Topic: Governance, Risk, and Compliance

Seminar Topics

[1 CPE] Achieving and Maintaining Compliance: A How to Guide

  Presented by Rob Wayt, Director, Governance, Risk, Compliance • Structured

Governance, Risk, and Compliance (GRC) frameworks are essential for organizations seeking to align business operations with regulatory expectations, mitigate risk, and demonstrate accountability. Yet, many enterprises struggle with fragmented processes, overlapping requirements, and the constant evolution of regulatory landscapes. This presentation explores the common challenges organizations face in meeting compliance obligations, including resource constraints, unclear ownership, and the difficulty of sustaining ongoing compliance rather than treating it as a one-time exercise. Attendees will gain insight into practical, repeatable steps for addressing audit findings, closing gaps, and building a culture of compliance that is both resilient and adaptable. By leveraging structured risk assessments, continuous monitoring, and cross-functional collaboration, organizations can move beyond reactive firefighting and achieve a proactive, sustainable GRC posture.

[1 CPE] Beyond the Checkbox: Building Security Beyond Compliance Frameworks

  Presented by Matthew Ziegler, Director of Advisory and Success, MBA, CISSP, CISA  • Novacoast

Too often, organizations see governance and compliance as a means to an end: passing an audit, gaining a certification, or filing a report. Really, these are just the start of the Information Security journey. In this session, we’ll explore how leaders can move beyond “checkbox compliance” by aligning governance with real-world risk, embedding security into culture, and using frameworks like PCI DSS, ISO 27001, NIST CSF 2.0, and CMMC as foundations for continuous improvement rather than static achievements. Drawing from real-world experience leading global SOCs, audits, and board-level risk programs, I’ll share strategies for changing direction from compliance-driven to resilience-focused, and how to communicate these strategies to executives, regulators, and staff.