The CISO Stories Podcast Subscribe

Vulnerability Management, Governance, Risk and Compliance, Risk Identification/Classification/Mitigation

Deep Dive in GRC: Know Your Sources – Jonathan Ruf – CSP #182

July 9, 2024

As organizations grow, there comes a time when managing by excel spreadsheets is not longer feasible and accurate data sources, regulations, and risk need to be accurately reflected within Governance, Risk and Compliance (GRC) tools. Reporting to the board must be based upon accurate information. Join us as we discuss the important aspects of forming a GRC program.

Segment Resources:

Webcast: https://www.scworld.com/cybercast/the-regulatory-landscape-in-2030-what-you-need-to-know

Podcast (Enterprise Security Weekly): https://www.scworld.com/podcast-segment/11416-the-rise-of-regops-the-need-for-compliance-automation-travis-howerton-esw-313

News/interview: https://www.scworld.com/news/generative-ai-not-just-revolutionary-but-evolutionary

This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them!

Sponsored By

RegScale

Full episode and show notes

Guest

FVP - Head of Cyber and Information Risk Management at Apple Bank

Jonathan Ruf is a seasoned Cybersecurity Executive with over two decades of experience in the Financial Services industry. As a leader in the field, he has a proven track record of developing and implementing robust cybersecurity GRC strategies to safeguard organizations against evolving cyber threats. Jonathan’s expertise extends across various domains, including information protection, privacy, contract negotiation and review, incident response, and compliance.

In his current role as the Head of Cyber and Information Risk at Apple Bank, Jonathan is responsible for overseeing the organization’s cybersecurity risk posture. Regularly reporting to the Board, Jonathan provides comprehensive updates on the current threat landscape, potential vulnerabilities, and the effectiveness of existing cybersecurity measures. Jonathan’s ability to articulate complex technical concepts in a clear and concise manner enables the Board and executive senior management to make informed decisions regarding cybersecurity investments and risk mitigation strategies.

Jonathan’s technical knowledge and policy implementation is a cornerstone of his success. With a background in computer science and extensive hands-on experience, he possesses a deep understanding of cutting-edge cybersecurity technologies and methodologies. His proficiency extends to areas such as Information Security policy writing, defining procedure, and creating security standards. This technical acumen allows Jonathan to collaborate effectively with the organization’s IT teams, ensuring that security measures are seamlessly integrated into all facets of the business.

Related

Vulnerability Management

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and… – SWN #432

November 19, 2024

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News.

Industry Regulations

Similarities Between SOX And SEC’s Cyber Rule – Padraic O’Reilly – BSW #373

November 18, 2024

The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new...

Vulnerability Management

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More… – SWN #431

November 15, 2024

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More, on this edition of the Security Weekly News.