Governance Risk and Compliance (GRC) is often seen as a real pain, including for cyber security. However, it is a good opportunity for IT security and Audit to re-enforce the message and gain new allies. To be effective we need to challenge some of the ideas that our stakeholders may have about us -by being less bureaucratic with a better can-do attitude. Seen as an enabler to digital growth rather than a blocker. We will then be a real mitigation to prevent the likelihood of cyber-attacks and their impacts.
This light-hearted 30 minutes session (suitable for after lunch) considers our professional behaviours, including a look back over the last 50 years to consider what has changed and what still needs to change in the way we manage our activities. Looking at the fundamentals and ensuring they are still fundamental. Do we want to be considered as cyber-wimps? –back room bureaucrats who always say no and stick rigidly to policies or procedures? Or cyber warriors? – bold and challenging, at the forefront of defending our organisations from cyber-attack, with innovative suggestions as to how business can take opportunities whilst not over increasing the risk and impact of attack.
An accountant, Certified Information Systems Auditor and Certified ScrumMaster™, Chris has over 35 years’ experience of providing IT security advisory and audit / risk management services. He worked for 16 years at KPMG where he managed several major IS audit and risk assignments, including reviews of project risks and business controls. He was head of information risk training in the UK and ran training courses overseas, including India and throughout mainland Europe. He has worked in a wide range of industry sectors, including oil and gas, public sector, aviation and travel. These assignments included cyber, GRC implementation and audit, and the implementation of cyber based projects.
For the past twelve years he has been an independent consultant specialising in financial, SOX and operational controls for major ERP implementations. Chris recently implemented a GRC system for cyber at a major customer services organisation. He is an international speaker and trainer on agile audit and governance issues, and has published four books, with a 5th about Cyber GRC due out before Christmas