InfoSec practitioners are tasked with defining control implementation statements, conducting assessments and requesting evidence for a myriad of evolving systems and applications, burdening security teams and developers. Regulatory examinations and external IT Audit teams discover control gaps, resulting in audit findings that make their way to the Board. How can organizations effectively bridge the divide between security and compliance? Using real world use cases, we'll explore how you can apply the principles of DevOps to Governance, Risk and Compliance and employ Regulatory Operations (RegOps) to reduce audit prep times, leveraging automation to bring evidence to practitioners in near-real time, allowing your GRC to work for you as opposed to you working for your GRC.
Learning Objectives:
Identify key Regulatory Operations (RegOps) principles and how you can uplevel your career
Describe how a manual 300-hour task can be streamlined to 25 hours with RegOps.
Demonstrate how a RegOps GRC pipeline can automate evidence collection
