About Career Impact AI Portfolio Press Expertise Engage
Security, AI, & Technology Executive

Andrew
Heighington

Building trusted, resilient security and technology programs from the Pentagon to Wall Street and beyond.

US Department of Defense JPMorgan Chase Bank of America Covington & Burling
View My Work Get in Touch
Andrew Heighington
Scroll
Featured In

About

I'm a cybersecurity, AI and technology executive who has spent nearly two decades protecting some of America's most critical institutions. From creating a Congressionally-mandated cyber office at the Pentagon to securing $2.2 trillion in assets at JPMorgan, I specialize in turning complex risk into decisions that protect revenue, reputation, and trust.

I combine technical depth with boardroom fluency—bridging strategy and execution across national security, global finance, enterprise technology, and Big Law.

National Security

DoD cyber strategy, interagency coordination with the White House, FBI, and DHS

Global Finance

Enterprise security at JPMorgan and Bank of America, serving 68M+ customers

Enterprise Technology

Scale-up CISO leadership, cloud transformation, and AI governance

Big Law

Cyber GRC at a $2B+ global law firm, serving Fortune 100 clients across industries

Career Journey

Nearly two decades of impact across America's most critical institutions

Chapter 01 2009–2016

National Security

United States Department of Defense

Executive Director, Office of the Principal Cyber Advisor • Special Assistant

Created the Congressionally-mandated Office of the Principal Cyber Advisor
Lead author of the United States' first-ever National Prevention Framework
White House, DOJ, FBI, DHS, Secret Service coordination
Secretary of Defense Medal for Exceptional Public Service
Chapter 02 2016–2022

Global Finance

JPMorgan Chase & Co. • Bank of America

VP, Information Security Risk Lead • VP, Global Data Control Officer • SVP, Sr. Business Information Security Officer

Built the first data control function integrating cyber, data governance, and records JPMC
Advised leadership on cybersecurity strategy and risks BofA
Streamlined security processes to deliver more to the business, faster JPMC & BofA
Asset and Wealth Management Application and Infrastructure Services Hall of Fame
Chapter 03 2022–2024

Scale-up CISO

Visit.org • EarthCam

CISO & Head of IT & Privacy • Chief Security Officer

SOC 2 Type II readiness in 3 months from zero Visit.org
Security rating from D to B in 3 months EarthCam
Improved security awareness by 65% EarthCam
50 CISOs to Watch in 2024
Chapter 04 2022–2024

Advisory

OneGuide • Cylero

Cybersecurity Advisor • Founder & CEO • Fractional CISO

Strategic security guidance to PE and VC-backed firms OneGuide
HIPAA-compliant security program for healthcare startup Cylero
Enabled $1M+ in sales for leading AI consulting firm Cylero
Chapter 05 2024–Present

Big Law

Covington & Burling LLP

Global Director of Cyber Governance, Risk, and Compliance

Architected Secure and Compliant Solution to Meet CMMC Requirements
Built GRC AI Agents to streamline workflows
Prepare regular cyber risk updates to management

Impact by the Numbers

0+ Audits successfully completed
$0M+ In annual revenue influenced
0K Endpoints secured globally
0M Customers protected
$0T Assets under management secured
0 mo Zero-to-SOC 2 Type II readiness

AI Portfolio

Ventures, writing, and tools translating two decades of experience into the AI era

Venture

Sovrain

AI Adoption Intelligence for Enterprises

Helps enterprise security teams keep pace with Claude changes. Detects, classifies, and translates every release into actionable governance guidance.

Visit Sovrain.io
Writing

Claude is not a SaaS App

LinkedIn · Original Analysis

Why governing Claude requires rethinking traditional SaaS risk frameworks and what security teams need to do differently to keep up.

Read on LinkedIn
Premium Claude Skill

Private Equity Cyber Due Diligence

Built on 20 years of experience

Guides an analyst or advisor through a structured buy-side cybersecurity due diligence assessment of a target company.

Request Access
Premium Claude Skill

AI Vendor Risk Assessment

Built on 20 years of experience

Guides an analyst or advisor through a structured vendor risk assessment of an AI tool, model, or platform.

Request Access

In the Press

Expert commentary on the cybersecurity events shaping policy and business

Change Healthcare Attack Raises Cash Concerns for Pharmacies

Analysis of the Change Healthcare breach's cascading impact on pharmacy cash flows and healthcare operations nationwide.

Read Article

What If The Scathing UnitedHealth Cyber Rebuke Was Yours?

Examining the boardroom implications of major cyber incidents and executive accountability.

Read Article

Clorox Cyberattack Brings Early Test of New SEC Cyber Rules

Commentary on how the Clorox incident tested the SEC's new cybersecurity disclosure requirements.

Read Article

How Companies Describe Cyber Incidents in SEC Filings

Expert insight on how organizations are navigating SEC cybersecurity incident disclosure requirements and shaping public narratives.

Read Article

Areas of Expertise

Cyber GRC & Compliance

ISO 27001SOC 2PCI DSSCMMCNIST 800-171Training and Awareness

AI Risk Management & Governance

NIST AI RMFResponsible AIModel RiskAI Security

Data Protection & Privacy

Data GovernanceHIPAAEnterprise DLPData Controls

Executive Risk Advisory

Board CommunicationRisk AppetiteCISO Advisory

Third-Party & Supply Chain Risk

TPRMVendor AssessmentOperational Resilience

Incident Response & Crisis Management

Ransomware PlaybooksTabletop ExercisesBusiness Continuity

How I Engage

Speaking, advisory, and board level engagements on a selective basis.

Speaking & Keynotes

I speak on cybersecurity strategy, AI risk, and digital resilience at conferences, executive panels, and industry forums.

Connect

Advisory & Consulting

My background spans GRC program design, AI governance, and security strategy with particular focus on growth-stage to enterprise companies navigating complex risk environments.

Connect

Board & Investor Advisory

Experience supporting boards and investment firms on security governance, cyber risk literacy, and technology due diligence.

Connect