Gartner Expert

Claude Mandy

Sr Director Analyst

Claude Mandy is a Senior Director Analyst responsible for covering a variety of topics across security, risk management and privacy, focusing primarily on what are the building blocks of successful programs, including strategy, governance, staffing/talent management and organisational design and communication. He brings firsthand experience of building information security, risk management and privacy advisory programs with global scope.

Previous experience

Prior to joining Gartner, Mr. Mandy was the global Chief Information Security Officer at QBE Insurance - one of the world's top 20 general insurance and reinsurance companies with operations in all the key insurance markets, where he was responsible for building and transforming QBE's information security function globally.

Prior to QBE, MR. Mandy held a number of senior risk and security leadership roles at the Commonwealth Bank of Australia, Australia's leading provider of integrated financial services which is widely recognized for its technology leadership and banking innovation. He also spent five years at KPMG in Namibia and South Africa.

Professional background

Five Consulting

Founder and Principal Consultant

QBE Insurance Group

Global Chief Information Security Officers

Commonwealth Bank of Australia

Executive Manager - Information Security Governance

Areas of coverage

Security and Risk Management Leaders

Cybersecurity and IT Risk


Bachelor of Accounting Science, University of South Africa

Cybersecurity: The Intersection of Policy and Technology, Harvard Kennedy School Executive Education

Diploma of Financial Risk Management, Commonwealth Bank of Australia RTO

Read More Read Less

Top Issues That I Help Clients Address

1Developing robust business focused cybersecurity strategies to improve cyber maturity and performance

2Embedding defensible security governance including accessible security policies, insightful executive reporting and meaningful metrics

3Helping embed cybersecurity awareness and improve security related culture across the organization

4Preparing effective response plans for security incidents

5Implementing an effective cyber & IT risk management program