Thomas Luick

Tom is a Managing Director with more than 23 years of experience helping clients in the insurance and banking industries solve technology, compliance, and risk management challenges. Tom is a member of our Technology Consulting Solution leadership team, a DEI champion for our Chicago office, and an advocate for education in the community.

Tom's principal areas of practice include helping clients realise and protect value by transforming their technology risk management and governance functions and implementing leading practice regulatory compliance programs.

MAJOR PROJECTS

• Leads engagements to help clients optimise IT operations, processes, and governance across cyber security, privacy, and IT risk management domains. Develops and implements leading practice strategies to improve IT process capability maturity.
• Helps clients mature cyber and privacy programs by building or improving policies, processes, and capabilities, and implementing supporting solutions. Service areas include helping clients develop capabilities across identity and credential management, privileged account management, role governance and access management, and align with privacy leading practices.
• Assists organisations achieve compliance with privacy and cyber security regulations including identifying compliance gaps, developing remediation plans, and implementing people / process / technology changes.
• Led the modernisation of the IT risk management and compliance function of a Fortune 100 financial services company including the developing the IT risk assessment function, vendor risk management function, state cybersecurity compliance program, and IT control testing capability. Additionally, led the development of the privacy compliance program of a Fortune 100 financial services company including compliance with GDPR and CCPA requirements and the implementation of OneTrust.
• Led advisory services related to a $450MM digital transformation program at a global insurance organisation to modernise core systems and achieve operational cost savings. Specific responsibilities include providing leading practice recommendations to improve the planning and execution of the program, providing guidance related to data governance and data conversion activities, meeting regularly with program leadership to understand key risks and issues, and meeting quarterly with the organisation’s executive management team to advise on emerging implementation program risks.

Areas of Expertise

• IT Risk Management and Governance
• Cyber, Privacy, and IT Regulatory Compliance
• IT Strategy

Education

• BS, Management Information Systems, University of Iowa
• Masters of Science in Finance, DePaul University