Governing Body Spotlight

Adam Ennamli has been Chief Risk, Compliance & Security Officer at General Bank of Canada for the past two years, with over 15 years of leadership experience implementing and transforming risk management and security frameworks across global organizations. He specializes in developing innovative approaches to enterprise trust, streamlining fraud, cybersecurity, and resiliency capabilities into powerful competitive advantages. 

Drawing on his experience at diverse organizations, including a government agency and a Fortune 50 bank, as well as an expansive network of peers across all domains, he aims to bring a comprehensive and simplified perspective to risk management. 

A fun fact about Adam, he is an avid football enthusiast who makes it a mission to attend every FIFA World Cup, whenever possible, combining my love for the beautiful game with my passion for exploring new countries and cultures.

Learn more about the Calgary CISO community here.
 

Give us a brief overview of the path that led to your current role.

My journey to becoming Chief Risk, Compliance & Security Officer at General Bank of Canada started in an unexpected place – analyzing operations at a public transit company (EXO), where I discovered my passion for using data to solve complex challenges. While earning my MBA at HEC Montréal, I gained diverse experience through roles at the Canadian Medical Association and Morgan Stanley, where I learned to effectively manage multiple critical regulatory relationships. 

My career took a fascinating turn at NAV CANADA, where leading technology risk for air traffic control systems taught me invaluable lessons about critical infrastructure security and digital transformation. This experience, combined with leading nationwide risk programs at CMHC and later managing global risk across 75+ countries at Thomson Reuters, prepared me perfectly for my current role at General Bank of Canada. Here, I'm leveraging this diverse background to lead our risk, compliance, and security strategies while partnering with a dynamic ecosystem of fintech, risktech, and regtech leaders. I draw from my experience leading teams in 14+ countries and 20+ macro-specialties to ensure I always learn something new from the people I collaborate with.
 

What is one of your guiding leadership principles?

My guiding leadership principle is to create an environment where being authentic and vulnerable isn't just accepted – it's encouraged. I've learned that when you, as a leader, model openness and show that you don't have all the answers, it empowers your team to bring their 200% to work, it sparks real and simple innovation, and it builds the kind of trust that will help your organization navigate through any challenge, while also building lifelong relationships for you and your colleagues.
 

What is the greatest challenge security leaders face today, and how are you addressing it?

The greatest challenge facing CROs and CISOs today is balancing growth, innovation and trust in a landscape that is more and more complex, fluid and digital. At General Bank of Canada, we’re addressing this by streamlining, unifying efforts through strong relationships within our ecosystem, while also looking at risk through a pragmatic, realistic lens. But beyond the metrics and board reports, it's about creating a culture where risk awareness becomes second nature, and here innovation and security enhance rather than compete with each other.
 

What is the key to success for someone just starting out as a CISO?

The key to success for a new CISO is to truly understand that your role goes far beyond technical expertise – it's about building trust through authentic relationships. When I started at General Bank of Canada, my first priority wasn't to immediately overhaul all our frameworks. Instead, I focused on listening to and learning from our teams, partners, and stakeholders to understand their challenges and perspectives. 

Risk management is ultimately about people and relationships. Yes, you need to understand the technical aspects of risk, compliance, and security, but your success will largely depend on your ability to communicate clearly, build bridges across departments, and create an environment where people feel confident raising concerns and contributing solutions. Without this, you can have all the certifications and know all the acronyms, it will be secondary at best.
 

How do you measure success as a leader?

I measure success as a leader in both tangible and intangible ways. The tangible metrics are important – like whether we've reduced inefficiencies by X% or increased cyber maturity by Y% within a specific timeframe. Clear, tangible impact is important to tell your leadership story. 

But it's not the only part, the true measure of leadership success is in the growth and engagement of your team. Are they bringing forward new ideas without hesitation? Are they growing professionally? Are we building genuine, lasting relationships that go beyond the typical workplace dynamics? For me, success is when your team feels empowered to challenge the status quo, when they're confident enough to be vulnerable, and when they're achieving things they didn't think possible. It's about creating an environment where both the organization and its people can thrive authentically. It takes time to build though, like all the good things.
 

What is the value of being a member of the Evanta community?

Exchanging perspectives with fellow technology and security leaders across diverse industries is invaluable. The power of peer collaboration and knowledge sharing in this community helps us all stay ahead of evolving risks. What makes Evanta particularly valuable is the candid, open discussions about both successes and failures: it's a space where leaders can learn from each other's experiences, without judgment or politics.
 

Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.