Member of the Month | Stefano Fois : Building Executable Governance Frameworks at the Intersection of Innovation and Risk
- 秘書處

- 8 hours ago
- 3 min read

This month, the Hong Kong China Network Security Association (HKCNSA) is pleased to name Stefano Fois as its Member of the Month for June.
Stefano serves as the Association's Research Director, with a long-standing focus on digital transformation, IT governance, and cybersecurity. He has led large-scale transformation programmes across banking, insurance, retail, and luxury goods sectors. His work centres on a core question: how organisations can simultaneously balance innovation, cost efficiency, and risk in an environment where all three are under pressure, without having to choose between them.
Redefining Risk Management in an Accelerating Environment
Speaking about the challenges organisations face today, Stefano observes that innovation cycles are shortening, while regulatory expectations, cyber threats, and technological complexity are rising in tandem. Cost pressures may push organisations to simplify or defer controls, but this often creates hidden exposures and technical debt.
He advocates a critical shift: treating risk as a design principle rather than a gate at the end of the process. In his view, organisations should align priorities through a business-led technology roadmap, a clear risk appetite framework, outcome-based investment decisions, and effective governance over data, cloud, third parties, and AI. In increasingly complex environments, the organisations that can innovate within clear guardrails are those best positioned to build sustainable competitive advantage.
Governance Must Be Executable and Measurable
Years of leading advisory and transformation projects have given Stefano a pragmatic view of governance: it only works when it is practical, business-driven, and measurable.
He emphasises that an operating model should not be a theoretical organisation chart. It needs to clarify decision rights, accountability, funding sources, service ownership, and risk responsibilities. The starting point is always business strategy, which must then be translated into capabilities that teams can actually use, processes that are actionable, controls that are enforceable, and metrics that can be tracked.
When it comes to driving change, Stefano believes in an iterative approach. Define the target state, tackle the highest-risk gaps first, and validate progress with measurable outcomes such as resilience, cost, speed, quality, and user experience. Executive sponsorship, clear ownership, transparent prioritisation, and a disciplined cadence for tracking benefits and risks are the critical success factors.

A Human-First AI Strategy
Artificial intelligence is reshaping the roles of IT and cybersecurity leaders, and Stefano has a clear perspective on this shift.
He points out that AI accelerates both opportunity and risk. It can enhance productivity, engineering efficiency, threat detection, and decision-making, but it also expands the attack surface and introduces new challenges around data sovereignty, accountability, and trust.
His position is straightforward: strategy must be human-first, not AI-first. AI should augment human capabilities by handling scale, automation, and pattern recognition, while humans retain judgment, ethics, contextual understanding, and ultimate accountability. The goal is not to replace human intelligence, but to elevate it. Organisations that embed this mindset, supported by strong governance and responsible AI practices, will build more resilient and sustainable security capabilities over the long term.
Stefano's insights reflect that digital transformation is no longer just about adopting new technologies. It is about translating technology into genuine business value through clear governance, measurable outcomes, and human-centric decision-making.
HKCNSA is proud to name Stefano Fois as this month's Member of the Month, and we look forward to his continued contributions to the Association and the broader industry with his insights on digital transformation and technology governance.



