Scott Corzine is a Senior Managing Director at Ankura where he advises risk, compliance, legal, and audit officers and board committees on operational risk and resilience, specializing in cybersecurity compliance, assessments, technical testing, strategy, and maturity road maps. Most recently, Scott has focused his consulting and advisory work on crisis management governance frameworks, and on the cybersecurity, business continuity, disaster recovery, and emergency management tools that well-prepared and resilient organizations should have in place. He is based in New York.
Scott has extensive experience in providing operational risk and resilience services, strategies and management frameworks to a broad portfolio of private, public and education sector clients around their governance, risk and compliance initiatives and supporting their response to disruptions and crises. He understands the complex but practical relationship among cybersecurity, operational downtime, organizational resilience and sustaining long-term organizational reputation through confidence in leadership and oversight decision-making, governance and management.
He is a trusted advisor to officers and board committees with oversight and fiduciary responsibilities for their organizations’ regulatory compliance, cybersecurity and crisis preparedness, organization, governance and strategy. His consulting is often performed as work product directed by legal counsel under privilege.
Scott has led large teams of information security and data governance experts in assessing gaps in the cybersecurity programs of Fortune 500 and mid-market insurance companies and banks against the New York State Department of Financial Services’ new cybersecurity regulation, 23 NYCRR Part 500. This team is conducting expert risk and gaps analyses, developing aggressive compliance strategies and roadmaps through this continuous process regulation, and guiding implementation of clients’ cybersecurity programs. Services include identifying high functioning candidates for the role of Chief Information Security Officer, and advising on program governance.
In other regulated industries, Scott has led teams that have performed HIPAA Security and Privacy Rule assessments and gap analyses, provided compliance roadmaps, and validated remediation efforts for leading clinical and teaching healthcare facilities, electronic patient record providers, consulting and law firms. His teams have conducted readiness assessments for clients facing audits from the Office of Civil Rights of the Department of Health and Human Services. They have conducted Payment Card Industry security assessments and examined the security and fraud controls used by global retailers and ecommerce companies, comparing them to industry best practices.
Scott has provided advisory services for leading credit rating agencies around the cybersecurity threat to “backbone” systems of elements of critical national infrastructure, and how system compromise could cascade through member institutions and create widespread impact. Scott’s specialized teams have been asked by utilities and transportation authorities and airports to conduct cybersecurity risk assessments of their industrial control systems (ICS), business continuity programs, and approach to enterprise risk management.
Global telecommunications, retail, multi-system operator, manufacturing, mining, call center, pharmaceutical, hospitality/gaming, food products and technology companies have engaged Scott to conduct ISO 27002 cybersecurity assessments, cybersecurity industry benchmarking, and business continuity program analyses, and to develop improved operational resilience strategies and crisis management governance frameworks.
In the federal government sector, Scott has been Principal Investigator on two research teams engaged by the Airport Cooperative Research Program of the Transportation Research Board of The National Academy of Sciences, and by the Federal Emergency Management Agency. The ACRP teams studied and reported on resilience issues in the US airport sector and developed custom software products to assist airports in developing their business continuity and emergency management plans. For FEMA, Scott led a team that developed continuity of operations planning curricula and facilitated business recovery workshops in FEMA Regions I, II and III, and for New York State Division of Homeland Security and Emergency Services.
In the education sector, Scott has led teams that have been engaged by numerous universities, colleges and large public school systems to review their safety, security and emergency management programs, staffing and training, develop effective new crisis management plans, provide training and tabletop exercises, and build continuity of operation plans. After the Newtown school massacre in 2012, Scott provided expert testimony on school violence to the Joint School Safety Subcommittee of the School Safety Task Force of the Connecticut Legislature and the Higher Education & Employment Advancement Committee.
Over his 40-year career, Scott has been managing director at FTI Consulting, senior vice president and co-founder of Risk Solutions International; president and chief executive officer of Design2Launch Inc.; and principal of Strategic Alternatives LLC, a consultancy with engagements in wireless and online services, network optimization, storage technology, gaming, and voice authentication biometrics. Scott led the services division of InteliData Technologies Corporation, and was vice president of sales and marketing for the music division of Broadcast Data Systems. At Prodigy Services, Scott headed the merchandise division that pioneered online applications for over 65 major retailers, catalogs, and direct marketing companies. He was vice president at CUC International, developing new channels of revenue for banks and credit card companies, and before that, he began his career in the apparel fabrics and fashion division at WestPoint Pepperell.