On-Demand Webcast|1 hour

CISO Insights: Navigating the GRC Landscape

Sponsored by:

Watch Now

By clicking the Register button below, you agree to SC Media Terms of Use and Privacy Policy.

A robust GRC program fosters the ability to manage key risks and protect sensitive data, aligning security initiatives with organizational objectives; and ultimately allows the CISO to establish trust and confidence with key stakeholders. However, the constantly evolving regulatory landscape is resource intensive to manage and requires striking a delicate balance of security controls that won’t stifle productivity or innovation. In this panel discussion, CISOs from diverse industries share insights on:

  • Determining and implementing appropriate policies and security controls
  • Addressing challenges to integrate GRC practices into organizational operations
  • Securing adequate resources to implement and maintain a GRC program

    • Event Speakers

    Steven Fox
    Director, Information Security & Regulatory Compliance at Educational Testing Service

    Steven Fox directs the GRC strategy for Educational Testing Services, the world’s largest private educational testing and assessment organization. He brings a cross-disciplinary, international perspective to the practice of information security; combining his experience as a Deputy CISO, security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges.

    Shannon Culp
    Global Director, Security Governance & Awareness at ADM

    I have over 30 (1994) years of Business Continuity and Information Security and Risk Management experience. I have been in an Information Security Officer (CISO) role for several large organizations. I have consulting experience and Management in “Big 4″​ environment as well as large private industry management experience. I have designed general computer controls for SOX and defined a PCI program for level 2 Merchant. I have performed computer forensics for many large and high profile cases. I have helped lead the development of E&Y’s Security Architecture Methodology. I have developed Governance Programs, Identity and Access Management Programs, Risk Management Programs and Vulnerability Management Programs.

    I currently volunteer for the American Red Cross BEPA (Business Emergency Planning Association). I previously held the President/Chair Person Position for the Strategic Advisory Board for three years through the program inception. As of June 2006, I remain a board member. I participate in a CSO Roundtable in Cincinnati, and previously held Program Director position for ISSA. I am a member of ISSA, Homeland Security, CSI, Cincinnati Infragard and FBI Citizens Academy Alumni. I am also Vice President on the board for the FBI Citizens Academy Alumni Association of Cincinnati. I am Co-Director for GetWITit for Conference and Events. I am a member of the Site Based Decision Making Council at my child’s high school, an officer in the Band Boosters and assist in coaching Jr. High Volleyball.

    Experience includes all aspects of Information Security. Successfully built an Information Security Program for TriHealth. Successfully led TriHealth Inc. PCI remediation and submitted compliant SAQ (Self Assessment Questionnaire). Successfully led TriHealth Security build for Epic. Successfully implemented a risk management and oversight program, including a Security Council consisting of senior leadership for TriHealth for security oversight. This is one of the best attended and high participatory level for senior leadership at TriHealth, Inc.

    Specialties: Information Security, Risk Management, Governance and Compliance, Security Program and Strategy, Security Awareness, NIST, ISO 27001 and 27002 Controls, PCI, SOX, Incident Response and Computer Forensics programs.

    Dale Hoak
    Director of Information Security at RegScale

    Dale is a seasoned cybersecurity and technical operations leader with a distinguished career in the U.S. Navy, where he designed secure, mission-critical systems.  Currently the Director of Information Security at RegScale, Dale built RegScale’s security program from the ground up, enhancing compliance, risk management, and operational effectiveness.  Recognized for his excellence in building Security Operations Centers and Threat Intelligence programs, Dale’s tactical leadership has led to significant achievements, including disaster recovery and business continuity planning for the DoD, rapid deployment of communication packages for Navy Seal Teams, and the creation of training programs for system administrators.  His hands-on approach and commitment to efficiency have made regulatory compliance faster and more accessible.

    Dustin Sachs
    Chief Technologist and Sr. Director of Programs at CyberRisk Collaborative

    Dr. Dustin Sachs is the Chief Technologist and Sr. Director of Programs at CyberRisk Collaborative.  He is a highly accomplished cybersecurity professional with a proven track record in risk management, compliance, incident response, and threat mitigation.  He is CISSP-certified and holds a Doctor of Computer Science (DCS) degree in Cybersecurity and Information Assurance.  Dr. Sachs has worked in various industries, including public utilities, food distribution, and oil and gas.  He is a respected thought leader in the cybersecurity community.