Agenda
09:05
International keynote address: Racing regulation: Mastering GRC in the age of unstoppable innovation
Ross G Saunders, Advisor, Consultant, Speaker
In today's hyper-accelerated business environment, technology evolves faster than the rules meant to govern it. From AI tools appearing overnight in every department to constantly shifting regulatory landscapes across regions, GRC professionals face an unprecedented challenge: how do you manage compliance when the goalposts never stop moving? This session explores practical strategies for building governance frameworks that can flex with technological disruption while maintaining compliance across diverse jurisdictions.
Key takeaways:
- Identifying and managing shadow IT and unauthorized implementations
- Rapid risk assessment of emerging technologies
- Methods for creating living policies for frequent change
- Multi-jurisdiction compliance techniques
09:40
Keynote address: What does leadership accountability mean in ethical and sustainable governance, and how can it be embedded into organisational DNA
Tumi Dlamini, Chief Executive Officer, Organisation for Global Africa Cooperation
10:30
Keynote address - Cloud security: The key to your kingdom
Dayle Wheeler, Managing Director, SmartCrypto
In this talk, we delve into the critical aspects of cloud security, specifically focusing on encryption keys and certificates. As organisations increasingly adopt cloud services for their computing needs, understanding how to manage and secure these elements becomes paramount. This presentation will explore the challenges associated with cloud-managed keys, the limitations of certificate services lacking a chain of trust, and the benefits of implementing a centralized Public Key Infrastructure (PKI) for enhanced security in hybrid cloud environments.
Dayle will, among other issues, address the following:
Cloud-managed keys and the loss of control
Certificate services and the absence of a chain of trust
Hybrid cloud challenges
Implementing a centralized PKI
How does quantum affect my cloud security strategy
11:00
Audit agility in action
Ureka Rangasamy, Chief Audit Executive, Eskom
Agile auditing transforms governance from a compliance exercise into a strategic asset. By delivering faster insights, adaptive assurance, and transparent oversight, it gives organisations a governance edge that strengthens competitiveness in a fast-changing world.
Ureka will provide insight and real-world examples of audit agility in practice in a complex organisation.11:30
Keynote address: Proactive governance for a new regulatory era
Tshiamo Maluleka - Disemelo, CEO, Independent Communications Authority of South Africa (ICASA)
As regulatory landscapes evolve to keep pace with digital transformation, AI adoption, and rising cybersecurity risks, organisations can no longer rely on reactive compliance. This keynote address explores what it means to adopt a proactive governance approach, one that anticipates regulatory changes, embeds ethical oversight, and aligns governance with innovation. Attendees will gain insights into future-ready frameworks that strengthen resilience, trust, and strategic agility in a new regulatory era. |
|
12:55
Chairperson’s welcome – Nerushka Bowan, Founder, LITT Institute
Nerushka Bowan, Founder, LITT Institute
13:00
Strengthening oversight in distributed environments in order to effectively deal with third-party and supply chain related risks
Rashid Ishmail, CISO, Access Bank
As organisations embrace distributed environments, cloud-first architectures, remote workforces, and global supply chains their cyber and information risk exposure grows exponentially. Traditional oversight models often fall short in managing the complexity and velocity of threats emerging from third-party relationships and supply chain interdependencies.
Rashid will explore how to strengthen oversight mechanisms to effectively identify, assess, and mitigate cyber and information risks in distributed ecosystems. The talk will highlight the convergence of governance, technology, and threat intelligence in building resilient oversight frameworks.13:25
How dynamic risk registers are changing the way organisations manage risk today?
Mbulelo Sochifa, Head of information technology operations, Glacier by Sanlam
13:50
How Zero Trust security models reshape GRC policies around access, identity, and data protection.
Dr. Xolile Sibande, Senior Manager: Information and Cyber Security, Auditor General of South Africa
As digital ecosystems expand, traditional perimeter-based security models are no longer sufficient to safeguard sensitive data or ensure compliance. This session explores how Zero Trust Security is transforming Governance, Risk, and Compliance (GRC) policies. Attendees will learn how Zero Trust frameworks strengthen identity governance, enhance data protection, and align security controls with evolving regulatory expectations, creating a more resilient and compliant digital enterprise. |
|
14:35
Shadow IT, real threats: Strengthening cybersecurity through smarter governance
Ethel Luvhimba, Service Delivery Manager, Attacq
In today’s cloud-native enterprise environments, the proliferation of Shadow IT (unvetted applications and services deployed outside sanctioned IT governance) represents a latent yet critical cybersecurity vulnerability. The session will examine how organisations can transition from reactive containment strategies to proactive, policy-driven governance frameworks that align with business objectives. Attendees will gain insights into leveraging AI-enhanced telemetry for comprehensive visibility, implementing risk-aware access controls, and cultivating a security-first mindset across the workforce, all while preserving operational agility and innovation. |
|
15:00
The forgotten link: Aligning cybersecurity and GRC to protect digital trust
August Bhila, Founder & Chief Executive, CYBAUG
15:25
Panel Discussion: Governing Artificial Intelligence and using Artificial Intelligence to govern
Galeboe Mogotsi, Vice-President, CSA SA | CISO, WITS
Kgaogelo Mangwale, Executive:Specialised Audits ( IT, Performane and Forensic Audits), South African Revenue Service
Sandika Daya, senior manager: IT governance, risk and compliance, Multichoice
Monwabisi Kula, Chief Risk Officer, AfroCentric Group
Megaree Naraidoo, Group CIO, Efficient Group
As artificial intelligence reshapes how organisations operate, make decisions, and manage risk, GRC leaders face a dual challenge of governing AI responsibly while also leveraging AI to strengthen governance, risk, and compliance. This discussion brings together enterprise GRC leaders to explore how South African organisations can create governance frameworks that enable innovation without sacrificing accountability. It will unpack how AI is being used to automate compliance monitoring, predict emerging risks, and enhance decision-making while addressing the urgent need for transparent, auditable, responsible and ethical AI oversight. Among other things, they will touch on: |
|
16:05
Closing keynote address: One framework to rule them all: Mastering POPIA, GDPR, and global privacy through intelligent integration
Adv. Carien van Dijk, Chief Information Security Officer, Deus X Pay
Managing POPIA, GDPR, CCPA, and emerging frameworks separately is organizational suicide. Drawing from experience managing compliance across South Africa, EU, USA, and Asia, the speaker will demonstrate how integrated compliance architecture and AI-powered GAP analysis can turn regulatory chaos into competitive advantage.
This presentation will explore how compliance integration isn't about finding the highest common denominator, but how it's about building flexible architecture that adapts to local requirements while maintaining global consistency.