Prof. Hernan Huwyler, MBA, CPA, CAIO

• Leading enterprise-wide AI risk and control initiatives, integrating machine learning, predictive models, and advanced analytics to enhance operational resilience and regulatory compliance.
• Directing AI Governance initiatives, conducting feasibility studies, and implementing AI-driven Quantitative Risk models for fraud detection, regulatory reporting, and cybersecurity threat identification.
• Managing full project lifecycles, from AI risk modeling and Digital Compliance assessments to strategic deployment, ensuring regulatory alignment and business value realization.
• Conducting digital transformation and AI Governance projects, optimizing business processes to enhance risk mitigation, model interpretability, and auditability.
• Advising senior executives on AI Governance, Responsible AI, algorithmic accountability, and Quantitative Risk decision frameworks, providing data-driven insights for Digital Compliance and operational risk management.
• Leading AI risk assessments and controls implementation, ensuring adherence to EU AI Act, NIS 2, GDPR, SOX, FCPA, and DORA while leveraging machine learning explainability techniques.
• Designing and executing Algorithmic Auditing programs, incorporating AI bias detection, adversarial testing, and model risk validation using Python, TensorFlow, PyTorch, and Scikit-learn.
• Implementing GRC frameworks aligned with ISO/IEC 42001, COSO, and NIST AI RMF, ensuring robust Algorithmic Auditing and regulatory compliance.
• Deploying AI threat models based on NIST 800-53, MITRE ATT&CK, Microsoft STRIDE, and Google DREAD to proactively identify vulnerabilities across AI systems.
• Developing AI cost-benefit analysis and Quantitative Risk-adjusted ROI models to optimize AI investment strategies and mitigate financial exposure.
• Founded and led the Applied AI Lab (RIOT), an internal acceleration program developing AI Governance methodologies and Responsible AI playbooks for Fortune 500 clients across life sciences, defense, telecom, and energy.

• Promoting corporate sustainability, ethical leadership, Responsible AI, Digital Compliance, and enterprise risk management through executive education programs.
• Director, Advanced Program in Compliance (2016+): GRC frameworks, ISO 37001, ISO 19600, OCEG, compliance & reputation risks, KRIs, data privacy, AI Governance.
• Professor at Universidad Complutense de Madrid, UNIR, Comillas Pontifical University/ICADE, and CEF — teaching AI Governance, Responsible AI, GRC, Algorithmic Auditing, and Digital Compliance in masters programs.
• Keynote speaker and workshop leader at industry forums on AI Governance, Responsible AI, Quantitative Risk, cyber risk, privacy, and Algorithmic Auditing.
• Chairman, Compliance Day 2016 (iiR Spain). Co-host, C5 Forum Anti-Corruption Spain 2016.
• Speaker at The Institute of Internal Auditors (IIA) and ISACA on fraud mitigation, corporate criminal liability, and AI assurance.
• Certified Chief AI Officer (CAIO) program lead and instructor — Copenhagen Compliance / Information Security Institute.

• Led cross-functional teams to identify, assess, and quantify risks across AI, software development, finance, operations, compliance, cybersecurity, and revenue.
• Designed, evaluated, and backtested Quantitative Risk models for decision-making processes using Python, R, Monte Carlo simulation, and ISO 31000/23894/42001.
• Drove Digital Compliance with EU AI Act, GDPR, FCPA, OFAC, CCPA, export controls, anti-trust, software licenses, and data ethics requirements.
• Managed Algorithmic Auditing and control readiness programs to certify SOX controls, information security, privacy, and AI software development processes.
• Implemented Responsible AI governance ensuring confidentiality, integrity, and availability of AI computer vision and video analytics solutions.
• Prevented losses and incidents through root-cause analysis, risk awareness promotion, and GRC framework implementation.
• Resolved all external audit observations. Promoted enterprise-wide risk culture as a strategic business partner.

Milestone Systems, part of Canon, is the world's largest provider of AI computer vision and video management software.

• Led and coached risk, internal control, and compliance specialists across the bank's IT organization.
• Established and maintained a cyber risk and control program protecting bank-wide IT systems and information assets.
• Assessed information security, cybersecurity, cloud services, and IT risks against ISO 27001, 27002, 27017, 27701, NIST 800-53, PCI DSS, COBIT, and EBA/FSI regulatory requirements.
• Delivered ongoing training and cyber risk maturity development. Reported risks and audit observations to senior leadership.

• Piloted centralized due diligence processes to comply with EBA outsourcing guidelines. Managed Digital Compliance across suppliers, outsourcers, and third parties.
• Led a team of senior compliance, risk, and privacy experts. Designed GRC processes for regulatory requirements including GDPR and FSB guidance.

Danske Bank is the largest bank in Denmark and the second largest across the Nordics, serving 3.3 million customers.

• Established the GRC Center of Excellence in risk management, internal controls, and compliance in collaboration with Deloitte Denmark.
• Implemented ISO 31000-aligned risk frameworks, governance policies, and self-assessment processes serving Fortune Global 500 clients.
• Enabled enterprise-wide risk awareness, compliance monitoring, and Digital Compliance across 120 countries with nearly 500,000 employees.

• Led a portfolio of GRC, risk advisory, and Digital Compliance consultancy projects across Deloitte North West Europe.
• Managed engagements in business process transformation, operational risk assessment, compliance audits, GDPR, SOX, cybersecurity governance, and third-party compliance for energy, pharma, banking, and manufacturing clients.

• Directed GRC frameworks for 80+ subsidiaries across Iberia and Latin America. Led a team of 14 risk and audit specialists.
• Implemented Quantitative Risk modeling, control self-assessments, and risk taxonomies under ISO 31000, COSO, COBIT, GDPR, and SOX standards. Library of 800+ risks and KRIs.
• Coordinated training for internal auditors and control specialists across the global organization.

Veolia: global leader in energy, water, and waste management — 220,000 employees in 45 countries.

• Developed comprehensive compliance assurance programs aligned with SEC, FCPA, SOX, GAAP, IFRS, and OFAC requirements.
• Engineered automated alerting systems reducing manual review efforts by 25%. Enhanced SAP GRC data utilization with MicroStrategy BI integration.

• Managed SOX §404 compliance audits and financial reviews at worldwide locations. Conducted SAP controls audits and process re-engineering.
• Won the Baker Hughes Core Value Award (Gold) for improving audit methodology.

• Mitigated market, credit, and operational risks for crude oil trading, reducing past-due items by 60% in one year.
• Designed risk monitoring, early warning systems, and automated controls for the finance and control migration.

• Performed SOX, risk, operational, and IT controls audits. Evaluated business process controls and technology risk.
• Directed engagement teams for financial and control audits across multiple industries including financial services and energy.