The IT GRC Forum produces online events and provides professional networking facilities and market intelligence to Governance, Risk Management and Compliance professionals.

Earn 1.5 CPE Credits on this webinar

As third-party risk management (TPRM) programs mature, successful organizations are increasingly taking a cross-functional approach—aligning stakeholders from procurement, IT, legal, compliance, and risk to build a unified strategy. This CPE-accredited webinar brings together subject matter experts from ProcessUnity and OneTrust to explore best practices for breaking down departmental silos and fostering collaborative governance. 

Attendees will gain insights into creating a streamlined TPRM framework that supports enterprise-wide visibility, accountability, and efficiency.

Learning Objectives:

- Understand the roles and responsibilities of key departments involved in third-party risk management.
- Explore strategies for aligning workflows and centralizing risk data across teams.
- Identify common coordination challenges and how to overcome them.
- Learn how technology and automation can support a unified TPRM program.

CPE | Coordinating TPRM Efforts: A Multi-Departmental Approach

Earn 1.5 CPE Credits on this webinar

Most User Access Reviews (UARs), especially in SOX-scope applications and other regulated environments like SAP, Oracle, and Workday, are performed to meet compliance requirements — not because they drive meaningful security outcomes. They’re repetitive, rubber-stamped, and void of risk context.

This session will explore how to bring real value into the UAR process. Instead of treating it like a checkbox exercise, we’ll show how to align reviews with business risk, improve review accuracy, and give reviewers the context they need to make better decisions — all without overloading them.

You’ll learn how to:
- Improve the efficiency of UARs by focusing reviews on high-risk access
- Close the gap between compliance and security with smarter, risk-informed decisions
- Simplify the reviewer experience to reduce friction and avoid rubber-stamping
 
If you’ve ever felt like your user access review process didn't lead to an improved security posture, this session will provide key lessons on meeting that objective.

CPE | How to Stop Rubber-Stamping User Access Reviews within Regulated Applications

Earn 1.5 CPE credits on this webinar

Managing governance, risk, and compliance (GRC) in a fast-paced world can feel like chasing a moving target, and AI might just be the edge you need to keep up. On this CPE accredited webinar we'll explore how artificial intelligence can streamline processes, sharpen risk insights, and boost adaptability, turning your GRC framework into a dynamic driver of business success. Perfect for GRC professionals, tech innovators, and leaders seeking agility, this webinar will deliver actionable strategies and real-world applications to harness AI for smarter, more responsive operations. Attendees will gain insights on:

- Streamlining GRC: Leverage AI to automate and enhance compliance processes.
- Sharpening Risk Insights: Use AI-driven analytics to identify and prioritize risks.
- Boosting Agility: Adapt quickly to regulatory and market changes with AI tools.
- Driving Business Success: Align GRC enhancements with strategic goals.

CPE | Incorporating Al into Your GRC Program for Business Agility

Cybersecurity compliance often feels like an expensive obligation, draining time, budgets, and resources - but what if it could be a catalyst for value instead? On this CPE accredited webinar, our panel of experts will redefine compliance as a strategic asset that bolsters resilience, reputation, and profitability. Tailored for business leaders, IT professionals, and security enthusiasts, this webinar offers practical insights and real-world examples to transform compliance from a burden into a competitive edge. Attendees who meet the CPE requirments will:

- Understand how GRC platforms can reduce compliance burdens and unify risk visibility.
- Identify hidden compliance costs and their impact on innovation and business agility.
- Explore how compliance can drive cybersecurity funding and long-term risk strategy.
- Learn to quantify and communicate the ROI of cybersecurity initiatives to leadership.

The True Cost of Compliance: Demonstrating the Value of Cybersecurity

This is a pre-recorded session intended for CPE learning. To earn CPE credit, you may complete the associated self-study course. Here is the free access link to the course: https://www.itcpeacademy.org/course/harmonizing-risk-compliance-unifying-infosec-programs-through-automation-1

On this program we will:

• Identify challenges in risk and compliance programs due to innovation and burdens.
• Learn how automation streamlines risk decisions and optimizes high-value resources.
• Understand consolidated risk and compliance workflows for enhanced efficiency.
• Explore OneTrust’s tools for simplified third-party risk management.

Harmonizing risk and compliance:  Unifying InfoSec programs through automation

As cloud adoption accelerates, managing vendor risks is more crucial than ever. Join our panel discussion webinar with Paul McKay, Principal Analyst at Forrester, and subject matter experts as we explore strategies for overseeing vendor relationships in the cloud. This session will provide practical guidance and exclusive research to strengthen your approach.

Attendees will earn CPE credit and can engage directly with the panel by submitting questions, participating in interactive polls, and accessing cutting-edge insights.

Learning Objectives:
1. Understand Key TPRM Process Areas: Identify the critical areas of Third-Party Risk Management (TPRM) needing improvement, such as vendor onboarding, continuous monitoring, risk mitigation, and offboarding, to enhance organizational processes.
2. Evaluate Vendor Risk Indicators: Assess the significance of vendor certifications, transparency in sharing artifacts, and undisclosed integrations (e.g., LLMs) to determine their impact on effective vendor risk assessments.
3. Adopt Continuous Monitoring Practices: Explore the role of continuous monitoring and controls in TPRM to move beyond periodic questionnaires, enabling consistent visibility and risk management across third- and nth-party supply chains.
4. Leverage AI and Automation in TPRM: Examine how AI and automation can reshape TPRM processes, and identify key considerations for integrating these technologies to build adaptive, future-proof programs while avoiding new risks.

Managing Vendor Risks in the Cloud: Insights for Internal Oversight

Managing identity governance effectively is a critical challenge for organizations balancing cybersecurity, regulatory, and operational needs with budget constraints. Traditional identity governance and administration (IGA) projects often face high costs, lengthy deployment timelines, and complex integrations, making it difficult to achieve security and compliance objectives efficiently.

This CPE accredited webinar will explore practical strategies for modernizing identity governance to reduce total cost of ownership (TCO) while improving security and operational efficiency. Our subject matter experts will discuss and demonstrate how organizations can:

- Streamline identity governance processes to accelerate implementation and optimize access controls.
- Reduce business disruptions with adaptable workflows that seamlessly integrate into existing environments.
- Improve security by minimizing excessive permissions and enforcing robust separation of duties (SoD).
- Adopt low-code/no-code solutions to simplify integrations and eliminate costly vendor dependencies.

Join us to gain actionable insights on enhancing identity governance while keeping costs in check, ensuring a more secure and efficient approach to access management.

Identity Governance 101: Reduce Costs & Strengthen Security

Securing the software supply chain has become a mission-critical priority for organizations across industries. With increasing cyber threats targeting risks and threats in software development and delivery, businesses must adopt proactive strategies to safeguard their operations, ensure compliance, and maintain customer trust. Join us for an insightful webinar featuring  Janet Worthington, a renowned Forrester analyst with extensive expertise in cybersecurity and software supply chain resilience.

This CPE accredited session will provide actionable insights and best practices to help you build a secure, resilient, and future-proof software supply chain. Attendees will gain insights on:

- Proactive Risk Mitigation: Learn how to identify and assess malware and vulnerabilities across your software supply chain, from third-party components to internal development processes, and implement strategies to mitigate risks before they escalate.

- Secure Development Practices: Discover the principles of secure coding, code review tools, and DevSecOps integration to ensure security is embedded throughout the software development lifecycle.

- Incident Response and Recovery: Gain insights into developing robust incident response plans to detect, respond to, and recover from supply chain disruptions effectively.

- Automation and Compliance: Explore how automation can enhance supply chain security by enabling continuous monitoring, vulnerability patching, and alignment with industry standards like NIST and FedRAMP.

- Securing Third-Party Commercial Software - Discover how cybersecurity and TPCRM teams can identify risks in the commercial software they use before they purchase or deploy.

Critical Steps for a Secure and Resilient Software Supply Chain

Today’s interconnected organizations face a rapidly evolving risk landscape where enterprise, cyber, operational, and third-party risks are increasingly intertwined. The growing reliance on critical IT systems, both internally managed and outsourced to third and fourth parties, has expanded the attack surface, leaving firms vulnerable to cyber incidents, downtime, and operational disruptions. Studies reveal that 87% of Fortune 1000 companies experienced a significant cyber incident involving a third party in the past year, highlighting the urgent need for a more robust and unified approach to risk management.  
 
This webinar will explore how you can consolidate your view of risk to enhance business resilience, mitigate vulnerabilities, and align with emerging regulatory requirements. You will gain up-to-date insights on: 

- Integrating risk management for better resilience: Learn how consolidating enterprise IT, cyber, operational, and third-party risks into a unified framework enhances risk identification, prioritization, and mitigation. 
- Enhancing threat detection with real-time insights: Discover how real-time monitoring, data analytics, and cross-functional collaboration can improve incident response and reduce vulnerabilities. 
- Aligning with regulatory requirements: Gain insights into key regulations like DORA, NIS2, and CPS 230, and understand how a consolidated risk approach ensures compliance. 
- Strengthening proactive risk management: Explore how leveraging NIST frameworks can help you anticipate, protect against, and respond to risks in a structured, resilient manner.

Consolidating Risk Visibility to Build Business Efficiency & Resilience

As cyber threats continue to grow in complexity, organizations are more vulnerable to significant risks. Yet, many struggle to measure and manage these unseen dangers effectively.

On this CPE webinar our panel of subject matter experts will explore the essentials of cyber risk quantification - a transformative approach that translates technical cybersecurity risks into business terms. Attendees will discover how organizations can assess their financial exposure to cyber threats, prioritize critical vulnerabilities, and demonstrate the ROI of their cybersecurity investments. Join us for insights on:
• Establishing an acceptable risk threshold to align security efforts with business objectives.
• Leveraging data-driven metrics and frameworks to quantify cyber risk.
• Communicating risk in financial terms to engage executives and secure buy-in for security initiatives.
• Identifying resource allocation strategies to maximize the impact of your cybersecurity program.

Cyber Risk Quantification: Measuring and Managing the Unseen Threats

It's not getting any easier. Every time we turn around there seems to be another attack or threat that demands our attention. While each event is unique, they all result in third-party risk management teams scrambling to ensure their organizations are protected. Rapid responses and emergency assessments can be knee-jerk, stressful and distracting. It doesn't have to be that way.
 
Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We'll outline what's required to prepare in advance so you're ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we'll cover the necessary steps and considerations for an effective response plan.
 
Session attendees will learn:

- How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss
- How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability
- How quick-assess campaigns can automatically scope, distribute, and score responses

Best Practices for Threat and Vulnerability Response & Emergency Assessments

In a world surrounded by data, the interplay between identity management and data security has become paramount. This webinar will explore the concept of a layered approach to identity and data security, emphasizing its critical role in safeguarding sensitive information. We will examine how multiple layers - ranging from authentication to advanced identity lifecycle - work in tandem to create a robust security framework. By integrating technologies such as privileged access management, access controls, and user behavior analytics, organizations can enhance their resilience against evolving cyber threats. 

Attendees will gain insights into:

- Best practices for implementing a layered security strategy, 
- The importance of continuous monitoring, and the need for user education in maintaining data integrity,
- Real-world case studies and expert recommendations,  
- Actionable strategies to fortify their identity and data security measures in an ever-changing landscape.

Identity and Data Security: A Layered Approach

In the rapidly evolving digital landscape, the journey from Identity and Access Management (IAM) to a fully matured Identity and Access Governance solution is no longer a luxury - it’s a necessity. As organizations grapple with hybrid environments, cross-application risks, and increasing compliance pressures, advancing governance maturity can be your secret weapon to reducing costs, mitigating risks, and maximizing IT ROI.

This webinar will guide you through the governance maturity journey, leveraging insights from the latest advancements in Governance, Risk, and Compliance (GRC). You’ll learn how to evolve from manual, fragmented processes to integrated, automated governance solutions that deliver real business value.

Join this session to explore:
• Practical steps to align your governance initiatives with compliance goals while driving efficiency and cost savings.
• Strategies for managing complex challenges like cross-application access, elevated permissions, and audit preparation.
• How to integrate continuous monitoring and risk quantification for enhanced visibility and control.

Packed with actionable strategies, this webinar will empower you to move beyond basic IAM practices to a governance model designed for today’s complex IT ecosystems. Secure your spot and take the first step toward optimizing governance maturity for sustainable success.

Raise Your Governance Maturity: Unlock ROI, Mitigate Risk, and Reduce Audit Costs

As cyber threats evolve, organizations must strengthen their defenses with a balanced cybersecurity approach, integrating people, processes, and technology. Yet, finding this balance is often challenging. Some focus on tech investments but lack the skilled personnel, while others have strong teams but lack strategic processes or advanced technology.

Join this interactive panel discussion with experts from Netwrix, Scrut Automation, and KnowBe4, and explore how to build a comprehensive cybersecurity strategy. Participants will:

- Understand how the three pillars—people, processes, and technology—interconnect to form a strong security framework.
- Learn common challenges and strategies to balance these pillars.
- Explore how managed services can enhance cybersecurity.
- Gain actionable insights for developing a well-rounded security program to protect against emerging threats.

Fortifying the 3 Pillars of Cybersecurity: People, Processes, and Technology

In today’s rapidly evolving digital landscape, protecting sensitive data is more challenging than ever. Data Security Posture Management (DSPM) offers organizations a proactive approach to safeguarding data by providing continuous visibility into security risks, vulnerabilities, and compliance gaps across diverse environments. This webinar will dive deep into the core principles of DSPM, exploring how organizations can effectively implement a comprehensive strategy to mitigate risks, maintain compliance, and secure their most valuable data assets.

Attendees will learn best practices for identifying and classifying sensitive data, automating security measures using AI, and continuously monitoring access to critical information. Whether your organization operates on-premises, in the cloud, or in a hybrid setup, this session will offer actionable insights and real-world examples to help you build and maintain a robust data security posture. Attendees will earn 1.5 CPE credits and gain insights on:

- The fundamental components of Data Security Posture Management (DSPM) and its importance in today’s cybersecurity landscape.
- How to identify, classify, and secure sensitive data across on-premises, cloud, and hybrid environments.
- The role of automation, AI, and real-time monitoring in improving data security and mitigating risks.
- Strategies for maintaining compliance with industry regulations and continuously improving your organization's security posture.

Enhancing Cybersecurity with Data Security Posture Management

In today's hyper connected digital landscape, organizations are heavily reliant on third-party partnerships to drive business growth and innovation. However, this dependency comes with significant risks. According to Gartner, breaches involving third parties cost 40% more than internal breaches, highlighting the critical need for robust Third-Party Risk Management (TPRM).

On this webinar we will explore the essentials of developing a cyber resilience strategy that balances trust and risk mitigation with business objectives. By leveraging TPRM, organizations can effectively reduce, share, or transfer risks associated with third-party engagements, securing their operations and maintaining stakeholder confidence. Attendees will gain insights into:

- The impact of third-party breaches on organizational cyber resilience.
- How to conduct comprehensive risk assessments and due diligence for third-party vendors.
- Best practices for onboarding and monitoring third-party relationships, including regulatory compliance.
- The role of technology and automation in strengthening Third-Party Risk Management strategies.

Strengthening Cyber Resilience: Navigating Third-Party Risk Management

In today's data-driven world, many companies struggle with data spread across various systems, leading to inefficiencies, poor data quality, and compliance risks. This session will delve into the role of a unified data repository in overcoming these challenges, offering a comprehensive approach to managing and securing organizational data. We will discuss how consolidating data into a single, well-governed source of truth can empower organizations to make more informed, timely, and compliant decisions.

Join us on this CPE accredited webinar where we will explore how organizations can leverage centralized data repositories to enhance decision-making and ensure regulatory compliance. Learn how data repositories can transform your compliance efforts and drive better business outcomes, including:

- How to centralize and standardize data across your organization for improved data quality and integrity.
- Strategies for enhancing data security and ensuring compliance with industry regulations.
- The role of data repositories in reducing redundancy and promoting data reusability.
- Best practices for implementing data repositories that scale with your organization’s needs.

Driving Compliance Decisions by Using Data Repositories Effectively

**Notice for on-demand viewers**
CPE credit is now available on the self-study program for this webinar at: https://www.itcpeacademy.org/course/meeting-pci-requirements-in-a-cloud-driven-world

The accelerated shift to the cloud as well as new PCI DSS 4.0 requirements coming into effect by March 2025, present several challenges for financial institutions, ecommerce merchants, and others subject to its regulations. And as IT teams have lost control of their digital environments due to an increased reliance on cloud computing and remote work, the process of solving challenges to meet compliance requirements has become more complex. As a result, it is more essential than ever for organizations to find a way to streamline compliance.

Join this conversation to learn about:

• What’s new and what’s driving PCI DSS 4.0
• Challenges of PCI compliance for today's digital world
• Strategies and tools for organizations to address PCI requirements in a scalable and programmable way

A Strategic Approach to Meeting PCI DSS 4.0 Requirements in a Cloud-Driven World

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.