I am an AI Risk Manager and Governance, Risk, and Compliance (GRC) executive dedicated to empowering business leaders to achieve strategic objectives through robust AI governance, digital compliance, and responsible AI frameworks. With over two decades of global executive experience spanning four continents, I specialize in guiding Fortune 500 organizations toward financial success and operational excellence by transforming regulatory pressure into a competitive advantage -1.
My expertise sits at the intersection of quantitative risk management, algorithmic auditing, and international regulatory compliance (EU AI Act, NIST AI RMF, ISO 42001). I have deep experience across the technology, consultancy, energy, financial services, and engineering sectors. I actively partner with global boards, event organizers, and multinational HR departments, offering a triad of high-impact services: strategic consulting, corporate training, and executive keynote speaking.
Holding an MBA, CPA, and CAIO credentials, I combine deep knowledge of financial audits (US GAAP, IFRS, SOX) with technical proficiency in building and validating AI models using Python, TensorFlow, PyTorch, and Scikit-learn. As a fluent English and Spanish speaker, I leverage cross-cultural expertise to build trust and align stakeholders in global enterprises, ensuring they can manage risk and achieve operational excellence across multiple regulatory jurisdictions.
Core Competencies & Service Portfolio
I help organizations navigate the complexity of AI and digital transformation through a structured, data-driven approach.
AI Governance and Strategy: Responsible AI frameworks, Algorithmic Auditing, Digital Compliance, EU AI Act readiness, NIST AI RMF, ISO 42001 implementation -3.
Quantitative Risk Management: Model Risk Management, Predictive Risk Models, AI Impact Assessments, Monte Carlo simulations for financial exposure, Stress Testing -1-5.
Executive Management & Advisory: Corporate Governance, Board Advisory, C-suite consulting on AI strategy, M&A due diligence, and operational resilience.
Training & Speaking: Having trained over 1,500 chief compliance, privacy, and AI officers, I deliver high-energy keynotes and in-house corporate training programs that translate technical jargon into actionable business intelligence -8.
Technical Stack: Python, R, TensorFlow, PyTorch, Scikit-learn, Keras, XGBoost.
Compliance & Auditing: ERP risk (SAP FiCo, SAP GRC), SOX 404, GDPR, FCPA, ISO 27001/27701.
Professional Experience: Driving Value at Scale
My executive career has been defined by leading high-stakes projects that protect and create business value.
Capgemini | Senior Manager, AI Governance and Digital Compliance *(Jan 2025 - Present | Copenhagen)*
As
the lead of the Applied AI Lab, I spearhead enterprise-wide AI
governance and responsible AI initiatives. I direct the development of
AI-driven quantitative risk models for fraud detection and
cybersecurity, while advising senior executives on the ROI of AI
investments. A key achievement includes architecting GenAI strategies
that revolutionize client HR, Finance, and GRC functions, ensuring all
solutions adhere to the EU AI Act, NIS 2, and DORA through rigorous
algorithmic auditing and model risk validation using Python and
TensorFlow -6.
IE Law School & IE Business School | Executive Education Director & Professor *(Jan 2013 - Present | Madrid)*
I
serve as the Academic Director for advanced programs in Compliance and
AI Governance. I teach and inspire executives on topics including
corporate sustainability, ethical leadership, corruption prevention (ISO
37001), and data privacy. My role is to promote critical thinking and
equip leaders with the frameworks needed to manage reputation and
compliance risks in a data-driven world -2-8.
Canon Group / Milestone Systems | Head of Group Risk and Control *(Aug 2022 - Nov 2024 | Copenhagen)*
I
led cross-functional teams to identify and quantify risks across AI,
software development, and cybersecurity. I engineered a quantitative
risk framework using Monte Carlo simulations to calculate the financial
exposure (VaR) of enterprise AI systems and pioneered algorithmic
auditing pipelines to stress-test machine learning models for bias and
data drift, ensuring compliance with the EU AI Act and ISO 42001.
Prior Key Roles: My leadership foundation was built through senior roles at Danske Bank (IT & Digital Compliance), ISS A/S (Head of Risk CoE), Deloitte (Senior Manager, Risk Advisory), Veolia (Risk Management Director), Tenaris, and ExxonMobil.
Education & Certifications
University of Cambridge: International Diploma in Business Administration
ESDEN, Madrid: MBA in Organizational Management (Top of Class)
Certified Public Accountant (CPA): Universidad del Centro Educativo Latinoamericano (Top 5%)
Certified Chief AI Officer (CAIO): Copenhagen Compliance
Certifications: CRISC, CISSP, PMI-ACP, ISO 37301 Lead Implementer, IBM Cybersecurity Analyst
Proprietary Methodologies: My Toolbox for Client Success
I don't just advise; I provide clients with the assets to succeed. My work is built on a foundation of rigorous, published research and practical tools designed for immediate implementation.
AI Management Systems Playbook & Control Accelerator: A turnkey operating system derived from my book of the same name. It translates the EU AI Act and ISO 42001 into concrete roles, workflows, and an AI Control Matrix that links real-time system telemetry to specific controls and SLAs -3-4.
AI System Threat Vector Taxonomy: Based on my peer-reviewed research (DOI: arXiv:2511.21901), this is a structured ontology of nine critical AI threat domains (e.g., poisoning, drift, privacy leakage) validated against 133 real-world incidents. It provides the bridge between technical vulnerabilities and financial loss, enabling robust quantitative risk assessments -5-10.
QUANTRRA™ Quantitative Risk Framework: An open-source, convolutional framework in R and Python that replaces subjective heat maps with rigorous Monte Carlo simulations. It allows organizations to model loss distributions, calculate contingency reserves, and make data-driven decisions on risk treatment -1.
AI-Aware Contract & SLA Clause Library: A structured library of contract clauses and KPIs that embed AI risk management into commercial agreements, ensuring that third-party relationships are governed by objective metrics and realistic liability caps.
Global Recognition & Thought Leadership
My contributions to the field have been independently ranked and validated by leading platforms.
Thinkers360 Rankings: I am honored to be ranked as a Top 10 Global Thought Leader in both AI Ethics and AI Governance, as well as a Top 25 Thought Leader in GRC and Risk Management -3-9. This independent validation places me among a select group of experts recognized worldwide for the quality and impact of my work.
Institutional Affiliations: I serve as an Expert Contributor at KuppingerCole Analysts, a Co-Chairman of the Technical Committee at The Institute of Internal Auditors (IIA) Madrid, and a researcher with the EU GDPR Institute and Information Security Institute.
Featured Engagements: My insights have been featured at global events like Risk Awareness Week (2025) , the European Identity & Cloud Conference, and in publications by IE Insights and ProcureCon Europe -1.
Select Keynotes & Workshops
I deliver engaging, high-impact sessions that leave audiences with practical tools and a new perspective. Here is a selection of recent programs:
"Beyond 'Is AI Accurate?': A Practical AI Risk Modeling Playbook" (Risk Awareness Week 2025): A live, interactive workshop deconstructing AI threats like prompt injection and reframing them as business-level risks with a clear financial impact, using a public threat taxonomy hosted on GitHub -1.
"Leading AI Governance as a Chief AI Officer" (CAIO Certification, Copenhagen Compliance): A flagship module teaching senior leaders how to build board-ready risk narratives, design AI impact assessments, and integrate controls into procurement and audit functions.
"Invisible Correlations: Using Python and Network Analytics to Model Cascading Risks" (IE Executive Education): An advanced seminar moving beyond siloed risk registers to model systemic risk using network graphs and Principal Component Analysis.
"Agility, Empathy, and Resilience in GRC: What Audit Committees Need" (Institute of Corporate Directors Malaysia): A board-level session providing chairs and directors with practical dashboards and scenario-based questions for effective AI and cyber risk oversight.
Let's Connect and Collaborate
I am available for select advisory board positions, keynote speaking engagements, in-house corporate training programs, and strategic consulting projects.
If your organization is navigating the complexities of AI adoption, facing regulatory pressure from the EU AI Act, or seeking to build a more resilient and data-driven risk function, I invite you to reach out.
Connect with me on LinkedIn: linkedin.com/in/hernanwyler
Explore my research and tools: hwyler.github.io/hwyler/
Based in: Copenhagen | Zurich | Madrid | Berlin