Key objectives of a governance, risk, and compliance program (GRC) are to ensure that the cybersecurity program has appropriate oversight, identifies and addresses cyber risks, and complies with all applicable laws and regulations. GRC functions shape cybersecurity program components and its principal functions to reduce risk and meet all compliance obligations.
During this month of CISO Stories, practitioners will share their experiences and challenges with implementing a GRC framework, including developing appropriate policies and controls, establishing oversight organizations, integrating cybersecurity risk management with Enterprise Risk Management objectives and methodologies, identifying and complying with laws and regulations, and using GRC software tools for managing all aspects of the GRC framework.
Practitioners will also connect the dots on how an effective GRC framework can help to continuously improve identity, application, cloud and network security, anti-ransomware efforts, zero trust, email security, threat intelligence, AI and third-party risk management.
Rohit Tandon is the VP of IT Operations and Chief Information Security Officer at Essentia Health. He has 20 years of industry experience in both the public and private sector. Rohit was the State Chief Information Security Officer at the State of Minnesota and is currently appointed as a Private Sector Member on the Minnesota Cybersecurity Taskforce to develop a statewide cybersecurity plan to protect Minnesotans. He has worked for Mayo Clinic as a technology leader on Electronic Health Records systems, and championed medical device cybersecurity upstream with manufacturers. In his career, Rohit has elevated enterprise-wide cybersecurity and technology infrastructure programs by aligning vision and managing resources in complex environments. By embracing a lifelong learning mindset, he coaches senior executives in a variety of industries to maximize their leadership potential and is an adjunct professor at Metropolitan State University where he cultivates curiosity.
Melissa Ewing is a Technology Risk Management and Data Security professional at Constellation Brands Inc., where she is building and implementing a defensible unified cybersecurity control framework to enhance cybersecurity maturity with a risk-based approach. With a strong background from roles at in the financial sector and the DoD, Melissa has extensive experience in risk assessment, compliance, and optimizing cybersecurity controls. She also served in the United States Air Force, managing information assurance and risk management functions.
Parham Eftekhari is a business executive specializing in cyber and national security. He currently serves as Executive Vice President, CISO Communities at CyberRisk Alliance, leading its CISO services platform which consists of the Cybersecurity Collaborative and Cybersecurity Collaboration Forum. Parham also serves as the chairman of the Institute for Critical Infrastructure Technology (ICIT), the nation’s leading cybersecurity think tank, which he founded in 2014. Other leadership roles during his more than 15 years in this sector include co-founder and Vice President of research at the Government Technology Research Alliance, founder of the world’s first webcam cover manufacturer CamPatch, and Advisory Board member at the Ready Rock Institute. Parham has developed and authored multiple research publications, regularly engages with the media, and has addressed forums ranging from Congress, TED, RSA, and C-SPAN. In 2017, Parham was recognized by (ISC)2 for his contributions to the field of cybersecurity with the Most Valuable Industry Partner – Government Information Security Leadership Award.
Dr. Dustin Sachs is the Chief Technologist and Sr. Director of Programs at CyberRisk Collaborative. He is a highly accomplished cybersecurity professional with a proven track record in risk management, compliance, incident response, and threat mitigation. He is CISSP-certified and holds a Doctor of Computer Science (DCS) degree in Cybersecurity and Information Assurance. Dr. Sachs has worked in various industries, including public utilities, food distribution, and oil and gas. He is a respected thought leader in the cybersecurity community.