Back to All Events

Reporting to the Board

  • Corizon Health 103 Powell Court Brentwood, TN, 37027 (map)

Join the Middle Tennessee Chapter of (ISC)2 for a panel discussion about reporting Security/Risk and overall strategy to the Board of Directors from a group that does it on a regular basis.  This discussion will be moderated by our own Nathan Wright.

Meet the Panelists

Greg Schaffer

With over 25 years of experience, Greg is a seasoned information technology and security executive proficient in information security planning and project management, information security risk assessment and mitigation, technical writing, policy and standards creation and implementation, and disaster recovery and business continuity. Currently, Greg is responsible for all aspects of information security risk management for FirstBank, the third largest Tennessee-headquartered bank. Greg’s previous information security executive roles include serving as Chief Information Security Officer for the Metropolitan Government of Nashville and Davidson County and as AVP Network and IT Security at Middle Tennessee State University.

Greg is active in the security and risk management communities and currently serves on the Board of Directors for the Middle Tennessee Risk Management Association. Previous security community leadership roles include FS-ISAC Community Council co-chair, Middle Tennessee ISSA chapter board member, and chair of the Tennessee CISO Roundtable. He holds a Master's degree in Information Systems Project Management from Middle Tennessee State University, a Bachelor of Science degree in Mechanical Engineering from the University at Buffalo, and the CISSP certification.

Clayton Weber

Clayton has more than 20 years of experience in Banking, Conversions/Acquisitions, Information Security, Risk and Technology. Clayton began his career in working as a bank proof specialist for First Commerce Technologies out of Lincoln, NE, which was later purchased by Computer Services Inc (CSI) out of Paducah, KY. In the years to follow Clayton gained a deep knowledge of all aspects of banking while holding numerous roles within those companies which included Customer Service Representative, Conversions and Implementations Specialist, Information Systems Manager and Account Manager. Since moving to Tennessee 6 years ago, Clayton has also held banking positions overseeing Information Security and Risk Management for local banks and currently serves as the Chief Information Officer at CapStar Bank in Nashville, TN. In his current role Clayton is responsible for strategic technology planning, business continuity, IT risk management, overall IT governance, information security, all IT infrastructure and applications, as well as management and administration of CapStar’s information Technology providers.


Gina Pruitt

Gina is the Member-in-Charge of Risk Assurance & Advisory Services with KraftCPAs. Her responsibilities include IT audit and consulting, risk management, internal audit, Sarbanes-Oxley audits, service organization control (SOC) reports, Payment Card Industry Data Security Standards (PCI DSS) compliance, network security assessments, and network vulnerability assessments.

Gina also oversees regulatory testing related to IT controls for more than 30 banks, which includes Sarbanes-Oxley testing, and attestation services for approximately 20 service organization control (SOC) engagements. She is also a National SOC Peer Reviewer for the American Institute of Certified Public Accountants (AICPA).

Gina has more than 30 years of experience. She spent 10 years in Big 4 public accounting as the partner in charge of the Nashville practice of enterprise risk services (ERS) with Deloitte & Touche. In addition, she was the Southeast Regional Director for Internal Audit Services. In this role, Gina was the Director of Internal Audit for a $1 billion retail organization. She was responsible for performing the annual internal audit risk assessment, developing the annual internal audit plan, hiring and managing more than 40 staff members, and developing and presenting audit reports to the Audit Committee and Board of Directors. Annual audits consisted of financial, operational, IT, and fully-integrated audits.

Gina also managed various procedures for all internal audit clients in the Southeast Region of Deloitte & Touche. Clients included the world's largest tire and rubber manufacturer with more than 50 plants and $2.5 billion in annual revenue as well as a nationwide restaurant and retail chain with more than 600 locations and $2.6 billion in annual revenue.

While at Deloitte, Gina was also the National Healthcare Industry Partner for ERS where she led the development of a National Healthcare Compliance consulting practice, a National NCQA Certified HEDIS consulting practice, and a National HIPAA Assessment and Implementation consulting practice.