2VP Enterprise Risk Management
Audrey Mydosh currently serves as the 2VP Enterprise Risk Management for Nassau Re, responsible for Operational Risk including oversight of Business Resiliency, Cybersecurity and Third-Party Risk Management. Her path to this role was anything but a straight shot up the corporate ladder. There were many twists and turns (and sometimes backtracking), but she firmly believes each opportunity led to the next and landed her exactly where she should be.
Audrey joined Nassau from Voya Financial where she served as the Head of IT Risk Management providing leadership, management and strategy for all aspects of IT Operational Risk Management, IT Audit Response, Issue Management and IT GRC. Prior to Voya, Audrey spent 10 years at MetLife where she filled several roles, including heading up the Risk Assessment, Vulnerability Testing, Corporate Policy, and Operational Risk Management areas. She was responsible for executing those programs globally across a diverse international team spanning 46 countries and more than 70,000 employees. In addition, Audrey spent over 5 years managing various compliance efforts, including Sarbanes Oxley, HIPAA and PCI. Her earliest entry into the IT world came while managing Compliance at a New York brokerage firm. She was asked to build an IT “Business Office” establishing vendor management, purchasing, contract and asset management programs. The earliest part of Audrey’s career was spent in the private practice of law.
Audrey’s is dedicated to “bringing risk management into daily life” and focuses on understanding the threat and vulnerability landscape, applying the right level of controls, and determining action based on a clear set of business priorities. She is a passionate teacher of how to weigh the cost, benefits and impact of risk management and has driven each company she has worked with to incorporate these principles into its culture. She also believes that the best way to professionally get ahead, is to, sometimes, move sideways.
Audrey completed her undergraduate studies at the State University of New York at Albany and her Juris Doctor at Albany Law School. She is a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and Certified in the Governance of Enterprise IT (CGEIT).