LEADING WITH GRC. Approaching Integrated GRC. Knute Ohman, VP, GRC Program Manager. GRC Summit 2017 All Rights Reserved
|
|
- Lionel Peters
- 5 years ago
- Views:
Transcription
1 LEADING WITH GRC Approaching Integrated GRC Knute Ohman, VP, GRC Program Manager
2 Agenda 1. Organization Overview: Vision, Key Facts and Needs 2. GRC Program Governance, Challenges and Community 3. Implementation Approach 4. GRC Program Project Management 5. Business Value and Realized Benefits 6. Key Learnings and Best Practices 7. Audience Questions and Discussion
3 Organization Overview and Needs Organization s Vision Where possible, eliminate redundant applications with similar functionality to reduce costs Normalize taxonomy across the organization so all business units are speaking the same language Increase report generation efficiency Enhance and streamline processes through standardization and procedural structure Challenges Multiple business units operating independent of each other with individualized reporting terminology, inputs, outputs, etc. Moving from spreadsheets and word documents to a structured workflow format Normalization of meta data and data elements Timelines, resources, administration, application support, training, user adoption the list is long
4 Organization Overview and Needs GRC Needs and Scope TCF needed to develop a GRC program to provide the business with a single source of truth for business units to operate cohesively across the organization Each use case was examined with the implementation goal of replicating the current activities performed, with continued examination post-implementation for expanded use cases Measurable objectives of the GRC program Successful development of centralized organizational structure, libraries, and normalized data elements Successful implementation of specific module with follow-up on operational activities to ensure user adoption and review enhancement opportunities Successful automation of previously manual processes Reduction of report generation timing
5 GRC Program Governance Model and Decision Making among Stakeholders TCF created a GRC Program function to act as system administration, application support, implementation facilitators, future state visionaries, data analytics, and process consultants Centralized change management for all aspects of the application to ensure changes requested by one business unit had little to no impact on other business units utilizing the application Established a cross-functional GRC Working Forum (governing body that meets at least quarterly) and GRC Working Group (SMEs using the application that meets at least monthly) for key configuration decisions, pain points discussion, and sharing of success stories Challenges People Business Unit SME resource constraints, GRC Program availability Processes Introducing structure that did not previously exist Systems Moving business units from established applications and ad hoc, manual processes to a new application
6 Implementation Approach Implemented MetricStream Modules and Libraries: Issues Management Policy and Document Management System Compliance Audit, Scheduling, and Time Sheet Management Operational Risk Management Established Libraries: Risk, Areas of Compliance, Products, Requirements, Functions, Regulatory Bodies Implementation Roadmap: Information Technology Risk Management Vendor Risk Management Compliance/BSA/AML specific risk assessment and information gathering Libraries under development: Controls, Processes, Evidence, Framework Reference, Asset Classes, Assets, Objectives
7 Implementation Approach Implementation Rollout Strategy and Tactics: Project tracking in consolidated spreadsheet reported to management Pre-work prior to engaging the MetricStream implementation team to ensure complete understanding of business use case, data elements, and reporting needs Weekly/Monthly meetings with SMEs to ensure user adoption and discuss future changes to workflow, reporting, info centers, etc. Quarterly GRC Working Forum meetings to ensure corporate support and buy-in as well as governance and approval of changes to strategies, libraries, modules, etc. Monthly GRC Working Group meetings to discuss current pain points and possible modifications to ease user interaction
8 GRC Program Project Management
9 Business Value and Realized Benefits Key Process Improvements and Efficiencies Gained: Issues Management Reduction in monthly report generation timing from 1 weeks to 1-2 hours Issues Management Incorporated monthly report into landing page eliminating the need for external spreadsheet macro Issues Management Automated manual review and approval process creating reportable audit trail and automated notifications Policy Management Created central policy repository for all business unit and support function policies Policy Management Automated policy approval process reducing turnaround time by 60% with reportable audit trail Policy Management Research time reduction from 50+ hours to minutes and eliminated versioning issues Policy Management Developed an integration point between Active Directory and MetricStream for autoprovisioning and end-dating for all TCF employees (all 6,000 + TCF employees have auto-provisioned read access to the PDMS module for Policy review) Operational Risk Management (RCSA) Introduced automated Risk Assessment process to eliminate external spreadsheet format and potential retention and versioning issues
10 Key Learnings and Best Practices Progression over Perfection: You will NEVER be able to implement the perfect GRC solution out of the gate. Start with a defined use case and feature set, knowing you will be able to expand on it in the future. This will significantly reduce scope creep. Define Roles and Responsibilities: Established team(s) responsible for administrative activities and support functions. Assigned resource must be able to allocate the majority of their time to these activities. This must be accounted for in your budget/resource request. Configuration vs. Customization (Code Changes): Stay true to the out-of-the-box solution as much as possible, but acknowledge that some functionality needs to be developed. Explore all configurations and have discussions with the Professional Services and Support teams to exhaust options before requesting development activities. Keep customizations to a minimum and track them fastidiously.
11 Q&A
12 Thank You! Continue the conversation online #GRCSummit
Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan
Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals
More informationMetricStream GRC Summit 2013: Case Study
W E L C O M E MetricStream GRC Summit 2013: Case Study Angela Hoon Principal KPMG LLP Lisa Rawls Director KPMG LLP Supradeep Appikonda Director MetricStream Cutting through Complexity During Your GRC Journey
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationData Governance Quick Start
Service Offering Data Governance Quick Start Congratulations! You ve been named the Data Governance Leader Now What? Benefits Accelerate the initiation of your Data Governance program with an industry
More informationGrowing Communities for Co-Creation : How Employees and Customers/Users Collaborate To Increase Adoption and Retention
Growing Communities for Co-Creation : How Employees and Customers/Users Collaborate To Increase Adoption and Retention https://in.linkedin.com/in/dheerajprasad @dheeraj_prasad Dheeraj Prasad Sr VP Global
More informationIT Audit Process Prof. Liang Yao Week Six IT Audit Planning
Week Six IT Audit Planning IT Audit Planning Process Institute of Internal Audit Standards - Section 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities
More informationBetter together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com
Better together KPMG LLP s GRC Advisory Services for IBM OpenPages implementations kpmg.com KPMG A leader in GRC services KPMG LLP (KPMG) is the U.S. member firm of the KPMG global network of professional
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationCertification vision, content and streamlining of PCI certification process
Certification vision, content and streamlining of PCI certification process Agenda ControlCase Certification Vision Evidence Collection Approach Evidence Collection Templates Evidence Expiration Process
More informationQuality Assurance and IT Risk Management
Quality Assurance and IT Risk Deutsche Bank s QA and Testing Transformation Journey Michael Venditti Head of Enterprise Testing Services, Deutsche Bank IT RISK - REGULATORY GOVERNANCE Major shifts in the
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationPave the way: Build a value driven SAP GRC roadmap March 2015
www.pwc.be/erp Pave the way: Build a value driven SAP GRC roadmap March 2015 Agenda Introduction Measuring GRC Progression & Benchmarking GRC Program Roadmap Building a Business Case 2 Introduction Pave
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationHealthcare Security Success Story
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Healthcare Security Success Story
More informationThe Business Value of including Cybersecurity and Vendor Risk in ERM
The Business Value of including Cybersecurity and Vendor Risk in ERM Yo Delmar, Vice President, Customer Engagement, MetricStream RMA GCOR XI April 4 5, 2017 Hyatt Regency, Cambridge, MA Tuesday 2:30 pm
More informationWhat s a BA to do with Data? Discover and define standard data elements in business terms
What s a BA to do with Data? Discover and define standard data elements in business terms Susan Block, Lead Business Systems Analyst The Vanguard Group Discussion Points Discovering Business Data The Data
More informationImprove Internal Controls with Governance, Risk, and Compliance Solutions
Improve Internal Controls with Governance, Risk, and Compliance Solutions Jay Castleberry Director, Technology Delivery & Maintenance 0 (SCE) Company Overview One of the largest electric utilities in North
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationCompTIA Project+ (2009 Edition) Certification Examination Objectives
CompTIA Project+ (2009 Edition) Certification Examination Objectives DRAFT INTRODUCTION The Project + examination is designed for business professionals involved with projects. This exam will certify that
More informationMaking a Business Case for Electronic Document or Records Management
Making a Business Case for Electronic Document or Records Management Building and maintaining an edms system is a significant investment in both tools and people. It requires on-going care and attention.
More informationOVERVIEW BROCHURE GRC. When you have to be right
OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance
More informationUniversity of Texas Arlington Data Governance Program Charter
University of Texas Arlington Data Governance Program Charter Document Version: 1.0 Version/Published Date: 11/2016 Table of Contents 1 INTRODUCTION... 3 1.1 PURPOSE OF THIS DOCUMENT... 3 1.2 SCOPE...
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationISO9001:2015 LEAD IMPLEMENTER & LEAD AUDITOR
ISO9001:2015 LEAD IMPLEMENTER & LEAD AUDITOR JPCANN ASSOCIATES LTD #58 NSAWAM ROAD, AVENOR JUNCTION, KOKOMLEMLE-ACCRA Office lines: +233 302 242 573 / +233 302 974 302 Mobile: +233 501 335 818 20 www.corptrainghana.com
More informationRSA Advanced Cyber Defence Summit
Lee Edge Head Archer Business UK&I RSA Advanced Cyber Defence Summit London 30-April-2015 1 64% 8% 2014 Gartner CEO and Senior Executive Survey: 'Risk-On' Attitudes Will Accelerate Digital Business. 2
More informationLEADING WITH GRC. Common Controls Framework. Sundar Venkat, Sr. Director Technology Compliance Salesforce
LEADING WITH GRC Common Controls Framework Sundar Venkat, Sr. Director Technology Compliance Salesforce Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995:
More informationThe ProcessGene GRC Suite. Solution Presentation
B u s i n e s s P r o c e s s R e a l i z a t i o n The ProcessGene GRC Suite Solution Presentation Design Processes Supervise Realization Control Changes Enforce Compliance Copyright 2007 About ProcessGene
More informationChapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC
Chapter 8: SDLC Reviews and Audit... 2 8.1 Learning objectives... 2 8.1 Introduction... 2 8.2 Role of IS Auditor in SDLC... 2 8.2.1 IS Auditor as Team member... 2 8.2.2 Mid-project reviews... 3 8.2.3 Post
More informationIntroduction to Automated Controls. Jay Swaminathan Senior Manager, SOAProjects. San Francisco Chapter
Introduction to Automated Controls Jay Swaminathan Senior Manager, SOAProjects Agenda Defining Automated Controls The Value of Automated Controls Common Testing Approaches ITGC considerations The Concept
More informationCOBIT 5 Implementation
COBIT 5 Implementation Fifalde Consulting Inc. +1-613-699-3005 2017 Fifalde Consulting Inc. COBIT is a registered Trade Mark of ISACA and the IT Governance Institute. 2 1. Course Description: Get a practical
More informationBest Practices & Lesson Learned from 100+ ITGRC Implementations
Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview
More informationSaving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust
Saving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust Life before ACL GRC Life before ACL GRC Where do I start? In the beginning Dry erase board Word documents
More informationNow on Now: How ServiceNow has transformed its own GRC processes
Now on Now: How ServiceNow has transformed its own GRC processes Increasing scalability, lowering risk, and slashing costs by $30,000 START 1 Introduction When your business is growing at 0% a year, it
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationAgile Internationalization User Stories
Agile Internationalization User Stories Tex Texin Chief Globalization Architect XenCraft Internationalization and Unicode Conference IUC41 Abstract User stories are the way that Agile Methodology describes
More informationMicrosoft SharePoint Server 2013 Plan, Configure & Manage
Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that
More informationDemystifying GRC. Abstract
White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over
More informationNext Generation Policy & Compliance
Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...
More informationITIL - Lifecycle Service Transition Course
ITIL - Lifecycle Service Transition Course Code: ITSM005CL Certification Exam: ITIL Service Transition Lifecycle Duration: 3 Days Certification Track: N/A Format: Classroom Course Credits: 3 Credits to
More informationCompliance is, in general, the compliance of requirements with appropriate resources.
is, in general, the compliance of requirements with appropriate resources. Definition / content Objectives Activities In the narrow sense: _ with external specifications KWG, WpHG, GWG, financial embargos,
More informationCopyright 2014 Inc. All rights reserved. out2sol.com Division of International survival Company Safety and Risk Management, Ltd.
WHAT WE DO. Out2sol.com provides Technology Solutions & Professional Consultancy services to many Businesses across Middle East. We strive to be IT OUTSOURCING partner for all our Clients. Our Strength
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationOG0-091 Q&As TOGAF 9 Part 1
CertBus.com OG0-091 Q&As TOGAF 9 Part 1 Pass The Open Group OG0-091 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money Back Assurance
More informationDATA STEWARDSHIP BODY OF KNOWLEDGE (DSBOK)
DATA STEWARDSHIP BODY OF KNOWLEDGE (DSBOK) Release 2.2 August 2013. This document was created in collaboration of the leading experts and educators in the field and members of the Certified Data Steward
More informationEmbedding GDPR into the SDLC
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationThe Great TOGAF Scavenger Hunt. Enterprise Architecture Using TOGAF 9 Course Preparation Guide
Enterprise Architecture Using TOGAF 9 Course Preparation Guide 2011 Metaplexity Associates LLC All Rights Reserved Version 2.0 January 2, 2011 The Open Group Certification Mark logo and TOGAF are trademarks,
More informationWhy organizations need MDR system to manage clinical metadata?
PharmaSUG 2018 - Paper SS-17 Why organizations need MDR system to manage clinical metadata? Abhinav Jain, Ephicacy Consulting Group Inc. ABSTRACT In the last decade, CDISC standards undoubtedly have transformed
More informationEmbedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationITIL Service Lifecycle Strategy
ITIL Service Lifecycle Strategy Course Details Course Code: Duration: Notes: ITILSL-Str 5 days This course syllabus should be used to determine whether the course is appropriate for the students, based
More informationDemystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow
Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases Gen Fields Senior Solution Consultant, Federal Government ServiceNow 1 Agenda The Current State of Governance, Risk, and Compliance
More informationAgenda. 1 Intelligent Communications. 2 Considerations. 3 Partner Approach, Tools & Resources. 4 Partner Guidance & Checklist
Microsoft Teams: Agenda 1 Intelligent Communications 2 Considerations 3 Partner Approach, Tools & Resources 4 Partner Guidance & Checklist Microsoft Teams Communicate through chat, meetings & calls Collaborate
More informationfor TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method
Course Syllabus for 3 days Expert led Enterprise Architect hands-on training "An Architect, in the subtlest application of the word, describes one able to engage and arrange all elements of an environment
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More informationCommon approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.
Common approaches to email management Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C. Agenda 1 2 Introduction and Objectives Terms and Definitions 3 Typical
More informationCopyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see
TOGAF 9 Certified Study Guide 4th Edition The Open Group Publications available from Van Haren Publishing The TOGAF Series: The TOGAF Standard, Version 9.2 The TOGAF Standard Version 9.2 A Pocket Guide
More informationSAP: Speeding GRC Control Testing by 90% with SAP Solutions for GRC
2015 SAP SE or an SAP affiliate company. All rights reserved. SAP: Speeding GRC Control Testing by 90% with SAP Solutions for GRC By implementing its solutions for governance, risk, and compliance (GRC),
More informationGDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018
GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into
More informationDEFINITIONS AND REFERENCES
DEFINITIONS AND REFERENCES Definitions: Insider. Cleared contractor personnel with authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks,
More informationDell helps you simplify IT
Dell helps you simplify IT Workshops the first step. Reduce desktop and data center complexity. Improve productivity. Innovate. Dell IT Consulting Services New Edition 2011 Introduction Are you spending
More informationSTEP Data Governance: At a Glance
STEP Data Governance: At a Glance Master data is the heart of business optimization and refers to organizational data, such as product, asset, location, supplier and customer information. Companies today
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationApril 17, Ronald Layne Manager, Data Quality and Data Governance
Ensuring the highest quality data is delivered throughout the university providing valuable information serving individual and organizational need April 17, 2015 Ronald Layne Manager, Data Quality and
More informationAn Industry Definition of Business Architecture
Architecture: State of the Art / State of the Practice ---------------------------- William M. Ulrich Tactical Strategy Group, Inc. www.systemtransformation.com An Industry Definition of Architecture A
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More informationDetermining Best Fit for ITIL Implementation
Determining Best Fit for ITIL Implementation Presentation to the DC SPIN October 4, 2006 www.davidconsultinggroup.com Agenda Introduction to ITIL Preparing for ITIL Best Fit Analysis Relationship of ITIL
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationCOMPLIANCE BRIEF: HOW VARONIS HELPS WITH PCI DSS 3.1
COMPLIANCE BRIEF: HOW VARONIS HELPS WITH OVERVIEW The Payment Card Industry Data Security Standard (PCI-DSS) 3.1 is a set of regulations that govern how firms that process credit card and other similar
More informationRFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template
RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline
More informationITG. Information Security Management System Manual
ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationEU Code of Conduct on Data Centre Energy Efficiency
EUROPEAN COMMISSION DIRECTORATE-GENERAL JRC JOINT RESEARCH CENTRE Institute for Energy Renew able and Energy Efficiency Unit EU Code of Conduct on Data Centre Energy Efficiency Introductory guide for all
More informationISO Professional Services Guide to Implementation and Certification AND
ISO 27001 Professional Services Guide to Implementation and Certification AND 1 DEKRA Company Overview Founded in Stuttgart, Germany in 1925 In more than 50 countries around the world GLOBAL PARTNER FOR
More informationCompetency Definition
Adult Children's Outreach Technical Teen Acquisition Adaptability The ability to effectively process library material orders; knowledge of vendor software, processes, products, and updates x x The ability
More informationPMP Exam Prep Training - 5 Days
PMP Exam Prep Training - 5 Days PMP31 Preparing for the PMP Exam 5 day Workshop Course ID: PMP31 Credits: 35 PDUs Course Duration: 5 days Course Level: Intermediate/Advanced (Based on the PMBOK Guide,
More informationSurvey Report Industry Survey. Data Governance, Technology & Analytics Trends Q1 2014
2018 Industry Survey Survey Report Q1 2014 Data Governance, Technology & Analytics Trends September 2018 About IDMA What we do The IDMA provides a forum for professionals engaged in enterprise data governance
More informationSAP security solutions Is your business protected?
www.pwc.com SAP security solutions Is your business protected? SAP security overview Background SAP Security is becoming more difficult to control due to a constantly evolving compliance landscape and
More informationACL Strategy Module. Technology Innovator in Strategy Management SOLUTIONPERSPECTIVE INNOVATOR. March 2018
March 2018 ACL Strategy Module Technology Innovator in Strategy Management INNOVATOR 2017 SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2018 GRC 20/20 Research, LLC. All Rights Reserved.
More informationOutstanding issues in Solvency II data management requirements
Outstanding issues in Solvency II data management requirements Dean Buckner 16 May 2013 Agenda Regulatory update Data review update Work in progress Thoughts on Data management framework Data directory
More informationOracle Buys Automated Applications Controls Leader LogicalApps
Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracle s Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is
More informationEXIN BCS SIAM Foundation. Sample Exam. Edition
EXIN BCS SIAM Foundation Sample Exam Edition 201704 Copyright EXIN Holding B.V. and BCS, 2017. All rights reserved. EXIN is a registered trademark. SIAM is a registered trademark. ITIL is a registered
More informationTowards an integrated regulation platform in Luxembourg. Information Security Education Day th of april
Towards an integrated regulation platform in Luxembourg Information Security Education Day 2017-28 th of april Context A complex and inter-connected digital ecosystem contributing to all sectors A set
More informationUsing ITIL to Measure Your BCP
Using ITIL to Measure Your BCP 1 Agenda ITIL v3 Overview Why Use ITIL ITIL Continual Improvement Process Critical Success Factors and Key Performance Indicators Creating Metrics Scoring System Sample BCP
More informationTHE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD
OVERVIEW Accenture is in the process of transforming itself into a digital-first enterprise. Today, Accenture is 80 percent in a public cloud. As the journey continues, Accenture shares its key learnings
More informationSOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling
More informationData Governance. Mark Plessinger / Julie Evans December /7/2017
Data Governance Mark Plessinger / Julie Evans December 2017 12/7/2017 Agenda Introductions (15) Background (30) Definitions Fundamentals Roadmap (15) Break (15) Framework (60) Foundation Disciplines Engagements
More informationThe Fine Art of Creating A Transformational Cyber Security Strategy
SESSION ID: CXO-R11 The Fine Art of Creating A Transformational Cyber Security Strategy Jinan Budge Principal Security & Risk Analyst Forrester Research Andrew Rose Chief Security Officer Vocalink, A Mastercard
More informationACL Interpretive Visual Remediation
January 2016 ACL Interpretive Visual Remediation Innovation in Internal Control Management SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2015 GRC 20/20 Research, LLC. All Rights
More informationSOC Reporting / SSAE 18 Update July, 2017
SOC Reporting / SSAE 18 Update July, 2017 Agenda SOC Refresher Overview of SSAE 18 Changes to SOC 1 Changes to SOC 2 Quiz / Questions Various Types of SOC Reports SOC for Service Organizations (http://www.aicpa.org/soc4so)
More informationAdvanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours
Advanced Solutions of Microsoft SharePoint Server 2013 Course 20332 36 Contact Hours Course Overview This course examines how to plan, configure, and manage a Microsoft SharePoint Server 2013 environment.
More information11/14/2018. Istanbul Governance, risk, and compliance (GRC)
11/14/2018 Governance, risk, and compliance (GRC) Contents Contents... 4 Policy and Compliance Management...5 Activate Policy and Compliance Management... 6 Dependency modeling and mapping...13 Compliance...
More informationAdvanced Solutions of Microsoft SharePoint 2013
Course 20332A :Advanced Solutions of Microsoft SharePoint 2013 Page 1 of 9 Advanced Solutions of Microsoft SharePoint 2013 Course 20332A: 4 days; Instructor-Led About the Course This four-day course examines
More informationTraining and Certification. Guide to Learning and Certification Paths
Training and Certification Guide to Learning and Certification Paths Home Contents Back Next Table of Contents ServiceNow Fundamentals Implementer Developer Fulfiller Training 3 Get Certified Become Indispensable
More informationData Quality in the MDM Ecosystem
Solution Guide Data Quality in the MDM Ecosystem What is MDM? The premise of Master Data Management (MDM) is to create, maintain, and deliver the most complete and comprehensive view possible from disparate
More information