Agenda
09:05
International keynote address: Racing regulation: Mastering GRC in the age of unstoppable innovation
Ross G Saunders, Advisor, Consultant, Speaker
In today's hyper-accelerated business environment, technology evolves faster than the rules meant to govern it. From AI tools appearing overnight in every department to constantly shifting regulatory landscapes across regions, GRC professionals face an unprecedented challenge: how do you manage compliance when the goalposts never stop moving? This session explores practical strategies for building governance frameworks that can flex with technological disruption while maintaining compliance across diverse jurisdictions.
Key takeaways:
- Identifying and managing shadow IT and unauthorized implementations
- Rapid risk assessment of emerging technologies
- Methods for creating living policies for frequent change
- Multi-jurisdiction compliance techniques
09:40
Keynote address: What does leadership accountability mean in ethical and sustainable governance, and how can it be embedded into organisational DNA
Tumi Dlamini, Chief Executive Officer, Organisation for Global Africa Cooperation
10:30
Keynote address - Cloud security: The key to your kingdom
Dayle Wheeler, Managing Director, SmartCrypto
In this talk, we delve into the critical aspects of cloud security, specifically focusing on encryption keys and certificates. As organisations increasingly adopt cloud services for their computing needs, understanding how to manage and secure these elements becomes paramount. This presentation will explore the challenges associated with cloud-managed keys, the limitations of certificate services lacking a chain of trust, and the benefits of implementing a centralized Public Key Infrastructure (PKI) for enhanced security in hybrid cloud environments.
Dayle will, among other issues, address the following:
Cloud-managed keys and the loss of control
Certificate services and the absence of a chain of trust
Hybrid cloud challenges
Implementing a centralized PKI
How does quantum affect my cloud security strategy
11:00
Audit agility in action
Ureka Rangasamy, Chief Audit Executive, Eskom
Agile auditing transforms governance from a compliance exercise into a strategic asset. By delivering faster insights, adaptive assurance, and transparent oversight, it gives organisations a governance edge that strengthens competitiveness in a fast-changing world.
Ureka will provide insight and real-world examples of audit agility in practice in a complex organisation.11:30
Keynote address: Proactive governance for a new regulatory era
Tshiamo Maluleka - Disemelo, CEO, Independent Communications Authority of South Africa (ICASA)
13:00
Strengthening oversight in distributed environments in order to effectively deal with third-party and supply chain related risks
Rashid Ishmail, Head of Cybersecurity Strategist & Execution, Liberty Group Limited
As organisations embrace distributed environments, cloud-first architectures, remote workforces, and global supply chains their cyber and information risk exposure grows exponentially. Traditional oversight models often fall short in managing the complexity and velocity of threats emerging from third-party relationships and supply chain interdependencies.
Rashid will explore how to strengthen oversight mechanisms to effectively identify, assess, and mitigate cyber and information risks in distributed ecosystems. The talk will highlight the convergence of governance, technology, and threat intelligence in building resilient oversight frameworks.13:30
How dynamic risk registers are changing the way organisations manage risk today?
Mbulelo Sochifa, Head of information technology operations, Glacier by Sanlam
Risk management cannot be reduced to the maintenance of a register. Too often, risk registers become static, compliance-driven document useful for audits but detached from daily decision-making. In today’s fast-changing environment of digital transformation, regulatory shifts, and complex cyber threats, what organisations truly need is a risk-aware culture, one where business and IT leaders actively engage with risks, own them, and use them to guide strategic choices. This session will explore how dynamic risk registers can serve as catalysts for such a culture. Drawing on COBIT’s governance principles, ITIL’s continual improvement practices, and emerging academic research, we will examine how organisations can shift from risk registers as reporting tools to living frameworks that embed risk into the organisational DNA. Attendees will gain insights into: |
|
14:00
How Zero Trust Security Models Reshape GRC Policies Around Access, Identity, and Data Protection.
Dr. Xolile Sibande, Senior Manager: Information and Cyber Security, Auditor General of South Africa
13:00
Shadow IT, real threats: Strengthening cybersecurity through smarter governance
Ethel Luvhimba, Service Delivery Manager, Attacq
In today’s cloud-native enterprise environments, the proliferation of Shadow IT (unvetted applications and services deployed outside sanctioned IT governance) represents a latent yet critical cybersecurity vulnerability. The session will examine how organizations can transition from reactive containment strategies to proactive, policy-driven governance frameworks that align with business objectives. Attendees will gain insights into leveraging AI-enhanced telemetry for comprehensive visibility, implementing risk-aware access controls, and cultivating a security-first mindset across the workforce, all while preserving operational agility and innovation. |
|
13:30
The impact of integrating ESG and digital ethics into governance frameworks.
Megaree Naraidoo, Group CIO, Efficient Group
14:00
The forgotten link: Aligning cybersecurity and GRC to protect digital trust
August Bhila, head: IT & software development, Sports Science Institute of South Africa (SSISA)
14:50
Panel Discussion: Why building a risk-resilient workforce culture is critical for operational integrity?
Galeboe Mogotsi, Vice-President, CSA SA | CISO, WITS
Monwabisi Kula, Chief Risk Officer, AfroCentric Group
Elizabeth Taruvinga, Manager Internal Audit, Tharisa Minerals
Kgaogelo Mangwale, Executive:Specialised Audits ( IT, Performane and Forensic Audits), South African Revenue Service
15:30
Closing keynote address: One framework to rule them all: Mastering POPIA, GDPR, and global privacy through intelligent integration
Adv. Carien van Dijk, Chief Information Security Officer, Deus X Pay
Managing POPIA, GDPR, CCPA, and emerging frameworks separately is organizational suicide. Drawing from experience managing compliance across South Africa, EU, USA, and Asia, the speaker will demonstrate how integrated compliance architecture and AI-powered GAP analysis can turn regulatory chaos into competitive advantage. This presentation will explore how compliance integration isn't about finding the highest common denominator, but how it's about building flexible architecture that adapts to local requirements while maintaining global consistency. |
