ISACA Chicago Chapter Monthly Meeting

Events

About

Topic: Privacy by Design meets GRC by Default and Redefining Trust

Check-In: 2:30 PM

We are pleased to introduce our panel: Stas Bojoukha, Daniel Tangney, Arpine Long, and Carlos Guerrero.

First Session @ 3:00 PM

Title: Privacy By Design Meets GRC By Default

Key Takeaways:

• How can privacy risk translate to GRC and security risk
• How ISO 27001 and SOC 2 can be leveraged to embed privacy controls
• Actionable methods to build GRC by default and Privacy by Design practices in your organization

We are pleased to introduce our first guest speaker, Jai Chandarana, Security Compliance Program Manager at Dropbox. 

Jai is a GRC leader with 12+ years of experience in building and scaling risk and compliance programs at companies like Dropbox, Okta, and Zoom. He specializes in frameworks including NIST 800-53, ISO 27001, SOC 1 & 2, and HIPAA, with expertise in cloud security and aligning security programs to business goals.

___________________________________________________

Second Session @ 4:00 PM 

Title: Redefining Trust: Why Checking the Box Isn’t Good Enough Anymore

The era of treating compliance as a one-time checkbox exercise is over. This panel brings together cybersecurity and GRC leaders to explore why organizations with clean audit reports still experience breaches, and how to transform compliance from an annual event into a strategic trust-building discipline. We’ll tackle the hidden costs of bargain-basement compliance, the challenge of tool sprawl undermining security effectiveness, and how GRC leaders are elevating their role from administrative gatekeepers to board-level strategic advisors. Through candid discussion and real-world examples, panelists will reveal what separates organizations that are merely “compliant” from those that are genuinely trustworthy.

Key Takeaways:

Your Monday morning action plan – Concrete first steps to start bridging the gap between compliance theater and strategic security in your organization.

Integrating traditional audits with continuous monitoring – How leading organizations combine the rigor of point-in-time assessments with ongoing verification to create a comprehensive trust narrative throughout the year.

The true cost of tool sprawl – How fragmented security stacks create blind spots and erode analyst trust, plus guidance on strategic consolidation

Translating technical risk into business impact – Communication frameworks that help GRC leaders speak the language of boards and executives

Building trust through transparency – How leading organizations communicate their security posture to customers, investors, and partners in ways that build confidence