Governance, risk, and compliance (GRC) is a dynamic landscape for cybersecurity professionals that continues to evolve at considerable speed. As organizations face increasingly complex threats and regulations, GRC is more critical than ever.

At ISC2 Security Congress 2024, you’ll have the opportunity to explore the latest GRC trends, technologies and best practices, including sessions on core principles, deepfakes and navigating third-party risk management.

GRC Trends

GRC is a structured way for organizations to align their security strategies with their business goals. It includes the technologies, policies, and processes used to manage risk, ensure compliance and maintain effective governance.

Two major trends are having a profound impact on the GRC landscape:

  1. Artificial Intelligence (AI): As the use of AI continues to rise, it is becoming a valuable tool for cybersecurity professionals. From automating risk assessments to detecting compliance violations, AI is transforming how organizations approach GRC.
  2. Third-Party Risks: Managing third-party risks – in particular software and service supply chains – continues to be a concern as organizations continue to outsource, relying on external vendors and partners for aspects of their operations. Learning how to assess and mitigate third-party risks effectively continues to be an area of focus for all cybersecurity professionals.

Navigating these trends and implementing robust GRC strategies are vital for organizations. Even more so for cybersecurity professionals who are ensuring resilience, compliance and ultimately the safety of their businesses.

Sessions and Speakers at Security Congress 2024

At ISC2 Security Congress, industry experts will share their insights and strategies on how to leverage AI to enhance your GRC program, protect against breaches and more. Here’s a closer look at some of the speakers and what they will be covering at the event:


John B. Sapp, Jr.
VP, Information Security & CISO,
Texas Mutual Insurance Company

Cyber Risk Governance: Syncing Your Security & Business Needs

Cyber Risk Governance has been a challenge for organizations for over a decade. This session will outline a strategic and pragmatic approach for establishing effective cyber risk governance, with the goal of synchronizing security needs with business needs.


Alicia M. Gristmacher
MBA, Manager, Cyber Security Compliance
Operations, Hyatt Hotels Corporation

Steven Tipton
Director of Cyber Security Architecture,
Hyatt Hotels

Using Subjective and Deductive Reasoning When Performing Third-Party Risk Assessments

Learn how to build a risk rating framework and make informed decisions about vendors and new technologies. You will get concrete steps on how to apply the MITRE ATT&CK Framework to your third-party risk assessment process and use subjective reasoning to determine vendor risk.


Christopher G. Pope, MBA, CISSP, CCSP
Manager, DevSecOps, ExxonMobil

Charting a Bold Path: GRC Principles for AI and ML


Traditional GRC principles are being challenged by the rise of AI and ML, particularly in areas like model transparency, data leakage, and cloud LLM vulnerabilities. To adapt, organizations must combine established GRC practices with new techniques like MLOps and advanced testing to ensure secure and efficient AI adoption.


Ralph Villanueva
CC, IT Security and Compliance Analyst,
Hilton Grand Vacations

Seven Habits of an Effective IT Security and Compliance Professional

This presentation will address the challenges Organizations face when implementing IT security measures. Listen to the lessons learned from 15 years of experience and discover the importance of balancing people, processes and technology in IT governance.

You can see all the sessions on GRC taking place at ISC2 Security Congress here.

Take Your Knowledge to the Next Level

A thorough GRC program provides the data and insights you need to make strategic decisions about risk and compliance, while helping you allocate resources efficiently to address the most critical vulnerabilities. By remaining on top of trends and best practices, you can demonstrate your commitment to security and compliance and build trust with customers and stakeholders.

With sessions led by industry experts and opportunities to network with your peers, you’ll gain valuable insights and practical strategies to strengthen your GRC program.

See what’s in store for you this October at ISC2 Security Congress 2024.