Security, pragmatism and data governance: interview with Olivier Roth, speaker at the GFI ISFB x SPHERE Seminar

December 1, 2025

At a time when small financial structures are increasingly exposed to cyber threats, ISFB is offering a new module dedicated to raising awareness of IT security, as part of the ISFB x SPHERE Seminar for independent asset managers (IAMs).
Meet Olivier Roth, data governance specialist, Innosuisse expert and ISFB lecturer, who will be sharing his experience in a pedagogical and pragmatic way during the module he will be leading in February 2026.

Olivier Roth, you are a lecturer at the ISFB x SPHERE Independent Managers Seminar. What are your expectations and what approach will you adopt as a lecturer?

For me, this seminar represents a valuable opportunity to pass on practical knowledge to professionals who are often on their own when faced with increasingly complex technical and regulatory issues. My approach is above all pragmatic and interactive: it's based on real cases, feedback from field experience and open exchanges with participants.

The aim is not so much to deliver an academic discourse as to make risks visible, understandable and controllable, even for non-technical profiles. The aim is to provide leads and even tools that can be activated immediately, and to strengthen the ability of independent managers to anticipate the growing pressure of cyber threats and new legal obligations.

Can you tell us about your academic and professional background?

I have a cross-disciplinary profile, at the crossroads of the technological, regulatory and entrepreneurial worlds. After a Master's degree in Mathematics/Computing, which I completed with a module at the Emerging Markets Institute (INSEAD, Singapore), I specialized in data protection at the University of Geneva.

Professionally, I ran the operations of a Swiss IT services company for over twenty years, developing its activities in Singapore, Hong Kong and Monaco.

For the past eight years, I have been working as an external Data Protection Officer (DPO) for several private companies and public institutions, in sectors as varied as finance, healthcare, energy, local authorities and digital platforms. At the same time, I act as an accredited coach in various digital innovation programs (Innosuisse, Innovaud, Trust Valley, Platinn) and am a member of several boards of directors or foundations.

This career path has taught me to combine strategic vision, regulatory constraints and operational reality, with one constant: the desire to make technology intelligible and useful.

Finally, teaching is one of the pillars of my activity, particularly at the ISFB, where I have been striving for over six years to combine real-world experience with academic rigor.

Module 2, "Raising awareness of IT security in small organizations", which you will be running in February 2026, provides answers to growing challenges. What concrete solutions does this program offer, and what do you see as its strengths and specific features?

The first strength of the program is that it is tailor-made for agile but smaller structures, such as independent managers or small consultancies. Too often, these players have few resources at their disposal to formalize a robust cybersecurity strategy. The module proposes a graduated approach, adapted to their constraints, to understand the major risks, identify the most common vulnerabilities and implement the first effective measures.

The other specificity lies in our cross-functional approach: we approach security not only from the technical angle, but also from the regulatory (LPD, RGPD), organizational (governance, responsibilities) and human (risk behaviors, employee awareness) angles.

Finally, the module is distinguished by its pragmatic dimension: each participant leaves with a knowledge of the governance and tools available on the market. It should be noted, however, that this course, like all ISFB courses, does not constitute a consultancy activity, and that it is up to participants to identify the measures that could be taken within their organization to mitigate risk as part of the implementation of their risk management policy.

What is the main objective of Module 2, and what practical skills or knowledge will participants gain from it?

The central objective is empowerment: to enable managers and their staff to better understand their exposure, to act without waiting for an attack, and to communicate effectively with their IT service providers or customers.

At the end of the module, participants will be able to :

• Identify the main IT risks affecting their business;
• Assess their level of cybersecurity maturity ;
• Apply the right reflexes in terms of access management, backups, data protection, etc. ;
• Understand the legal obligations related to data protection (LPD, RGPD, ...) ;
• And finally, to build an initial cybersecurity roadmap that is realistic and adapted to their structure.

The aim is not to turn them into technical experts, nor to give them personalized advice, but to give them the keys to decide, prioritize and intelligently secure their professional environment.

Olivier Roth

Founder (Data Protection Company)