Sarah Khan
CISO
Hightower
Sarah Khan is the CISO at Hightower Advisors, where she leads cybersecurity strategy and oversees data protection, regulatory compliance, and risk mitigation across their national network of advisor practices. With over 15 years of experience in information security and financial services, she is passionate about bridging business priorities with effective security practices. She thrives in collaborative environments and enjoys demystifying cybersecurity for non-technical stakeholders.
A fun fact about Sarah, she is an amateur food scientist at home—she says she’s mastered the art of hiding vegetables in her toddler’s meals without getting caught!
Learn more about the Chicago CISO community here.
Give us a brief overview of the path that led to your current role.
My journey began in IT risk management, where I developed a deep interest in threat intelligence and vulnerability remediation. Over time, I moved into security architecture and eventually led security operations for a large financial institution. Each step reinforced the importance of building trust across the business, which ultimately led me to my current role as CISO—where people, strategy, and security intersect every day.
What is one of your guiding leadership principles?
Lead with empathy and clarity. I believe people perform best when they understand the "why" behind the work and feel supported through change.
What is the greatest challenge CISOs face today, and how are you addressing it?
Balancing decentralized business autonomy with consistent enterprise security standards is a key challenge—especially in a hybrid wealth management model. We address this by developing adaptable frameworks that empower advisor practices while maintaining core controls, and by investing in relationships, not just tools.
What is the key to success for someone just starting out as a CISO?
Listen first. Take time to understand the culture, identify the informal influencers, and build early credibility through small but visible wins. Your impact depends as much on trust as it does on expertise.
How do you measure success as a leader?
By how well my team and stakeholders feel informed, empowered, and protected. Success isn’t just about low incident counts—it’s also about alignment, resilience, and the confidence others place in the security function.
What is the value of being a member of Gartner C-level Communities?
Gartner C-level Communities creates an invaluable space to connect with peers, exchange lessons learned and keep pace with evolving leadership expectations. It reminds us that while our domains may differ, our leadership journeys are often shared.
Gartner C-level Communities Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
By CISOs, For CISOs®
Join the conversation with peers in your local CISO community.