Governance, risk and compliance (GRC) is a highly valued skill in the cybersecurity industry. According to the latest ISC2 Cybersecurity Workforce Survey, cybersecurity managers rank GRC in the top six skills they seek when hiring. Professionals view GRC as a valuable skill as well, ranking it in the top three skills they view as in-demand in the profession.
Subject matter experts, including seven ISC2 members, across multiple
industries will discuss the latest developments in GRC at a virtual
event providing cyber professionals an opportunity to connect, learn
from each other and strengthen their security teams, while also earning
more than five CPE credits. Pre-registration is required to earn ISC2
CPE credits and access recordings. Register now.
The two-day virtual event, free for ISC2 members, ISC2 Spotlight: Governance, Risk and Compliance, will kick off on Wednesday, January 22 at 10:00 am ET. The event will be moderated by Brandon Dunlap.
Governance, Risk and Compliance Agenda:
Wednesday, January 22
Beyond the Basics: Exploring NIST Cybersecurity Framework 2.0
In this opening discussion, join us for an in-depth look at the transformative updates included in the NIST Cybersecurity Framework (CSF) 2.0 and the implications for organizational cybersecurity resilience. During this session, panelists will provide key information around the 2024 release including discussion around:
- The major updates to the framework tools that help organizations better engage with the CSF 2.0 content
- How to progress from gap analysis to implementation and assessment
- The biggest misconceptions about the framework that NIST is seeing
Panelists:
Daniel Eliot, Lead for Small Business Engagement, Applied Cybersecurity Division, National Institute of Standards and Technology, U.S. Department of Commerce
Stephen Quinn, CISSP, Program Manager | Senior Computer Scientist, National Institute of Standards & Technology
The CCM Solution: Automating Your Way Through the GRC Skills Gap
In this session sponsored by RegScale, attendees will learn practical strategies for implementing CCM to address immediate staffing challenges and build a more resilient GRC function. They will also see real-world implementations where CCM has reduced audit prep time by 60% while improving accuracy and documentation quality. Participants will gain insights into:
- Using CCM to automate everything from evidence collection and documentation to on-demand controls evaluations
- Best practices for transitioning from manual processes to CCM
- Identifying prime opportunities for GRC automation
- Building a business case for CCM implementation
Join us to learn how your organization can turn the GRC skills shortage from a constraint into a catalyst for operational excellence.
Panelists:
Travis Howerton, Co-Founder and CEO, RegScale
Ann Montaniel Al-Oteiby, Senior Director of Security Compliance - GRC, Dragos, Inc.
Imran Khan, Principal, IMNAD
Controls Constellations: Mapping the Cyber Cosmos of Threats
In today's cyber landscape, understanding threat actors and their Tactics, Techniques, and Procedures (TTPs) is paramount for effective risk management and cybersecurity defense. This presentation delves into the intricate interplay between threat actors, their TTPs, and various facets of cybersecurity governance, including controls, control implementation, and continuous monitoring. Attendees will learn:
- Strategic Control Implementation: Discover how to align security controls with the TTPs of relevant threat actors, leading to more targeted protections.
- Importance of Continuous Monitoring: Understand the necessity of ongoing monitoring to detect potential threats early and adapt defenses as needed.
Panelists:
Ruchi Khurana, Lead Product Manager, Google
Valentin Mihai, Security Engineering Leader, Google
Akash Verma, CISSP, Continuous Assurance Engineering, Google
Thursday, January 23
Unveiling the 2025 IT Risk and Compliance Benchmark Report: Top Findings to Start Your Year
Join us as we unveil the findings from Hyperproof’s sixth annual IT risk and compliance benchmark report. Each year, we ask over 1,000 GRC professionals about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to provide an in-depth view of the market’s current state and what to expect for the coming year.
Learn about how over the last year, the perception of GRC across organizations has transformed from merely a checkbox exercise to a driver of operational excellence and strategic growth — a trend that is strongly represented in the data. Join us as we explore:
- Our top findings, an in-depth look at the data from 2024, and an analysis of how these findings will impact GRC in 2025
- How organizations responded to new EU regulations and how these regulations might affect 2025
- Why and how organizations are making deliberate efforts to mature their GRC practices
- The drivers behind why GRC teams expanded in 2024 and why they are expected to continue to grow in 2025
- How organizations in 2024 leveraged generative AI to streamline their processes
Panelists:
Kayne McGladrey, Field CISO, Hyperproof
Erin Nelson, Author, 2025 IT Risk and Compliance Benchmark Report & Sr. Content/SEO Manager, Hyperproof
Taking A Connected Approach to Defending Against Cyber Vendor Risk
Protecting data in this increasingly interconnected world requires new collaborative strategies and a renewed emphasis on key controls such as third-party risk management, data governance, data security, access control, and continuous monitoring. In this session, sponsored by Auditboard, discover the connected risk strategies enabling cyber leaders to partner with internal and external partners to succeed against this important emerging risk. Attendees will learn to:
- Identify the trends making the supply chain the fastest-growing emerging cyber risk category.
- Galvanize their internal and external peers to develop partnerships and shared responsibility for cyber supply chain risks.
- Design and implement effective key controls to mitigate cyber supply chain risks.
Panelist:
Richard Marcus, Chief Information Security Officer, Auditboard
AI in Your Governance, Risk and Compliance Program: Promises, Pitfalls and Ethical Challenges
Recently, there has been an incredible amount of dialogue around AI. From its usefulness in cybersecurity programs, to privacy concerns and potential biases, organizational frameworks, exploitations by threat actors, and beyond. During this session, we will talk about all these things – specifically targeted to use of AI in your organization’s GRC program. Expert panelists will discuss and debate:
- How AI can potentially enhance efficiencies and decision making in GRC processes
- AI’s role in identifying emerging risks
- Navigating the moral implications of AI use in regulatory and compliance
- Pitfalls to avoid
- Common challenges marrying together AI implementation and human oversight/controls
- Future outlooks between AI, GRC and regulatory changes
Panelists:
Diana Kelley, CISO, Protect AI
John Man, CISSP, Senior Compliance Manager, German insurance company
Christopher Pope, CISSP, CCSP, Manager, DevSecOps, ExxonMobil
Register now for this two-day virtual event.