top of page
Writer's pictureRoy Urrico

InfoSec People Profile: Alkami Technology’s Dennis Irwin

Chief Compliance Officer (CCO) Continues to Lead and Advise


By Roy Urrico

 

Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security (infosec), cybersecurity and/or information governance to protect data and transactions at credit unions and other financial institutions, and fintechs serving the financial services industry.

Dennis Irwin, chief compliance officer, Alkami Technology

Dennis Irwin, chief compliance officer for Plano, Texas-based digital banking solutions provider Alkami Technology, has been in the compliance part of the financial services industry for 28 years.


Irwin’s formative years began in Pensacola, Fla. “As a military brat, I had the unique opportunity to grow up across various locations,” said Irwin. He now lives near Dallas, “close to our four grown daughters and their families.”


Irwin holds a Bachelor of Science in economics from Texas A&M-Commerce (This month, Texas A&M University-Commerce changed its name to East Texas A&M University.) and “proudly served in the United States Marine Corps.”


Progressive Roles, Increasing Responsibility


Irwin’s 23-year tenure at Citi, which began in 1996, featured progressive roles and increasing responsibility, starting within the retail branch network as both a branch and district manager. “Later, I transitioned into risk management and compliance, where I led the AML (anti-money laundering) program for Citi’s consumer business across Latin America for approximately six years.”


After returning to the U.S., Irwin’s job involved navigating the “complex regulatory landscape” during the post-2008 financial crisis. This eventually leading to his appointment as regional head of consumer compliance for the EMEA (Europe, the Middle East, and Africa), based in London.


Before joining Alkami, in December 2021, he served as the chief compliance officer at Caliber Home Loans (2018-2021) “where I established a high-performing compliance team focused on regulatory risk mitigation, enabling substantial growth for the business,” Irwin told Finopotamus.


“Throughout my career, I've held various compliance and risk management roles, collaborating extensively with information security teams,” said Irwin. “My international experience in Latin America and Europe involved oversight of information security functions, further broadening my expertise in safeguarding organizational integrity and regulatory compliance.”


Current Role in Information Security


Irwin described information security as a cornerstone function at Alkami, particularly as a critical vendor supporting financial institutions. “As the head of compliance and risk management, I work closely with our chief information security officer (CISO) to ensure that our programs are not only aligned but also reinforce each other in safeguarding our clients and their data.”


The CCO described his risk management team as “responsible for establishing and maintaining a powerful framework that ensures the technical controls and security processes developed by our information security team are rigorously tested and consistently operating as designed.” Meanwhile, the Alkami compliance team defines, implements, and oversees policies that “articulate our security standards and protocols, ensuring they meet both regulatory and internal benchmarks.”


Irwin noted, “We also have a sophisticated technical audit program, managed by our audit management team, which encompasses both SOC (System and Organization Controls) and PCI DSS (Payment Card Industry Data Security Standards) certifications, underscoring our commitment to operational transparency and adherence to best practices.


Together, the CISO and I oversee a comprehensive governance structure, including monthly management-level committee meetings and quarterly board-level committee updates, to maintain proactive oversight and strategic alignment across all levels of our security initiatives.”


Alkami’s Cybersecurity Operations


Irwin provided Finopotamus with Alkami’s primary cybersecurity operations as focused on protecting financial data, ensuring regulatory compliance, and safeguarding the company’s systems.


Key areas include:


·         Threat detection and monitoring - Continuous monitoring of systems to detect unauthorized access and potential threats.

·         Data protection and encryption - End-to-end encryption of sensitive financial data, along with robust data loss prevention (DLP) measures.

·         Identity and access management (IAM) - Strong authentication mechanisms, including multi-factor authentication (MFA), and regular access reviews.

·         Incident response - A well-defined plan for the rapid detection, containment, and resolution of security incidents.

·         Vulnerability management - Ongoing vulnerability assessments and timely patching of systems to prevent exploitation.

·         Security awareness - Regular training for employees on cybersecurity best practices, including simulated phishing exercises.

·         Secure software development - Security integrated throughout the development lifecycle, with regular testing and reviews.


Top Cybersecurity Dangers for Financial Institutions


“Credit unions and financial institutions are constantly targeted by increasingly sophisticated cyberthreats” Irwin said. “The most common cybersecurity dangers facing financial institutions include phishing and social engineering attacks, disruptive ransomware and cryptojacking incidents (exploiting or mining cryptocurrencies), often through websites, against the user's will or while the user is unaware; and advanced persistent threats (APTs), which involve prolonged, stealthy access to sensitive systems.”


Irwin also pointed out, “Some of the less frequently discussed risks include supply chain attacks, where vulnerabilities in third-party vendors are exploited; cloud security risks from misconfigurations and platform vulnerabilities; and insider threats posed by malicious or negligent employees who may inadvertently or intentionally trigger data breaches.”


Additional challenges include regulatory compliance demands, which require constant adaptation to evolving cybersecurity laws, and the rise of artificial intelligence (AI)-powered fraud, where attackers enhance the sophistication and scale of fraudulent activities.


“Specifically, just last month, the CFPB (Consumer Financial Protection Bureau) released its regulation enacting Section 1033 of the Dodd Frank Act, marking a significant advancement in open banking within the United States,” said Irwin. On Oct. 22, 2024, the CFPB finalized a rule overseeing open banking in the U.S. designed to give consumers greater rights, privacy, and security over their personal financial data.


“This regulation mandates that financial institutions provide consumers and authorized third parties with access to specific financial data, thereby enhancing data portability and consumer control,” explained Irwin. “This shift presents several opportunities for integrating artificial intelligence into banking services from more personalized financial services to enhanced scoring models and fraud detection. This regulation will continue to evolve and we can expect more changes as a result of AI [artificial intelligence] adoption.”

bottom of page