Jeanette Hedderman
Lecturer
Biography
Jenny W. Hedderman Esq. is Assistant Comptroller for Statewide Risk Management and Compliance in the Massachusetts Office of the Comptroller. Attorney Hedderman specializes in compliance, internal controls, and risk management in the areas of statewide accounting, payroll, financial reporting, and statewide financial audits for 156 state agencies. Her current focus is developing the Comptroller’s Statewide Risk Management and Compliance program, including internal controls, security access management and cybersecurity awareness to reduce cyber incidents, and foster clarity, integrity and accountability for Commonwealth resources. Recent projects include the CTR Compliance Corner and CTR Cyber (macomptroller.org) that provide state agencies with resources to improve financial responsibility and protect data and assets. Attorney Hedderman is Chair and Comptroller Designee of the State Records Conservation Board, the Board Secretary to the Essex Co-Operative Farming Association, as well as Adjunct Professor in Law for the Business Manager at Endicott College, and Adjunct Professor for Cybersecurity and Privacy for the Graduate Program in Tax, Banking & Financial Law at Boston University School of Law.
- Profile Types
- Faculty, Lecturers & Adjunct Professors, and Part-Time Faculty
Activities & Engagements
No upcoming activities or engagements.
Courses
Cybersecurity and Privacy: LAW BK 945
This course provides an overview of cybersecurity including common terms, policy, strategy, operations, remediation, vulnerabilities, threats, and federal and state statutes and regulations as these pertain to financial services and banking. The cybersecurity triad of Confidentiality, Integrity, and Availability (CIA) and Privacy are covered from the perspective of the Board of Directors, Risk Management Committees, Chief Risk Officers, Chief Information Security Officers, Clients, Regulators, and others. Common Cybersecurity Frameworks such as National Institute for Science and Technology (NIST) , Center for Internet Security (CIS), Assessments and Reports, Techniques for Mitigation (outsourcing, cyber-insurance), are covered. Federal and State Statutory and Regulatory compliance are covered including Graham Leach Bliley (GLBA) Sarbanes-Oxley, Payment Card Industry (PCI), and jurisdictions of Massachusetts, New York, and California. NIST pillars shall be reviewed, emerging standards, applicability to businesses, supply chains, and responsibilities of boards, senior executives, management, and the CISO. The Role of the CISO, CRO, legal counsels, and other parties shall be discussed including new assessment and reporting requirements.
FALL 2025: LAW BK 945 A1 , Sep 2nd to Dec 19th 2025| Days | Start | End | Credits | Instructors | Bldg | Room |
|---|---|---|---|---|---|---|
| Wed | 4:20 pm | 6:20 pm | 2 | Thomas CessoJeanette Hedderman |
| Days | Start | End | Credits | Instructors | Bldg | Room |
|---|---|---|---|---|---|---|
| ARR | 12:00 am | 12:00 am | 2 | Thomas CessoJeanette Hedderman |