Paul Mee

Partner, Americas Cyber Lead
Oliver Wyman

Paul is a partner in the Digital, Technology, Operations, & Analytics practice. For over 20 years, Paul has consulted on a wide range of Cyber related areas, including Op Risk, IT Strategy, Operations & Governance, Cyber/Information Security and large-scale change management. Paul has specialist subject matter expertise in risk related data, IT architecture, and operations management, and is a member of the IIF Risk & Regulatory Affairs working group.


Relevant project experience

• For a major international firm based in the US, directed the cyber compliance and controls program aimed at ensuring the bank meets it obligations to manage and mitigate its cyber risks, consistent with policy and regulatory requirements across multiple lines of business
• For a Federal Reserve Bank, led a broad and deep assessment and risk review of their Cybersecurity program. The results of the assessment were used to shape a three-year investment program for cyber related change and uplift
• For SWIFT, directed the development and design of Counterparty Cyber Risk Management framework to enable members to determine their risk appetite and associated controls when dealing with counterparties based on 27 cyber preparedness criteria
• For a major US Airline, directed an end-to-end review of operational risk and technical risk across passenger interaction channels which highlighted the need for revamped controls, improved third party mgmt arrangements, and enhanced incident response governance
• For the US division of a major international bank, led a strategic technology and operations risk assessment across the Three Lines of Defense, IT architecture, IT services, third parties, and Information Security / Cyber operating model resulting in the design and launch of major uplift and change program
• For a leading retail affluent brokerage, led the assessment of the IT Risk and Information Security operating model, articulation of the target state Three Lines of Defense model, and the development of a Board-level cyber risk reporting framework and dashboard
• For a top-3 European bank, conducted a strategic review of the risk architecture status and plans across all business units and risk classes to determine where the bank had gaps and governance challenges, and where aspects of the risk capabilities investment schedule needed to be rebalanced or supplemented
• For the Saudi Arabian FS Supervisor, led an IT Op Risk and Security review providing guidance, benchmarks, and subject-matter-expertise input regarding current status and the change agenda needed to mitigate a broad array of risks from Cybersecurity to premises to third party risk management


Other relevant credentials

• Paul is the co-author of “Deploying a Cyber Risk Strategy: Five Key Moves Beyond Regulatory Compliance”, “Embedding Cyber Defences Where They Matter”, Cyber Risks That Hide In Plain Sight” and The Equifax Breach and its implications
• Paul studied Computer Science at Hertfordshire University, UK, and later Corporate Finance and Business Administration at Kellogg Business School, Chicago