Conference Day One: Tuesday, 10th March 2020

Pre-Conference Workshops: Monday, 9th March 2020 Conference Day One: Tuesday, 10th March 2020 Conference Day Two: Wednesday, 11th March 2020
+ Show All Session Details

9:00 am - 9:30 am COFFEE & REGISTRATION

9:30 am - 9:40 am CONFERENCE OPENING

9:40 am - 10:20 am INTERNATIONAL KEYNOTE: Understanding the Future of Technology Risk Management in the Age of Automation, AI and Innovation

Siva Sivasubramanian - Chief Security Information Officer, Optus
Digital technologies are evolving at a rapid pace and driving transformative changes in every industry. With AI presenting a $15.7 trillion economic opportunity between now and 2030, it is something that technology risk professionals can no longer ignore and must proactively prepare for.

In this session:
  • Transforming traditional industries and business models with rapidly advancing digital technology
  • Understanding the critical balance between innovation with safety and security to mitigate technology risks
  • Addressing the challenges surrounding the rapid speed of adoption of technology within the industry
img

Siva Sivasubramanian

Chief Security Information Officer
Optus
See Bio

10:20 am - 11:00 am PANEL DISCUSSION: What Tools and Technologies are Helping Technology Risk Management Become More Effective?

Bruce Young - Chief Risk Officer, (former)
Nalin Arachchilage - Cyber Security Fellow, LaTrobe University
David Chantler - Head of Information Security and Technology Risk, Queensland Treasury Corporation
Employing tools can create a systematic and integrated approach to managing threats and opportunities to improve decisions and outcomes across all levels of business operations.

This panel will address ideas surrounding:
  • How can organisations access and implement the right risk management tools that are specifically tailored to achieve effective results?
  • How to realise smarter and more efficient ways to integrate risk management frameworks to better access risk maturity?
  • How to define, communicate, track and monitor risk appetite and risk tolerance levels within an organisation?
Chair:

Bruce Young

Chief Risk Officer
(former)
See Bio
img

Nalin Arachchilage

Cyber Security Fellow
LaTrobe University
See Bio
img

David Chantler

Head of Information Security and Technology Risk
Queensland Treasury Corporation
See Bio

11:00 am - 11:20 am SPEED NETWORKING

11:20 am - 11:40 am MORNING COFFEE AND NETWORKING

11:40 am - 12:20 pm CASE STUDY: Quantifying Risk to Gain Executive Buy in to Deliver Better Technology Risk Management Outcomes Across the Business

Amy Woolf - Risk Operations Principal, Networks & IT, Telstra
In response to significant breaches, Telstra changed its way of thinking about technology risk, bringing in a new team in 2016 to deliver the impact of qualitative risks to tangible metrics. Charged with managing and navigating 1000+ risk exposure points across the Networks & IT business, hear Amy’s three-year journey to improve communication between executives and risk managers in a system which has removed 60% of customer outage hours.

In this session:
  • Identified and linked CX metrics to qualitative technology risks to secure leadership investment and ownership
  • Created a mature risk management framework to identify and categorize operational risks across a large exposure base
  • Navigated the challenges between prioritizing high-risk and low-risk exposures at a large scale
  • Improved working relationships with compliance, cyber and technology teams to reduce risk exposures
img

Amy Woolf

Risk Operations Principal, Networks & IT
Telstra
See Bio

12:20 pm - 1:00 pm There is no Such Thing as Cyber Risk - Removing Threats in your Organisation by Improving Controls and Responding to Human Vulnerabilities

Shaheen Evans - Chief People and Risk Officer, Border Express
In order to prevent today’s advanced cyber-attacks and threats, businesses need to clearly articulate the risk event (many get this wrong) and understand and adopt a people-centric technology risk management strategy. Many organizations’ information security and compliance strategies focus on managing endpoints and system vulnerabilities, but struggle to protect against the human aspect of threats.

In this session, Shaheen will draw upon his experiences at the Bureau of Meteorology and at his current role at Border Express to discuss how businesses must focus on not only the information data and technology aspects, but also the people who use and respond to these risk events.

  • Simplifying risk language i.e the ‘risk event’ thereby engaging with key business stakeholders
  • Developing a formalised threat program/model to prevent, detect and minimise risks from being realised
  • Recognising the human aspect such as human bias to technology and incorporating this into the business/response plan
img

Shaheen Evans

Chief People and Risk Officer
Border Express
See Bio

1:00 pm - 2:00 pm LUNCH BREAK

2:00 pm - 2:40 pm CASE STUDY: “Project Sanagi” Will Set The Benchmark For Technology Risk Management Across Australia’s Largest IT Transformation Venture

Andrew Webster - Project Risk Specialist, MLC Life Insurance
As the largest IT transformation project in Australia, MLC Life insurance’s Project Sanagi will set the benchmark and standards in the domestic financial services sector. Charged with separating 125 years’ worth of data from former sole owner National Australia Bank, Andrew will discuss the transformation process currently underway.

  • Establishing a fit-for-purpose technology risk system
  • Simplifying data records and migration of legacy customer systems and ensuring compliance with regulatory obligations and standards
  • Separating MLC’s infrastructure from NAB’s while also updating key processes
  • Managing change and identifying the capabilities, processes and technology needed for business improvement
img

Andrew Webster

Project Risk Specialist
MLC Life Insurance
See Bio

2:40 pm - 3:20 pm PANEL DISCUSSION: The Dos and Don’ts of Technology Risk Management in Today’s Evolving Digital Landscape

Bruce Young - Chief Risk Officer, (former)
Chirag Joshi - Senior Manager, Cyber Risk Governance, Origin Energy
Leigh Heyward - Technology Analytics and Risk Manager, UniSuper
In today’s world, as the breadth of technology risks has evolved and a new approach needs to be taken to improve customer trust, regulatory compliance and financial outcomes. This panel will see risk leaders reflecting on their experiences, wins and lessons to provide tangible insights thinking about technology risk management, for compliant and secure outcomes by addressing questions around:

  • How do you manage the risks associated with the digital transformation and govern these accordingly?
  • What practices do you need to adopt to address how technology risk management is viewed today?
  • How do you establish a culture where risk awareness is consistent and constant?
  • How do you operate in an agile business model across technology risk management?
  • In hindsight, what approaches should be changed to deliver more effective outcomes?
Panelists:

Bruce Young

Chief Risk Officer
(former)
See Bio

Chirag Joshi

Senior Manager, Cyber Risk Governance
Origin Energy
See Bio
img

Leigh Heyward

Technology Analytics and Risk Manager
UniSuper
See Bio

3:20 pm - 3:40 pm AFTERNOON TEA

3:40 pm - 4:20 pm Building Operational Resilience to Improve Threat Management and Response

Operational resilience should form an integral part of business strategy and refers to the ability of organisations as a whole to prevent, respond to, recover and learn from operational disruptions. As cyber-attacks have grown in number, sophistication and disruptive impact so to have the maturity levels of organization’s resources and talent to deal with these threats. In this session:

  • Develop and augment existing frameworks and policies to accommodate operational resilience
  • Conducting rigorous testing of critical areas of potential failure and scenario planning
  • Clear articulation of operational risk appetite and impact tolerance for disruptions to key business services

INTERACTIVE DISCUSSION GROUPS

Topic One

4:20 pm - 5:00 pm Addressing the Problem of Limited Resources and Competing Priorities in Technology Risk Management
Shaheen Evans - Chief People and Risk Officer, Border Express
  • Encourage collaboration within the various IT teams to support more effective technology risk management outcomes
  • Implementation of agile working across organizational operations
img

Shaheen Evans

Chief People and Risk Officer
Border Express
See Bio

Topic Two

4:20 pm - 5:00 pm Best Practice Methods to Effectively Engage with and Manage Third Party Solution Providers
Nishant Vats - Third Party Lead – Information Security and Risk, iCare NSW
  • Comprehensively identify third party risks and vulnerabilities
  • Conduct an effective third party screening, onboarding and due diligence program to secure the best provider for your organization
  • Establish a culture of transparency and collaboration with board level oversight
img

Nishant Vats

Third Party Lead – Information Security and Risk
iCare NSW
See Bio

Topic Three

4:20 pm - 4:50 pm Examining the Ethics of Emerging Technologies in the Changing Digital Landscape
Celeste Young - Cyber Research Fellow, Melbourne University
  • Establishing ethical guidelines and boundaries
  • Proactively raising awareness and concerns relating to ethical questions across all levels of organisational operations
  • Identifying potential threats that could be caused by technological innovations and implementing best possible solutions to protect customer privacy
img

Celeste Young

Cyber Research Fellow
Melbourne University
See Bio

5:00 pm - 5:10 pm CONFERENCE CLOSING – REMARKS FROM THE CONFERENCE CHAIRPERSON

5:10 pm - 5:10 pm NETWORKING DRINKS

In Partnership With :

Technology IQ

QUESTIONS?

Email: enquire@iqpc.com.au

Iqpc Icon

©2024 IQPC. All rights reserved.