Jamie Norton - Global CISO and Cyber Governance Expert
NACD.DC GAICD FGIA

Jamie Norton

CISA CISM CISSP CGEIT CIPM
Global CISO • Non-Executive Director • Cyber Governance Expert

I bridge the gap between cybersecurity, AI governance and corporate boardroom strategy. My focus is establishing the resilient AI governance frameworks required to secure critical institutions through 2030 and beyond.

For enquiries about prospective board roles or speaking engagement requests, please contact me via the Engage button below

Connect on LinkedIn ExecAtlas Board Profile Engage
Featured In
BBC NEWS Qantas ABC Australian Financial Review RSA Conference Company Director
The Perspective

"As we face escalating cyber threats and rapid developments in AI and technology, the role of our profession has never been more vital."

As technology accelerates, from the pervasive integration of AI in boardrooms expected by 2027, to the looming reality of geopolitical tension, Frontier-AI and post-quantum cryptography, organizations face an unprecedented volume of risk. My goal is to ensure that critical global institutions do not merely survive these events, but build enduring resilience and public trust.

Over a 25-year career that began in Defence intelligence, I have navigated complex global threat landscapes. I have served as the Chief Information Security Officer (CISO) for three of the world’s most consequential organizations: the Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO), and the World Health Organization (WHO).

This breadth shapes how I engage at board level. The organisations navigating AI adoption and emerging technology risk most effectively aren't necessarily the best resourced — they're the ones with clear governance structures, well-tested strategic risk appetite, and a leadership culture that prioritizes innovation as vital to delivering meaningful growth and value.

Keynotes & Advocacy

Speaking & Public Discourse

Delivering strategic foresight at the intersection of technology and corporate governance.

CSO Online

What CISOs Need to Land a Board Role

Jamie Norton discusses how security leaders can transition into Non-Executive Director roles by separating oversight from execution and learning the language of the boardroom.

Read Executive Advice
National Press Club of Australia

Threat Intelligence from the Front Lines

A national address on sovereign cyber capabilities, the shifting geopolitical threat landscape, and the necessity of public-private threat sharing.

Watch National Address
Company Director

How Directors Can Stay Ahead of Robust Data Compliance

Detailing the critical oversight responsibilities of contemporary directors in navigating evolving digital risks and AI governance.

Read Article
Mediaplanet

Layering AI Knowledge Into Existing Skill Sets

Insights on the necessity of integrating artificial intelligence fluency into the foundational skill sets of digital trust and cybersecurity professionals.

Read Commentary
Information Age

Australian Privacy Teams Shrink as AI Risks Explode

Addressing how falling budgets and rapid AI deployments are overwhelming privacy teams, elevating compliance into a critical boardroom governance issue.

Read Analysis
Management.co.nz

Quantum Computing: The Looming Business Risk Leaders Can't Ignore

As the capacity and accuracy of quantum computing increases, it threatens to upend the digital security foundations that support every modern business.

Read Feature
Audio & Broadcasting

Media & Podcasts

KBI
KBKAST Deep Dive

Quantum Computing Preparedness

In Episode 328, Jamie Norton and Rob Clyde break down the ISACA global survey on organizational quantum roadmaps and how cyber professionals must prepare for the post-quantum transition.

Listen on Apple
BoC
Business of Cyber

Discussing Security with a Non-Technical Audience

Drawing on his experience as CISO for the ATO and WHO, Jamie discusses strategies for presenting complex, highly-technical security concepts to non-technical executive audiences and boards.

Stream Episode
Strategic IP & Insights

Executive Perspectives

Original perspectives on systemic governance failures, organizational resilience, and leading through crisis.

Governance & Resilience

Improving Government Cyber Resilience by Challenging the Status Quo

An opinion piece featured in secureGOV chronicling the changing threat climate for government agencies and strategies to secure the digital communities of tomorrow.

 Board-Level Reporting

Cyber Governance Connective Tissue Still Missing at Board Level

Exploring the communication gap between technical operators and corporate directors, and why collective accountability is the most effective way to give security a voice at the board level.

 Strategic Focus

Sustainable Value Creation at the Board Level

Reflections on balancing oversight and governance priorities while fostering meaningful, sometimes robust, discussions among highly credentialed international directors.
Executive Strategy

Board Governance Frameworks

Translating cyber threats into quantifiable business risk in alignment with global regulatory and governance standards.

NIST Cybersecurity Framework (CSF 2.0)

Aligning the new 'Govern' function directly to corporate oversight, ensuring cyber risk is managed alongside financial and legal risk.

NIST AI Risk Management (AI RMF)

Establishing trustworthy AI adoption strategies for the enterprise, mapping generative AI capabilities against data privacy and compliance guardrails.

APRA CPS 234

Advising financial and regulated entities on maintaining information security capabilities commensurate with their specific vulnerabilities and threats.

ISO/IEC 27001 & 27002

Deploying internationally recognized best practices for Information Security Management Systems (ISMS) across complex, multi-jurisdictional organizations.