Jamie Norton — Global CISO and Non-Executive Director Biography

Jamie Norton

Global CISO  ·  Non-Executive Director  ·  AI Governance Expert
Keynote Speaker  ·  Media Commentator

NACD.DC GAICD FGIA CPA   CISSP CISM CISA CGEIT CIPM
Overview

Jamie Norton is a global cybersecurity executive and board director with extensive experience navigating complex technology and governance challenges at the highest institutional levels. He has served as Chief Information Security Officer (CISO) at three globally consequential organisations — the Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO), and the World Health Organization (WHO).

Currently serving as Vice Chair of the ISACA Global Board of Directors (since 2025), Jamie sits at the centre of the global digital trust and AI governance agenda. He brings a rare combination of deep subject-matter expertise and board-level governance discipline, holding the NACD.DC, GAICD, and FGIA credentials alongside a full cyber, AI and privacy certification stack — CISSP, CISM, CISA, CGEIT, and CIPM. This is backed by formative undergraduate studies in Technology — Artificial Intelligence, Software Engineering and Computer Science — and Commerce (Accounting) from the Australian National University. He has studied postgraduate and executive courses at Monash Business School, Harvard Business School and Imperial College, London — alongside qualifications from the Australian Institute of Company Directors, National Association of Corporate Directors and Certified Practising Accountants (Australia).

As technology accelerates — from the pervasive integration of AI in boardrooms, to the looming reality of geopolitical tension, Frontier-AI, and post-quantum cryptography — organisations face an unprecedented volume of risk. Jamie's goal is to ensure that critical global institutions do not merely survive these shifts, but build enduring resilience and public trust. The organisations navigating AI adoption most effectively are not necessarily the best resourced; they are the ones with clear governance structures, well-tested strategic risk appetite, and leadership that prioritises innovation as vital to delivering meaningful value.

Board & Governance Positions
  • 2024 – 2026
    Vice Chair, Global Board of Directors
    Director
    ISACA
    Committees: Executive, Audit and Risk, Innovation, Compensation
  • Current
    Advisory Board Member
    Crisis Commanded (Crisis Simulation Platform)
  • Former
    Advisory Board Member
    Avertro (cybersecurity startup)
  • Former
    Board Member
    Retail Concept (eCommerce & Bricks and Mortar)

In his board capacities, Jamie leverages his insights from a career in AI, technology and cyber security leadership, combined with a decade of business development experience in commercial leadership roles. His governance approach prioritises strategic risk appetite, ensuring organisations embrace and manage risk effectively in the pursuit of innovation and strategic advantage.

Career
  • 2025 – Present
    Chief Information Security Officer
    Australian Securities and Investments Commission (ASIC), Australia
  • 2021 – 2025
    Partner, Technology and Cyber
    McGrathNicol Advisory, Australia
  • 2018 – 2021
    Chief Information Security Officer
    Australian Taxation Office (ATO), Australia
  • Earlier
    CISO, Senior Advisory & Technology Roles
    World Health Organization · NEC Australia · Check Point
Ventures & Commercial Activities

Complementing his institutional and regulatory leadership, Jamie remains closely engaged with the entrepreneurial technology ecosystem. He previously served on the Advisory Board of Avertro, a cybersecurity start-up dedicated to enabling informed, data-driven decisions about organizational cyber resilience. He also holds an advisory role with Crisis Commanded, an innovative crisis simulation platform.

Areas of Expertise

Jamie's advisory and operational work spans cybersecurity governance, AI risk management, geopolitical threat analysis, and board-level risk reporting. He is an Enterprise Risk Management expert with extensive experience and advocacy across a range of frameworks, including the NIST Cybersecurity Framework (CSF 2.0), the NIST AI Risk Management Framework (AI RMF), and ISO/IEC 27001 & 27002.

Selected Media & Publications

Jamie's perspectives on systemic governance and technology risk are regularly cited across premier global outlets. He has been featured by the BBC, Australian Broadcasting Corporation (ABC), the Australian Financial Review (AFR), and the Qantas Inflight Magazine.

His authored insights specialize in translating complex technical realities into actionable boardroom strategy. Key publications include extensive commentary in CSO Online ("What CISOs Need to Land a Board Role"), deep-dives into the implications of AI on compliance for Information Age ("Australian Privacy Teams Shrink as AI Risks Explode"), and foresight analyses for Management.co.nz covering the looming business risks of quantum computing. He has also contributed to AICD Company Director regarding directors staying ahead of robust data compliance conditions.

Speaking Engagements

A highly sought-after public speaker, Jamie frequently delivers impactful presentations regarding geopolitical cyber risks, AI safety, and organizational resilience. Notable engagements include an address on sovereign cyber capabilities and threat sharing at the National Press Club of Australia, and media panels at the RSA Conference. He maintains a busy schedule keynoting major industry events, such as ISACA Conferences and the Gartner Security & Risk Management Summit.

Governance & Academic Credentials
Director Governance NACD.DC, GAICD, FGIA
Security & Privacy CISSP, CISM, CISA, CGEIT, CIPM
Academic BIT (AI, Software Engineering) & BCommerce (Accounting) — Australian National University
Back to jamienorton.net