, staffing and training, develop effective new crisis management plans, provide training and tabletop exercises, and build continuity of operation plans. After the Newtown school massacre in 2012, Scott provided expert testimony on school violence to the Joint School Safety Subcommittee of the School Safety Task Force of the Connecticut Legislature and the Higher Education & Employment Advancement Committee.

    Over his 40-year career, Scott has been managing director at FTI Consulting, senior vice president and co-founder of Risk Solutions International; president and chief executive officer of Design2Launch Inc.; and principal of Strategic Alternatives LLC, a consultancy with engagements in wireless and online services, network optimization, storage technology, gaming, and voice authentication biometrics. Scott led the services division of InteliData Technologies Corporation, and was vice president of sales and marketing for the music division of Broadcast Data Systems. At Prodigy Services, Scott headed the merchandise division that pioneered online applications for over 65 major retailers, catalogs, and direct marketing companies. He was vice president at CUC International, developing new channels of revenue for banks and credit card companies, and before that, he began his career in the apparel fabrics and fashion division at WestPoint Pepperell.

  • News & events
    • 2017 CLM & Business Insurance Cyber Summit 2017, 10/6/2017, “Unique Cyber Risks & Coverage Challenges from the Industrial Internet of Things (IIOT),” New York, NY, with John Farley, Joshua Gold, Grace Crickette, and Joseph Weiss
    • American Gas Association Risk Management Committee Conference, 7/17/2017, “Risk Management Considerations Around Cybersecurity of Industrial Control Systems,” Vancouver, BC, Canada, with Joshua Gold
    • Transportation Research Board for The National Academies of Sciences, Engineering, and Medicine, 6/20/2017, “Business Continuity Planning for Disruptions at Airports,” New York NY, with Cathyrn Stephens and Amiy Varma
    • Thompson Reuters Seminars, 4/25/2017, “New DFS Cybersecurity Regulation: What You Need to Know,” with Richard Borden, and Daniel Garrie
    • RIMS Annual Conference, 4/24/2017, “Director and Officers Liabilities for Cyber Claims through D & O Insurance Policies,” with Joshua Gold
    • Midwest Contingency Planners Conference, 9/2016, “Practical Steps to Cybersecurity Resilience,” Indianapolis, IN
    • ICS Cybersecurity Conference, 10/25/2016, “Risk Management & Insurance Implications of ICS Cybersecurity Incidents,” Atlanta, GA
    • National Association of Actuaries & Consultants’ Working Group, 10/26/2016, “Cybersecurity Considerations for Pension Fund Third Party Administrators,” Washington, DC
    • Brokerslink Conference, 3/2015, “Cybersecurity Risk in Latin American Enterprises,” Miami, FL
    • Business Insurance Cyber Risk Management Summit, 9/2015, “Risk Management Considerations in Cybersecurity Planning,” San Francisco, CA
    • Anderson Kill Annual Policyholder Advisory Conference, 10/2015, “Information Security Imperatives,” New York, NY
    • Phoenix RIMS Chapter Luncheon, 10/2015, “Cybersecurity Resilience,” Phoenix, AZ
    • AIDA Reinsurance and Insurance Arbitration Society Annual Conference, 11/2015, “Insurance Claims Issues Ripe for Arbitration,” New York, NY
    • Transportation Research Board, 1/2015, “ACRP 03-18 Impact on Airport Operational Continuity,” Washington, DC


  • Insights & innovation
    • “Going Beyond Cybersecurity Compliance: What Power & Utility Companies Really Need to Consider,” IEEE Power & Energy Magazine, 9-10/2016, with Ellen Smith, Joseph Weiss, Don Racey, Patrick Dunne
    • “Quiz: How Vulnerable is the Power Grid to Cyber Attack?,” FTI Journal, 7/2016, with Ellen Smith
    • “Regulatory and Market Imperatives Place Cyber Security High on Carrier Agendas,” Carrier Management Magazine, 3/2015
    • “Cybersecurity: An Advisory Opportunity for the Legal Profession,” New York State Bar Association, 2015 and 2017
    • “The Cybersecurity Imperative for Higher Education,” University Risk Management and Insurance Association, 2015, with Duane Lohn
    • “Damage from Data Breaches in the Retail Sector is Diminishing But Progress is a Mixed Bag,” FTI Consulting, Inc., 2015
    • “Why Underwriters Should Require Business Continuity Plans From Insureds,” Carrier Management, 11/2014
  • In the community

    • New York Rescue Mission
    • Fresh Air Fund
    • The Doe Fund
    • Wounded Warrior Project