Lucy ShentonExpert Associate Partner at McKinsey & Company
Lucy is an Expert Associate Partner based in Berlin. She specializes in helping financial institutions quantify their cyber risk and build risk-based cyber strategy
Lucy additionally helps banks solve other challenges at the intersection of technology and risk, working with financial institutions globally on fraud risk management, compliance risk technology, third party technology risk management etc.
Relevant experience or recent engagements
Cyber risk quantification: Helping organizations across Europe, Africa and Latin America model their current level of cyber risk exposure relative to their Enterprise Risk Management framework and prioritize their initiative portfolio to optimize their level of cyber risk reduction.
Cyber strategy: Building cyber risk management strategies for major TMT and Finance organizations, including operational multi-year roadmap.
Third party risk management: Designing end-to-end supplier risk management strategy and processes for TMT organizations, with a focus on data privacy and security risk management.
Critical asset identification and current maturity quantification: Helping organizations understand their current level of cyber maturity relative to their peers and identify where their most critical assets sit within the organization.
Background and education
Before joining McKinsey in 2018 Lucy worked for BAE Systems in London as a Cyber Security Consultant, specializing in information assurance and cyber risk management. Her clients ranged from private prisons to large-scale critical infrastructure providers, working in both the IT and OT domains.
Lucy has a Masters degree in Engineering Science from Oxford University with a focus on artificial intelligence, machine learning, digital logic and optoelectronics, and is CISSP-accredited.
Lucy has also worked as a software engineer for a humanoid robotics company where she programmed chatbots and interactive human robots.