Name: The Five Layers of a Mature GRC Program
Start: 2023-01-26T21:45:00Z
End: 2023-01-26T21:45:25.000Z
Location: BrightTALK
Rating: 0

LogicGate offers modern risk management technology empowering businesses to proactively transform risk across their entire enterprise. Because risk is a team sport, we created Risk Cloud® — the most nimble and collaborative GRC solution available. Rapidly adapt to changing business conditions. Confidently innovate and build new processes as you go. Collaborate on risk across your entire organization. Risk Cloud® gives you an interconnected view of risk across the organization that point solutions simply can't provide. After all, great companies are built not by avoiding risks, but by taking the right ones.

Join Elisabeth Quillatre, Risk Management, Compliance and Privacy Officer at Vinted to learn how to mature immature risk processes, inform various business units about different areas of risk, and standardize how end users rate risks. 

You'll be able to:

• Understand how to mark a future process as strategic
• Hone in on top risks to lead decision making 
• Empower risk leaders through ownership
• Get comfortable with challenging risk scores

How We Turned Risk Into a Strategic Advantage

In this keynote, Michael Rasmussen, Analyst & GRC Pundit, equates the pursuit of excellence in Governance, Risk Management, and Compliance (GRC) to a challenging mountain climb, emphasizing the need for meticulous planning, the right tools, and adaptability in navigating the complex regulatory and risk landscapes. This keynote delves into the parallels between trekking and GRC implementation, highlighting the importance of a strong foundational base, the interconnectivity of GRC elements, and the use of technology in scaling new heights. We'll also discuss overcoming common pitfalls and the continuous effort required to maintain GRC maturity, comparing to the ongoing commitment needed in climbing to provide a comprehensive roadmap for organizations aiming to reach the summit of GRC excellence.

The GRC Journey: Your Climb to GRC Value & Maturity

Advancements in data aggregation, real-time monitoring, and artificial intelligence have unlocked a new era in risk management: dynamic GRC. Join Nick Kathmann, CISO at LogicGate, for an exploration of the possible as GRC continues its evolution from manual and reactive to dynamic and predictive. 

Nick will discuss:

• The importance of integrating GRC teams and technologies for near-real-time visibility and monitoring of critical risks at scale
• Practical examples how risk intelligence can inform important decisions around resource allocation, prioritization, and mitigation
• Steps you can take today on your own path to dynamic GRC

Dynamic GRC: Agile Risk Management

The risk landscape is becoming more connected, complex, and challenging, which means risk teams will require a holistic, robust, and mature GRC process that can be adopted enterprise-wide.

If you’re wondering “What is Holistic GRC, and why does it matter?,” be sure to join us for our next LogicGate Live session. LogicGate’s Solutions Engineering and Technical Account teams will discuss the value of interconnected GRC, the risks of silos, and tips for how you can start thinking more holistically about your GRC program. 

Join us to:

• Learn about the value and outcomes you can expect from building connectivity and flexibility of processes, data, reports, and teams across all levels of your organization.
• Walk through contrasting scenarios when GRC use cases work together and when they don't, to illustrate the benefits and outcomes.
• Get access to the Risk Cloud Solution Wheel and Use Case Maps, and see a live demo of Holistic GRC in action.

LogicGate Live: We LOVE Holistic GRC

It’s a new year, and with it comes a new Risk Cloud experience. If you’re looking to create happy end-users, be sure to join us to hear from LogicGate's Product Design and Product Management Teams about our reimagined user-experience, its value and benefits, and how to build for 2024 with the end-user in mind.

Join us to:

• Learn about the benefits of the reimagined record experience, and how you can maximize its benefits.
• Learn best practices for building applications and workflows to maximize end-user adoption, inclusive of formatting, form design, guidance, and reports.
• Get a sneak peak of what’s next for UXRI.

LogicGate Live: New Year, New End-User Experience

Your personal resolutions may be defined, but your organization’s risk resolutions might be a bit more ambiguous. Do you start from scratch? Or continue to focus on unresolved issues from 2023? 

With continued budget cuts, growing third-party relationships, and disruptive technology (hint. hint. AI), security teams must structure their 2024 roadmaps to focus on the most significant and costly impacts to the business, while also preparing for unexpected changes along the way.

Join us as we discuss critical risk management priorities for 2024 and how to pivot when they inevitably evolve. 

This live panel will cover how to strategize and focus on three main priorities: 

• Single point of failure risk management 
• The threat of low complexity AI attacks
• Supply chain resiliency

Attack Prevention Priorities for 2024: Single Point Failure, AI, Supply Chain

Switching from traditional risk analysis methods like ordinal lists or red-yellow-and-green charts to more modern approaches like risk quantification requires a paradigm shift in how you think about measuring risk, but the increased accuracy, specificity, and reliability you’ll gain by doing so pays dividends.

On this episode of GRC & Me, Netflix’s Tony Martin-Vegue joins LogicGate’s Chris Clarke to explore the best ways to navigate this transition, how to learn and leverage popular risk quantification frameworks like Open FAIR, and why you shouldn’t completely throw your colored charts out the window just yet.

Shifting Gears To Quantify Risk with Netflix’s Tony Martin-Vegue

They say it takes a thief to catch a thief, so why not a hacker to catch a hacker? 

That was the premise behind Ted Harrington’s Independent Security Evaluators, a company dedicated to poking holes into other companies’ cyber defenses — for the right reasons, of course. On this episode of GRC & Me, Ted takes LogicGate’s Chris Clarke on a journey down the benevolent hacker’s rabbit hole, where they discuss:

• The difference between white box and black box testing (and which is better.)
• Why carrying these exercises out can build trust and become a competitive advantage in third-party risk assessment.
• Why it’s important to shift your mindset from one that views security as an obstacle to one that views it as an opportunity.
• Uncovering the unknown unknowns in cybersecurity.
• How “defense in depth” strategies can put security teams a step ahead of threat actors.
• The four traits that lead hackers to be successful, and why thinking like one can be an effective way to bolster your cyber defenses.

Please Hack Me: Hacking Companies for Good

Join industry experts from LogicGate, OCEG, Tyler Technology, and Business Solutions, Inc. as they discuss preliminary findings from OCEG's recent survey on the use of artificial intelligence as a support for GRC and review some of the key questions about AI for GRC that every risk professional should be discussing with their leadership team.

Highlights:

• Gain insight from the findings of OCEG's survey on the use of AI for GRC
• Outline the ways that AI benefits GRC capabilities and outcomes, such as time-savings, scalability, and automation
• Review the critical AI for GRC questions that you should be discussing with your leadership team
• Learn how your GRC peers and leaders are strategically vetting, integrating, and planning for AI in risk management

How Are GRC Leaders Using AI?

Few careers involve managing as much risk as one where you’re responsible for launching humans riding gigantic rockets into outer space. That’s exactly what Barrios Technology Chief Strategy Officer Ginger Kerrick did during her three-decade career working for NASA.

On this episode of GRC & Me, Ginger joins LogicGate’s Chris Clarke to discuss methods for developing methodical, standardized thought processes for risk decision-making in high-stakes scenarios, how NASA employees are trained to separate logic from emotion, how disasters can inform future mitigation planning, and why the most important part of managing risk is having the right leaders in place.

Rockets, Radios, and Risk: How NASA Manages Uncertainty in Orbit

In today's cybersecurity landscape, teams dedicate countless hours each year collecting evidence to prove compliance with regulatory and standards mandates. As we face a future with even more regulatory demands, an ever-expanding cyber threat landscape, and a growing number of vulnerable connection points, this burden is set to intensify. This implies that cybersecurity teams will be tasked with more responsibilities, fewer resources, and limited time to guide businesses on harnessing cyber risk for strategic growth.

When you attend this webinar, you'll learn to:

• Elevate regulatory compliance from a mere checklist item to a catalyst for business growth through automation.
• Transform cybersecurity and regulatory compliance teams into strategic advisors rather than just cost centers.
• Improve talent retention, department reputation, time and resource ROI, and more with automated evidence collection.

Automate to Accelerate: Overcoming Challenges in Cyber Risk Management

One of the most high-profile risk events of the last year was the swift collapse of Silicon Valley Bank and other regional banks amid spiking interest rates. Part of the problem? The lack of a complete, comprehensive view of the risks these banks were facing — in particular, liquidity risk.

Allstate Canada's Chief Risk Officer Jason Wang has spent his career assessing and analyzing risk in the financial services space, dedicated to anticipating and mitigating risks just like the one that sank SVB. On this episode of GRC & Me, Jason joins LogicGate’s Chris Clarke to discuss the importance of building a holistic risk register, how to position risk management as a strategic enabler instead of a “revenue prevention” department, why it’s critical to include your chief risk officer on the executive team, and more.

Managing Risk on the Frontlines of the Financial Sector

When doing business with the federal government and its myriad agencies, organizations are bound to run into plenty of mandates, regulations, and other requirements. Navigating them all can cause a headache for even the most detail-oriented compliance managers. 

On this episode of GRC & Me, Chris Clarke is joined by Intel Federal’s Compliance Program Manager, John Griffin. Griffin draws on his decades of experience in federal contracting and working with government agencies at companies like Honeywell and Boeing to explore methods for better managing product development and performing diligence on third-party vendor relationships while operating under strict and stringent government standards and requirements. Plus, learn a few of Griffin’s more creative methods for determining how risky a particular organization might be to work with.

Staying in the Fed’s Favor: Navigating Government Contracts with Intel Federal

The U.S. Securities and Exchange Commission’s highly-anticipated new cybersecurity rules are finally in force, and deadlines are approaching quickly. Organizations, both public and private, will now have to take quick action to either establish or transform their cybersecurity programs to come into compliance with these new regulations and prevent financial, legal, and reputational consequences.

Join us to learn:

• How you can ready your organization in 4 steps 
• What SEC regulations mean for both private and publicly traded companies
• Tips for elevating your overall governance and risk management practices

SEC Cyber Compliance Readiness: 4 Steps Every Leader Should Take Now

Oftentimes, cyber risk teams are viewed as reactive “audit police,” swooping into projects to flag risks and forcing changes at key points. This approach can generate a resentful — even toxic — risk culture. There’s a better way to build healthier risk cultures: Taking a more collaborative, embedded approach to cyber risk management by positioning cyber risk leaders as advisors and partners, working side-by-side with project teams from the start.

On this episode of GRC & Me, Chris Clarke is joined by GEICO's Former Head of Cybersecurity Risk and current Cyberpink Advisors Founder & Owner, Praj Prayag-Deb, to discuss how to shift your organization’s risk culture toward this new approach, her formula for building successful cyber risk programs from scratch, how leveraging the right technology makes it all possible, and why adopting a growth mindset is critical for every cyber risk leader.

Building Robust Risk Cultures Through Collaborative Cyber Risk Management

This behind-the-scenes event will be led by LogicGate’s Product and Implementation Services Teams, who will share best practices on how to build, manage, and mature a Controls Compliance program that allows you to test once/comply many, analyze gaps, drive automation, and do more with less!

Plus, our Chief Product Officer, Jon Siegler, will join us to unveil one of our most anticipated new features: Automated Evidence Collection.

Watch now to:
• Get the inside scoop on Risk Cloud’s various levels of Controls Compliance Maturity
• Deep dive into cross-framework coverage and reporting
• Learn about existing and upcoming features to help your program mature
• See our upcoming Automated Evidence Collection capabilities in action

LogicGate Live: Cooking Up Controls Compliance

The journey to FedRAMP Certification can be a long and winding one, filled with twists, turns, and roadblocks. But, becoming FedRAMP compliant doesn’t have to be such a laborious, time-consuming process. In collaboration with ProofPoint’s Security and Compliance team, we developed a FedRAMP SSP Application in Risk Cloud that automates SSP Document generation in just a few clicks.

Join us for a conversation on FedRAMP Certification and SSP Document Generation with Proofpoint's Security & Compliance team to:

• Learn more about ProoPoint’s experience with FedRAMP certification
• Gain insight into FedRAMP best practices and lessons learned
• Understand their vision for a more automated and streamlined document generation process
• See the FedRAMP SSP Application and all of its powerful features in action!

Your On-Ramp to FedRAMP: A Conversation with LogicGate and Proofpoint

Cybersecurity programs involve lots of moving parts, and they only grow more complex over time as technology becomes more advanced and cyber threats become more numerous and sophisticated. Cyber risk quantification can be a crucial tool for keeping up with shifting cybersecurity landscapes.

On this episode of GRC & Me, Chris Clarke is joined by Protiviti’s Daniel Stone, Director, and Tim Kelly, Associate Director, to discuss how cyber risk quantification can lead to better risk decision-making, how to beat analysis paralysis when you’ve got reams of risk data in front of you, and the best ways to use risk quantification to reduce reactivity and improve communication across your organization.

Using Cyber Risk Quantification to Make the Right Risk Decisions

Preparing for DORA, NIS2, and the New European Push for Cybersecurity

The Risks and Rewards of AI in Business Automation

Positioning GRC as an Enabler with Integrated Data

Breaking Down Organizational Silos With a Common Risk Language

Measurement as a Foundation for Communicating Risk

Building the Business Case for Getting the Right GRC Technology

Enhancing Your Business Continuity Framework in a Volatile Environment

Prices are Rising. How to Prepare for Inflation Now & Later

How To Build a Risk Practice

Going Paperless and Improving GRC Processes

The Risks We Cannot See

GRC & Me Podcast

Listen as Andy Ruse, LogicGate’s President of Field Operations, sits down with Cooley’s Mike Santos, Director of Security and Information Governance, to discuss his five-layer maturity model for building effective GRC programs, the different things a risk practitioner has to consider in decision making, and his own recommendations for maturing any risk program.

The Five Layers of a Mature GRC Program

Enterprise Security

Compliance

Risk Management

Digital Transformation

Cyber Security

Information Security

IT Security

Risk Mitigation

Risk Assessment

Vulnerability Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful procurement and sourcing insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge on which strategies are proving to be the most effective for managing vendors, improving performance and reducing cost.

Procurement and Sourcing

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

The Five Layers of a Mature GRC Program

Presented by

About this talk

More from this channel