After a national search, Amy R. Steagall has been selected as Stanford University’s Chief Information Security Officer. She begins her new assignment effective September 16, 2022.
As Chief Information Security Officer (CISO), Amy will provide the overall direction and priorities for information security programs, including policy development, awareness, annual security assessments, vendor risk evaluation, risk mitigation, network traffic analysis, and regulatory compliance. She will also work with academic, business, and technology leaders across the university to assess and manage risks while balancing security strategies with other institutional priorities.
Amy joined Stanford in 2020 after she retired from the United States Air Force with 25 years of distinguished and honorable service. Throughout her career, she has led large organizations and teams in information asset management, risk and vulnerability management, strategic disaster recovery plans, audit and compliance, security awareness, and training. She holds a bachelor of science in cybersecurity management and policy from University of Maryland. She has served as Acting CISO since May 2022.
Most recently, Amy has been leading the Information Security Office (ISO) team in its efforts to protect Stanford’s computing and information assets and to comply with information-related laws, regulations, and policies.
“This is a complex role that brings together information security leaders from academic units, SLAC, and Stanford Medicine in a commitment to best practices in information security that balance mission, risk, and compliance expectations,” said Raina Rose Tagle, Senior Associate Vice President and Chief Risk Officer.
Reporting to the Chief Information Officer with a dotted line reporting relationship to the Chief Risk Officer, Amy will lead the CISO Council, and serve as a member of the University IT Leadership Team, the senior staff of the Office of the Chief Risk Officer, the university’s CIO Council, and the Stanford Privacy Governance Council.
“We are delighted that Amy has accepted this role leading information security strategy and operations for Stanford,” said Steve Gallagher, Chief Information Officer. “We are grateful for her deep experience, enthusiasm, and leadership as we embark upon a new era of information security and risk management at Stanford.”