Skip to content
View hwyler's full-sized avatar

Block or report hwyler

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
hwyler/README.md

Prof. Hernan Huwyler, MBA, CPA, CAIO

AI GRC Director | AI Risk Manager | Quantitative Risk Lead

LinkedIn Blog WordPress Location

"I empower leaders in risk, compliance, and AI to drive business objectives through AI Governance, Digital Compliance, and Responsible AI in multinational companies."

With over two decades of global executive experience, I specialize in steering Fortune 500 organizations through the complexities of Ai and digital transformations. I bridge the gap between technical data science and corporate governance, ensuring that enterprise AI systems are ethical, legally compliant, and architected for maximum ROI.


Executive Speaking, Corporate Training & Expert Knowledge

I actively partner with global boards, event organizers, and multinational HR departments. I am available for executive advisory and speaking engagements across Europe and globally in the following areas:

  • Corporate Training: Upskilling Board Members and C-Suite Executives on the EU AI Act, DORA, and AI impact assessments.
  • Executive Speaking: Keynotes and panel discussions on Responsible AI, Algorithmic Auditing, and Data-Driven Digital Compliance.
  • Expert Advisory: Building bespoke AI Risk Management frameworks and quantitative risk models for financial, automotive, and pharmaceutical sectors.

Core Competencies and Technical Expertise

  • Executive Governance: AI Governance | GRC Frameworks | EU AI Act & NIS 2 Compliance | Responsible AI Strategy
  • Quantitative & Technical: Quantitative Risk Management | Algorithmic Auditing | Predictive Risk Models | AI Impact Assessments
  • AI & Data Stack: Python R TensorFlow PyTorch Scikit-learn XGBoost Monte Carlo Simulations
  • Enterprise Systems: SAP GRC SAP FiCo AWS DataBrew ServiceNow AI

High-Impact Executive Projects and Results

1. Enterprise AI Governance & Autonomous Systems Controls (Global Automotive)

  • Value Delivered: Engineered a group-wide AI Governance operating model and AI Risk Manager framework to ensure compliance with the EU AI Act and ISO/IEC 42001.
  • Technical Execution: Established Algorithmic Auditing protocols to evaluate third-party machine learning models for bias, security posture, and reliability, defining clear C-suite accountability across the AI lifecycle.

2. Quantitative Risk Modeling & AI Financial Exposure Validation (Financial Sector)

  • Value Delivered: Directed the design and backtesting of advanced Quantitative Risk models using Monte Carlo simulations to mathematically measure and mitigate the financial exposure of enterprise AI systems.
  • Technical Execution: Pioneered Algorithmic Auditing pipelines using Python (Scikit-learn, PyTorch) and R to systematically stress-test ML models for data drift, predictive degradation, and adversarial vulnerabilities.

3. ESG GRC Automation & Data Architecture Transformation (Oil & Gas)

  • Value Delivered: Directed a global Digital Compliance transformation, substantially reducing compliance costs and increasing data fidelity for board-level sustainability (ESG) disclosures.
  • Technical Execution: Applied Quantitative Risk modeling to validate environmental estimation methodologies, eliminating data discrepancies and mitigating the risk of regulatory fines for greenwashing.

Academic Leadership and Publications

As an Executive Education Director and Professor at IE Business School (Madrid), I promote corporate sustainability, ethical leadership, and advanced compliance methodologies.

Recent Publications & Research:

  1. AI Management Systems: An Operational Playbook for ROI-Positive and Responsible AI (2026) - Translating the binding requirements of the EU AI Act and NIST AI RMF into measurable engineering tasks.
  2. Standardized Threat Taxonomy for AI Security, Governance, and Regulatory Compliance (2025) - Bridging technical AI vulnerabilities with financial risk quantification.
  3. Quantitative Risk Assessment in R (2025) - An open-source convolutional framework utilizing Monte Carlo simulations for modeling uncertainty and reserves.

Training and Global Certifications

  • Chief Artificial Intelligence Officer (CAIO) - Copenhagen Compliance
  • Certified Information Systems Security Professional (CISSP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Quantitative Finance with R - Portfolio optimization and risk management

📫 Get in touch: Reach out via LinkedIn for technical inquiries, speaking opportunities, or executive training programs.

LinkedIn Blog WordPress Twitter Email Location

"I empower leaders in risk, compliance, and AI to drive business objectives through AI Governance, Digital Compliance, and Responsible AI in multinational companies."

With over two decades of global executive experience, I specialize in steering Fortune 500 organizations through the complexities of AI and digital transformations. I bridge the gap between technical data science and corporate governance, ensuring that enterprise AI systems are ethical, legally compliant, and architected for maximum risk-adjusted ROI. My expertise spans AI governance, quantitative risk management (ERM), AI risk impact assessments, predictive risk models, compliance assurance, process audits, and continuous improvement across technology, consultancy, energy, engineering, and financial services.


Executive Speaking, Corporate Training & Expert Knowledge

I actively partner with global boards, event organizers, and multinational HR departments. I am available for executive advisory, corporate training, and speaking engagements across Europe and globally in the following areas:

  • Corporate Training: Upskilling Board Members, Chief AI Officers, and C-Suite Executives on the EU AI Act, ISO 23894, ISO 42001, NIST AI RMF, DORA, and AI impact assessments.
  • Executive Speaking: Keynotes and panel discussions at forums hosted by The Institute of Internal Auditors (IIA), ISACA, and C5 on Responsible AI, Algorithmic Auditing, Quantitative Risk Modeling, and Data-Driven Digital Compliance.
  • Expert Advisory: Building bespoke AI Risk Management frameworks, conducting AI threat modeling (MITRE ATLAS, NIST 800-53, STRIDE), and developing quantitative risk models for financial, automotive, life sciences, and energy sectors.

Core Competencies and Technical Expertise

Domain Expertise & Skills
AI Governance & Risk AI Governance, Responsible AI, AI Risk Management, EU AI Act Compliance, NIS 2, ISO 23894, ISO 42001, NIST AI RMF, Model Risk Management, Algorithmic Auditing, AI Ethics, Bias Detection, Adversarial Testing, Generative AI Governance, AI Threat Modeling (MITRE ATLAS, STRIDE, DREAD)
Quantitative Risk Management Quantitative Risk Analysis, Enterprise Risk Management (ERM), Predictive Modeling, Monte Carlo Simulation (R/Python), Value at Risk (VaR), Stress Testing, Loss Exceedance Curves, Financial Exposure Modeling, Risk-Adjusted ROI, Quantitative Risk Assessment (QRA), Stochastic Modeling, Backtesting
Compliance & Internal Controls GRC (Governance, Risk, Compliance), SOX 404, FCPA, GDPR, ISO 37301, ISO 27001, ISO 27701, COSO Framework, Internal Controls, Process Audits, IT Governance (COBIT, ITIL), Third-Party Due Diligence, ESG Reporting & Data Controls, Data Privacy, Anti-Corruption, OFAC, Export Controls
Technical Enablers Python (TensorFlow, PyTorch, Scikit-learn, Keras, XGBoost), R (Quantitative Finance, Portfolio Optimization), SAP GRC, SAP FiCo, SAP MM, ERP Systems, SQL, AWS DataBrew, ServiceNow AI, Data Architecture, Process Automation, Business Intelligence (MicroStrategy)
Process Improvement Six Sigma, KPI Development, Data Migration, Continuous Improvement Initiatives, Lean Risk Methodologies, Business Process Optimization, Root Cause Analysis

Professional Experience

Capgemini | Sr. Manager, Business & Technology Transformation AI GRC | AI Lab Lead, AI Governance & AI Risk Manager

January 2025 - Present | Copenhagen Metropolitan Area

  • Leading enterprise-wide AI risk and control initiatives, integrating machine learning, predictive models, and advanced analytics to enhance operational resilience and regulatory compliance.
  • Directing AI initiatives, conducting feasibility studies, and implementing AI-driven risk quantification models for fraud detection, regulatory reporting, and cybersecurity threat identification.
  • Managing full project lifecycles, from AI risk modeling and compliance assessments to strategic deployment, ensuring regulatory alignment and business value realization.
  • Conducting digital transformation and AI governance projects, optimizing business processes to enhance risk mitigation, model interpretability, and auditability.
  • Advising senior executives on AI governance, algorithmic accountability, and risk-based decision frameworks, providing data-driven insights for compliance and operational risk management.
  • Leading AI risk assessments and controls implementation, ensuring adherence to EU AI Act, NIS 2, GDPR, SOX, FCPA, and DORA while leveraging machine learning explainability techniques.
  • Designing and executing technology risk assessments, incorporating AI bias detection, adversarial testing, and model risk validation using Python, TensorFlow, PyTorch, and Scikit-learn.
  • Building cross-functional partnerships to align AI, cybersecurity, compliance, and risk functions, ensuring seamless regulatory and risk integration.
  • Implementing governance frameworks aligned with ISO standards, COSO, and NIST AI RMF, ensuring robust AI auditability and regulatory compliance.
  • Deploying AI threat models based on NIST 800-53, MITRE ATT&CK, Microsoft STRIDE, and Google DREAD to proactively identify vulnerabilities across AI systems.
  • Developing AI cost-benefit analysis and risk-adjusted ROI models to optimize AI investment strategies and mitigate financial exposure.

Milestone Systems (Canon Group) | Head of Group Risk Management and AI Controls | Quantitative Risk & Responsible AI Governance Lead

August 2022 - November 2024 | Copenhagen Metropolitan Area

  • Led cross-functional teams to identify, assess, and quantify risks across AI, software development, finance, operations, compliance, cybersecurity, and revenue associated with strategic plans, software development, product launches, and contracts.
  • Designed, evaluated, and backtested a risk model to quantify risks for decision-making processes and treat uncertainty in planning, budgeting, contracting, software design, and cybersecurity operations (R, Python, ISO 31000, 31022, 37301, 23894, 42001).
  • Executed the annual risk management plan, addressing business competition, vulnerability trends, and emerging needs to support strategic decision-making.
  • Drove and oversaw insurance and control solutions, ensuring cybersecurity and compliance with EU Artificial Intelligence Act, anti-corruption, intellectual property, privacy, export controls, anti-trust, government contracting, software licenses, and data ethics requirements (FCPA, OFAC, FAR, GDPR, CCPA).
  • Facilitated and tested the alignment of tasks and controls with policies while updating and creating new procedures and training (Executive Order 14028, 3960, NIST 800-218, NIST 800-53, red team).
  • Performed due diligence on potential and current third parties, including background checks, internal investigations, attestations, and certificates.
  • Managed audit and control readiness programs to certify SOX controls, information security, privacy, software development, and data management.
  • Prevented losses and incidents through root-cause analysis.
  • Designed and implemented business processes to ensure commitment to risk management and ESG targets, particularly those related to the confidentiality, integrity, and availability of video solutions, internal systems, and data.
  • Directed the design, backtesting, and implementation of advanced quantitative risk models to mathematically measure, stress-test, and mitigate the financial exposure of enterprise AI systems.
  • Engineered a quantitative risk framework using Monte Carlo simulations to calculate Value at Risk (VaR) and the financial exposure associated with deploying generative AI and automated decision engines.
  • Advised executive leadership, department, and product owners on the risk-adjusted ROI of enterprise AI investments.
  • Bridged the gap between data science and enterprise GRC by translating complex algorithmic uncertainties into clear financial metrics, ensuring strict digital compliance with NIS 2, EU AI Act, ISO 42001, ISO 27001, and model risk management guidelines.
  • Pioneered algorithmic auditing pipelines using Python (Scikit-learn, PyTorch) and R to systematically stress-test machine learning models for data drift, predictive degradation, and adversarial vulnerabilities.
  • Enforced responsible AI controls by mathematically quantifying and neutralizing algorithmic bias.
  • Promoted risk awareness across business managers as a business partner.

Danske Bank | IT Risk and Control Governance Sr. Lead (Responsible AI, GRC and Digital Compliance)

June 2020 - August 2022 | Copenhagen, Capital Region, Denmark

  • Led and coached risk, internal control, and compliance specialists and consultants.
  • Established and maintained a cyber risk and control program to ensure that bank-wide IT systems and information assets were adequately protected.
  • Assessed information security, cybersecurity, cloud services, and IT risks and controls against industry best practices (ISO 27001, 27002, 27017, 27701, 27031, 37301, 37001, NIST 800-53, NIST 800-30, ISF Standard of Good Practice, PCI DSS, COBIT, ITIL, SOC 1 and 2) and EBA and FSI regulatory requirements.
  • Facilitated risk assessments for IT assets based on the ISF Information Risk Assessment Methodology 2 (IRAM2).
  • Reported risks, emerging risks, incidents, and audit observations to top management.
  • Translated security and business requirements and risk responses into technical designs and controls.
  • Delivered ongoing training and cyber risk maturity development tools.
  • Worked with IT operators, architects, engineers, and top managers in the identification and management of risks and compliance and legal requirements.
  • Ensured consistent wording, consolidation, and documentation of risk information.

Danske Bank | Head of Supplier Due Diligence Compliance Strategy and Procurement Center of Excellence

September 2019 - July 2020 | Copenhagen Area, Capital Region, Denmark

  • Helped Danske Bank entities, its suppliers, and other third parties mitigate non-financial risks and provide sustainable services in compliance with regulations and ethical procurement.
  • Successfully piloted a centralized due diligence process to comply with the EBA guidelines on outsourcing arrangements.
  • Managed and developed a mid-sized team of senior compliance, risk, and privacy experts by providing hands-on support and coaching.
  • Managed ongoing due diligence of suppliers, significant service outsourcers, partners, and third parties, including assuring compliance controls and contractual requirements.
  • Facilitated and reported risk assessments to define and revamp procurement controls and procedures.
  • Designed processes and tools for compliance requirements including EBA guidelines on outsourcing arrangements, FSB guidance on arrangements to support operational continuity, and GDPR.

ISS A/S | Head of the ISS Center of Excellence for Risk Management and Compliance

June 2018 - September 2019 | Copenhagen Area, Capital Region, Denmark

  • Established the Center of Excellence (CoE) in risk management, internal controls, and compliance to sustain business plans in collaboration with Deloitte Denmark.
  • Enhanced and implemented policies, procedures, taxonomies, tools, and a shared service center aligned to ISO 31000 in partnership with group finance, internal audit, and clients.
  • Drafted and supervised global governance policies to meet Board needs and comply with Fortune Global 500 client requirements.
  • Integrated risk and control frameworks and governance models into global and local procedures.
  • Designed and managed risk self-assessment and independent testing processes.
  • Enabled risk management teams and owners to address contract, security, business continuity, and compliance risks through advice, group-wide training, and best-in-class planning tools.
  • Enhanced tolerance statements based on risk exposures, profile, and incident analysis.
  • Monitored risk treatment plans to meet business and compliance requirements, such as GDPR, DPIA, ISO 27001, financial reporting, and labor laws.
  • Implemented metrics for stakeholders, including C-level executives, audit and risk committee, and Board of Directors, as part of sustainability efforts.
  • Worked with senior leaders and subject matter experts to drive competitiveness and cost optimization through lean risk methodologies and improved project management.
  • Researched emerging risks, trends, and best practices in the facility management sector.

Deloitte | Senior Manager, Operational Risk / Risk Advisory

June 2017 - June 2018 | Copenhagen Area, Denmark

  • Led, managed, and delivered a portfolio of risk and control consultancy projects in coordination with Deloitte North West Europe.
  • Oversaw engagements in business process and control transformation, risk strategy, operational risk assessment, compliance audits, internal audit outsourcing, IT, SAP, GDPR, and SOX process review and conduct risk services.
  • Planned, budgeted, executed, and reported on risk advisory and compliance projects, ensuring quality and client satisfaction.
  • Developed and coached key leaders and managers to aid organizations in making risk-controlled and sustainable decisions.
  • Networked with clients, peers, and GRC influencers to explore potential collaborations and offerings.
  • Managed key projects: 1) Cybersecurity governance for a global energy company; 2) Internal control transformation for a global manufacturer; 3) GDPR compliance for a top national bank; 4) Third-party compliance audits for a global pharma company; 5) Financial closing assurance for a trading company.

Veolia | Risk Management and Internal Controls Director

May 2011 - June 2017 | Madrid Area, Spain

  • Monitored compliance with corporate program and methodology to continuously assess, treat, and report on risk for 80 subsidiaries in Iberia and LatAm for HQ monitoring in Paris.
  • Led a team of 14 risk and audit specialists and managed the process of assessing operational, IT, finance, strategic, fraud, and compliance risks.
  • Developed and implemented control self-assessments and risk identification tools under the risk and control framework (ISO 31000, 31004, 31010, 19600, 37001, UNE 19601, BS 10500, COSO, COBIT, 8th European Directive, GDPR/DPIA, quantitative modeling).
  • Collaborated with managers and specialists to review internal processes and controls and promoted risk management, fraud prevention, data privacy (GDPR), and SOX standards (library of 800+ risks and KRIs).
  • Planned for SOX 404 scope, testing, and reporting and presented pragmatic GRC solutions to upper management and CFO.
  • Redirected audit efforts on a risk basis and streamlined the reporting process.
  • Improved a corporate performance and finance transformation plan to drive competitive advantages and cost savings initiatives (shared services, automation, smart controls, operational synergies, integrated assurance).
  • Established standard audit workpaper templates and guidelines and designed new risk tools and reports.
  • Coordinated and provided training to internal auditors and control specialists.

Tenaris | Compliance Audit Coordinator

August 2008 - September 2010 | International

  • Developed a comprehensive corporate compliance assurance program focused on meeting SEC, FCPA, SOX, GAAP, IFRS, OFAC, and data privacy requirements.
  • Designed and implemented an annual compliance risk analysis.
  • Reviewed and coordinated compliance programs, policies, and reports to Upper Management and the Audit Committee.
  • Analyzed new rules and regulations to assess their impact on the organization.
  • Monitored transactions to comply with OFAC regulations, including blacklists and trade restrictions.
  • Revised policies and procedures to prevent illegal, unethical, or improper conduct.
  • Supported SAP GRC and Business Intelligence initiatives (MicroStrategy).
  • Engineered automated alerting system to flag high-risk transactions, third-party engagements, and high-risk expenses, reducing manual review efforts by 25%.
  • Enhanced SAP GRC data utilization by building bidirectional MicroStrategy connectors for control testing results, user access reviews, and automated compliance evidence collection.

Baker Hughes | Business Process Support - SAP / Finance Business Specialist and Compliance Auditor

April 2006 - June 2008 | Houston, Texas Area

  • Coordinated process design and re-engineering while utilizing internal project management methodology and ITIL.
  • Served as liaison between implementation teams, process owners, and end-users, eliciting requirements for process improvement.
  • Integrated finance functions, identified risks related to trading activities, and established controls to ensure data quality and accurate financial reporting.
  • Supported the Finance End User Group by managing requests for process issue resolutions (SAP-FiCo, SAP-Supply Chain, Material Master) and ensured master data quality.
  • Integrated business processes across finance and procurement and created functional specifications for custom programs.
  • Managed audit programs, developing control matrices for SAP controls and complex processes.
  • Conducted SOX 404 compliance audits and financial reviews in international locations.
  • Won the Baker Hughes Core Value Award (gold) for improving audit methodology.

ExxonMobil | Inventory and Accounting Compliance Specialist - US Crude Oil Accounting

March 2005 - April 2006 | Dallas/Fort Worth Area

  • Controlled, facilitated, and reported on the migration of finance and control processes from crude oil accounting to a new shared service center.
  • Assessed and mitigated market, credit, and operational risks related to trading activities, reducing past-due open items by 60% in one year.
  • Established risk and valuation monitoring systems, ensuring continuous oversight of trading activities.
  • Developed control options to leverage accounting and process automation for effective service delivery.
  • Transformed processes through functional and skills-based analysis.
  • Designed and implemented new control systems and reports, providing management information and KPIs.

Deloitte | Enterprise Risk Services - Sr. Risk, IT and SOX Compliance Consultant (2003-2005) & Sr. Financial Auditor (2001-2003)

July 2001 - March 2005 | Various Locations

  • Performed Sarbanes-Oxley Act, risk, operational, and IT controls audits and consultancy projects.
  • Evaluated business process controls, application controls, and technology to help clients manage risk.
  • Tested general computer controls using Audit Command Language (ACL) for database interrogation.
  • Planned engagement work, defined information requirements, and minimized schedule slippage.
  • Implemented business tools such as RACI matrices and MS Visio process mapping.
  • Planned, coordinated, and executed all phases of financial and control audits across multiple industries.
  • Analyzed financial statements for accuracy, proper disclosure, and compliance with IFRS and US GAAP.
  • Participated in due diligence for a large acquisition in the energy market.

Academic Leadership: Professor & Program Director

IE Business School | Master Program Executive Education Director, Professor and Speaker

January 2013 - Present | Madrid Area, Spain

Promoting corporate sustainability, ethical leadership, compliance, and risk management.

  • IE Law School & IE Business School: Director, Advanced Program in Compliance (2016+). Teaching compliance and reputation risks, corruption offenses, ISO 37001, ISO 19600, OCEG/GRC frameworks, KRIs and KCIs, investigations, data privacy.

Universidad Complutense de Madrid (UCM)

2015 - Present

  • Professor and tutor at the Masters in Compliance and Corporate Social Responsibility. Teaching compliance risks, GRC environment, reputational risks, case studies, thesis tutor.

International University of La Rioja (UNIR)

2016 - Present

  • Professor, Corporate Compliance and Data Security Masters. Teaching global compliance, labor compliance, conflicts of interests, GDPR compliance.

Comillas Pontifical University & ICADE Business School

2016 - Present

  • Professor, Master in Compliance. Teaching labor compliance and conflicts of interests.

Centro de Estudios Financieros (CEF)

2015 - 2017

  • Professor, Course in Compliance. Teaching global compliance, environmental compliance, compliance for oil and gas, energy, and mining.

Institute For Research Resources (iiR) Spain

2011 - Present

  • Professor and Lecturer. Chairman, Compliance Day 2016. Teaching internal control systems for US regulations (FCPA, SOX, Dodd Frank), compliance management systems, global compliance plan design, and GRC for executive boards.

C5 Forum Anti-Corruption Spain

2016

  • Co-host and speaker.

The Institute of Internal Auditors (IIA)

  • Speaker at Annual Conference "XIX Field of Ideas" on lessons learned in fraud mitigation.

ISACA

  • Speaker on corporate criminal liability and IT.

Publications & Thought Leadership

Books & Peer-Reviewed Research

  • AI Management Systems Operational Playbook for Chief AI Officers and Compliance Risk Managers (Google LLC, February 2026 | ISBN-13: 9798233615009) A systematic, end-to-end framework for institutionalizing AI governance across the enterprise. Translates EU AI Act, ISO/IEC 42001, and NIST AI RMF into measurable engineering and oversight tasks. Introduces the "Moneyball" approach to AI risk, transitioning from qualitative heat maps to rigorous risk quantification. Covers algorithmic bias quantification, model drift telemetry, and risk-adjusted ROI calculation.

  • Standardized Threat Taxonomy for AI Security, Governance, and Regulatory Compliance: A Unified Taxonomy of the Nine Critical Threat Vectors in Generative and Agentic AI and Machine Learning Systems (arXiv:2511.21901, November 2025) Provides the first rigorous bridge between technical AI vulnerabilities and financial risk quantification. Introduces an AI System Threat Vector Taxonomy with 9 Critical Domains and 53 Threat Categories (Misuse, Poisoning, Hallucinations, Drift), validated against 133 real-world incidents. Maps vectors to ISO/IEC 42001 controls and NIST AI RMF functions for quantitative risk assessment (QRA) using Monte Carlo simulations.

  • Quantitative Risk Assessment in R: An Open-Source Convolutional Framework for Modeling Uncertainty and Reserves (Zenodo, November 2025) Introduces a free, open-source framework for quantitative risk assessment using convolutional Monte Carlo methods in R. Moves beyond flawed risk matrices to probabilistic modeling. Uses Monte Carlo simulations with convolution methods to integrate discrete event frequencies (Poisson) with continuous loss magnitudes (Lognormal). Calculates risk statistics, contingency reserves (VaR), histogram charts, and loss exceedance curves.

  • GRC Framework: Governance for Risk and Compliance (Ediciones Roble, January 2017 | ISBN 9788416756230) 328-page book on synergies in implementing an integrated GRC framework.

Articles & Industry Publications

  • SAPexperts: "Preparing SAP for the New European Union General Data Protection Regulation GDPR" and "How to Prepare Your User Access Review to Comply with the General Data Protection Regulation"
  • Internal Auditor Magazine (The IIA): "Convergence COSO ERM and ISO 31000"
  • The Risk Universe: "Dimensions in Risk Measurement"
  • Metricstream: "Components of an Effective Third-Party Due Diligence Program"
  • Contributor to: Tribuna del Compliance, LawyerPress, and Lefebvre – El Derecho

Technical Writing

  • Technical writer on GRC topics for Wispubs, IIA, and others (2013-2017)

High-Impact Executive Projects

Capgemini | Applied AI Lab (RIOT) Leadership and Innovation Acceleration

January 2025 - Present

Spearheaded the internal acceleration program to develop, commercialize, and deploy compliant AI solutions for Fortune 500 clients. Established AI Governance methodologies positioning the firm as a premier advisor in enterprise AI transformation. Functioned as internal AI risk manager, ensuring capabilities adhered to global regulatory frameworks. Developed go-to-market roadmaps for life sciences, defense, telecom, and oil and gas sectors. Championed responsible AI as a core differentiator, embedding ethical frameworks into solutions built on SAP Joule, ServiceNow AI, and enterprise Copilots. Applied quantitative risk analytics to model financial impact and ROI of deploying enterprise AI systems.

Capgemini | ESG GRC Automation and Data Architecture Transformation

July 2025 - February 2026

ESG Reporting and Data Controls Project Manager for major global energy corporation (Houston, TX). Directed global GRC transformation automating ESG reporting, reducing compliance costs and increasing data fidelity for board-level sustainability disclosures. Architected digital compliance workflows across SAP MDG, IoT sensors, and enterprise data lakes for GHG and water consumption metrics. Applied quantitative risk modeling to validate environmental estimation methodologies, mitigating risk of regulatory fines for greenwashing.

Capgemini | Enterprise AI Governance and Autonomous Systems Controls

May 2025 - February 2026

Lead Advisor on AI Governance and Risk Assessment for global automotive and autonomous vehicles manufacturer. Engineered group-wide AI Governance operating model with consistent lifecycle controls and approval gates. Defined corporate strategy for EU AI Act compliance and ISO/IEC 42001 alignment. Established algorithmic auditing protocols for third-party AI solutions and internal ML models. Developed quantitative risk taxonomy for AI threats, enabling financial measurement of vulnerabilities.

Capgemini | AI Clinical Data Automation and Algorithmic Quality Assurance Proof of Concepts

March 2025 - August 2025

Lead AI Compliance Automation PoC Project Manager for global pharmaceutical enterprise. Validated technical and regulatory viability of AI-driven automation for clinical trial data. Executed algorithmic auditing on automated data review processes, ensuring AI-generated corrections met strict control attributes. Assessed AWS Glue DataBrew for control checks and quantitative risk assessments on clinical datasets. Engineered GenAI prompts within Signavio process flows to automatically generate and validate Standard Operating Procedures (SOPs).


Certifications & Professional Development

  • Certified Chief AI Officer (CAIO) – Information Security Institute / Copenhagen Compliance (2024)
  • CRISC (Certified in Risk and Information Systems Control) – Packt (2025)
  • Quantitative Finance with R – Portfolio optimization, asset pricing, and risk management with R – Packt (2022)
  • PMI Agile Certified Practitioner (PMI-ACP) – Agile Basics (2019)
  • CPI - AIEM Methodology - Continuous Improvement & Change Management – Deloitte (2017)
  • ISO 37301 Compliance Management Systems – RIGCERT (2022)
  • CISRM - Certified Information Systems Risk Manager – Mile2 Cybersecurity Institute (2021)
  • CISSP - Certified Information Systems Security Professional – Cybrary (2021)
  • IT Risk Assessment Practices – Packt (2015)
  • Governance and Risk Management – Packt (2015)
  • Cybersecurity Compliance Framework & System Administration – IBM Cybersecurity Analyst Professional Certificate (2020)
  • PMI-RMP/IIBA-ECBA Risk Management for Business Analysts – Noble Work Foundation (2022)

Languages

  • English: Native or Bilingual Proficiency
  • Spanish: Native or Bilingual Proficiency
  • French: Professional Working Proficiency

Skills Inventory

Category Skills
AI Governance & Ethics AI Governance, Responsible AI, AI Risk, AI compliance, AI ethics, Generative AI, Model Risk, Algorithmic Auditing, AI Impact Assessments, AI Threat Modeling, AIOps
Risk Management Quantitative Risk Management, Enterprise Risk Management (ERM), Risk Models, Model Risk, Financial Risk, Operational Risk Management, IT Risk Management, Cyber Risk, Stress Testing, Risk Analysis
Compliance & Controls GRC (Governance, Risk, Compliance), Internal Controls, SOX 404, FCPA, GDPR, ISO 27001, ISO 27701, ISO 37301, COSO Framework, Compliance Management, Internal Audit, External Audit, Third-Party Due Diligence, Data Privacy, Anti-Corruption, OFAC, ESG Reporting
Technical & Data Python (TensorFlow, PyTorch, Scikit-learn, Keras, XGBoost), R (Quantitative Finance, Risk Modeling), Monte Carlo Simulation, Predictive Modeling, Data Analytics, Data Modeling, SQL, Databases, Business Intelligence, SAP GRC, SAP FiCo, SAP MM, ERP, AWS, ServiceNow AI, Process Automation, Robotic Process Automation (RPA)
Process & Strategy Business Process Improvement, Process Improvement, Continuous Improvement, Six Sigma, Change Management, Root Cause Analysis, KPI Development, Data Migration, Strategic Planning, Business Transformation, Executive Management, Board Reporting
Auditing & Assurance Financial Audits, IT Audits, Compliance Audits, Performance Audits, SOX 404 Top-Down Risk Assessments (TDRA), Audit Command Language (ACL), Internal Control Implementation

Featured GitHub Repositories

Explore my open-source work in quantitative risk modeling and AI governance:

  • quant-risk-montecarlo-r – R scripts for convolutional Monte Carlo framework published in my Quantitative Risk Assessment paper. Performs 100,000+ simulations to model loss distributions, calculate Value at Risk (VaR), and generate loss exceedance curves for AI, operational, and financial risk.
  • ai-threat-taxonomy – Machine-readable implementation of the 9 Critical AI Threat Vectors from my arXiv paper (Misuse, Poisoning, Hallucinations, Drift, etc.), mapped to ISO 42001 controls and NIST AI RMF functions for automated risk assessments.
  • algorithmic-auditing-toolkit – Python scripts using Scikit-learn and SHAP for detecting bias, drift, and adversarial vulnerabilities in ML models. Core component of my AI governance methodology.
  • grc-framework-templates – Practical templates for RACI matrices, AI impact assessments, control testing workflows, and risk taxonomies derived from 20+ years of consulting experience.

Connect With Me

I am based in the Copenhagen Metropolitan Area and available for senior advisory roles, board positions, corporate training programs, and keynote speaking engagements on the future of AI governance, quantitative risk management, and digital compliance.


Prof. Hernan Huwyler, MBA, CPA, CAIO

Director de IA y GRC | Gerente de Riesgo de IA | Líder de Riesgo Cuantitativo

LinkedIn Blog WordPress Ubicación

"Empodero a líderes en riesgo, cumplimiento e inteligencia artificial para impulsar objetivos de negocio mediante Gobierno de IA, Cumplimiento Digital e IA Responsable en empresas multinacionales."

Con más de dos décadas de experiencia ejecutiva global, me especializo en guiar a organizaciones Fortune 500 a través de las complejidades de la inteligencia artificial y las transformaciones digitales. Actúo como puente entre la ciencia de datos técnica y el gobierno corporativo, asegurando que los sistemas de IA empresarial sean éticos, legalmente conformes y arquitectónicamente diseñados para maximizar el retorno de inversión.


Conferencias Ejecutivas, Formación Corporativa y Conocimiento Experto

Colaboro activamente con consejos de administración globales, organizadores de eventos y departamentos de Recursos Humanos de multinacionales. Estoy disponible para asesoría ejecutiva y conferencias en Europa y a nivel mundial en las siguientes áreas:

  • Formación Corporativa: Capacitación de miembros de Consejos y Alta Dirección sobre el EU AI Act, DORA y evaluaciones de impacto de IA.
  • Conferencias Ejecutivas: Charlas magistrales y paneles de discusión sobre IA Responsable, Auditoría Algorítmica y Cumplimiento Digital Basado en Datos.
  • Asesoría Experta: Desarrollo de marcos personalizados de Gestión de Riesgo de IA y modelos cuantitativos de riesgo para los sectores financiero, automotriz y farmacéutico.

Competencias Clave y Experiencia Técnica

  • Gobierno Ejecutivo: Gobierno de IA | Marcos GRC | Cumplimiento EU AI Act y NIS 2 | Estrategia de IA Responsable
  • Cuantitativo y Técnico: Gestión Cuantitativa de Riesgos | Auditoría Algorítmica | Modelos Predictivos de Riesgo | Evaluaciones de Impacto de IA
  • Stack de IA y Datos: Python R TensorFlow PyTorch Scikit-learn XGBoost Simulaciones Monte Carlo
  • Sistemas Empresariales: SAP GRC SAP FiCo AWS DataBrew ServiceNow AI

Proyectos Ejecutivos de Alto Impacto y Resultados

1. Gobierno de IA Empresarial y Controles de Sistemas Autónomos (Automotriz Global)

  • Valor Generado: Diseñé un modelo operativo de gobierno de IA a nivel corporativo y un marco de Gestión de Riesgo de IA para asegurar el cumplimiento con el EU AI Act e ISO/IEC 42001.
  • Ejecución Técnica: Establecí protocolos de Auditoría Algorítmica para evaluar modelos de machine learning de terceros en cuanto a sesgo, postura de seguridad y fiabilidad, definiendo claramente la responsabilidad de la alta dirección en todo el ciclo de vida de la IA.

2. Modelado Cuantitativo de Riesgos y Validación de Exposición Financiera de IA (Sector Financiero)

  • Valor Generado: Dirigí el diseño y backtesting de modelos avanzados de Riesgo Cuantitativo utilizando simulaciones Monte Carlo para medir y mitigar matemáticamente la exposición financiera de sistemas de IA empresariales.
  • Ejecución Técnica: Pionero en pipelines de Auditoría Algorítmica utilizando Python (Scikit-learn, PyTorch) y R para realizar pruebas de estrés sistemáticas en modelos de ML, detectando desviación de datos, degradación predictiva y vulnerabilidades adversarias.

Last updated: March 2026

Popular repositories Loading

  1. HernanHuwylerRiskManagement HernanHuwylerRiskManagement Public

    22 9

  2. risk-model-app risk-model-app Public

    HTML 2

  3. ComplianceRisk ComplianceRisk Public

    This course is tailored to meet the needs of professionals in the fields of compliance, legal counseling, data privacy, business consultancy, risk management, auditing, cybersecurity, and artificia…

    1

  4. Paper2024 Paper2024 Public

  5. PythonSumming PythonSumming Public

    Python implementation of a risk model that uses Monte Carlo simulations to estimate potential losses in a project or business scenario. The model incorporates lognormal distributions for loss amou…

  6. hwyler hwyler Public

    Quantitative Risk Assessment in R for AI governance and risk management. Monte Carlo framework to model AI system failures, algorithmic bias financial exposure, and model drift. Calculates Value at…

    HTML