CISO Insights: Navigating the GRC Landscape
A robust GRC program fosters the ability to manage key risks and protect sensitive data, aligning security initiatives with organizational objectives; and ultimately allows the CISO to establish trust and confidence with key stakeholders. However, the constantly evolving regulatory landscape is resource intensive to manage and requires striking a delicate balance of security controls that won’t stifle productivity or innovation. In this panel discussion, CISOs from diverse industries share insights on:
- Determining and implementing appropriate policies and security controls
- Addressing challenges to integrate GRC practices into organizational operations
- Securing adequate resources to implement and maintain a GRC program
Speakers
Steven Fox directs the GRC strategy for Educational Testing Services, the world’s largest private educational testing and assessment organization. He brings a cross-disciplinary, international perspective to the practice of information security; combining his experience as a Deputy CISO, security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges.
Shannon Culp is currently the Director Global Information & Cyber Security Governance & Awareness for Archer Daniels Midland Company. She has over 29 years of Business Continuity and Information Security and Risk Management experience, as well as consulting experience, Management in “Big 4” environment and large private industry management experience. She has designed general computer controls for SOX and defined a PCI program for level 2 Merchant. Shannon helped lead the development of E&Y’s Security Architecture Methodology, and helped developed Governance Programs, Identity and Access Management Programs, Risk Management Programs and Vulnerability Management Programs.
Dale is a seasoned cybersecurity and technical operations leader with a distinguished career in the U.S. Navy, where he designed secure, mission-critical systems. Currently the Director of Information Security at RegScale, Dale built RegScale’s security program from the ground up, enhancing compliance, risk management, and operational effectiveness. Recognized for his excellence in building Security Operations Centers and Threat Intelligence programs, Dale’s tactical leadership has led to significant achievements, including disaster recovery and business continuity planning for the DoD, rapid deployment of communication packages for Navy Seal Teams, and the creation of training programs for system administrators. His hands-on approach and commitment to efficiency have made regulatory compliance faster and more accessible.
Parham Eftekhari is a business executive specializing in cyber and national security. He currently serves as Executive Vice President, CISO Communities at CyberRisk Alliance, leading its CISO services platform which consists of the Cybersecurity Collaborative and Cybersecurity Collaboration Forum. Parham also serves as the chairman of the Institute for Critical Infrastructure Technology (ICIT), the nation’s leading cybersecurity think tank, which he founded in 2014. Other leadership roles during his more than 15 years in this sector include co-founder and Vice President of research at the Government Technology Research Alliance, founder of the world’s first webcam cover manufacturer CamPatch, and Advisory Board member at the Ready Rock Institute. Parham has developed and authored multiple research publications, regularly engages with the media, and has addressed forums ranging from Congress, TED, RSA, and C-SPAN. In 2017, Parham was recognized by (ISC)2 for his contributions to the field of cybersecurity with the Most Valuable Industry Partner – Government Information Security Leadership Award.
Sponsors
