GRC - The Swiss Army Knife

Presented at Diana Initiative 2022, Aug. 11, 2022, noon (60 minutes).

Governance, Risk, and Compliance is a necessary function of any organization. Unfortunately, GRC can often be seen as a blocker. Often stopping work due to not meeting compliance standards, risks, or other critical items. When established correctly, GRC can actually be an enabler for the organization. Removing roadblocks, letting the organization move faster. The reference to the Swiss Army Knife can demonstrate the functionality GRC can bring to any organization… enabler, liaison, confidant, advocate, communicator, trainer, and many more. This topic will take a look at turning your GRC program into a Swiss Army Knife. Reduction in frustration when working with GRC, removing roadblocks, communication ahead of issues all in the pursuit of a guardrails approach to security and compliance. Ultimately allowing the business to work faster, while staying within the parameters of what we expect in Governance, Risk, and Compliance. Talk is non-industry, regulation specific and can be applied generically towards any GRC program. Takeaways will enable you to apply these concepts at your organization, not just for GRC but any team looking to improve overall functionality.

Presenters:

  • Rose Songer - Spring Health
    Rose is a Sr. Manager of IT Compliance with Spring Health. Within her role, she develops and matures the overall IT Compliance department for Spring Health. She oversees all Governance, Risk, and Compliance activities. Prior to her role at Spring Health, she worked as consultant for multiple years helping her clients develop, mature, streamline their own programs, as well as achieve security certifications such as ISO 27001, HITRUST, SOC2. Rose has a diverse IT and Security background spanning over 15 years in network security/administration, enterprise third-party risk management, governance, and security awareness. She has a master’s degree in Cybersecurity and Information Assurance, as well as a bachelor’s degree in Advanced Networking and CISSP. Rose likes to contribute to the information security community by speaking at conferences on different GRC subjects, such as: third-party risk, security programs, security awareness, and ISO 27001:2013 implementation. Rose is also a mentor with Women in Cybersecurity where she mentors women on developing their professional skills and has established a Diversity in Tech Group at her organization.

Links:

Similar Presentations: