We are delighted to confirm that Governance, Risk, and Compliance (GRC) leader, Cheri Hotman will speak at PrivSec & GRC Connect Chicago, opening soon.

Taking place April 16 and 17 at Crowne Plaza Chicago West Loop, PrivSec & GRC Connect Chicago provides a platform for organizations to address the cumulative nature of risk.

PrivSec & GRC Connect Chicago’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape. 

Event speaker, Cheri Hotman is Partner, vCISO at Hotman Group. She has spent her career building GRC programs with integrity, staying on top of expertise in a range of industries, including banking, financial services, healthcare, consulting, technology and software.

Cheri Hotman will be attending PrivSec & GRC Connect Chicago to discuss how to implement GRC systems in ways that drive competitive edge throughout the organisation.

Learn more about Cheri and her session themes below:

Could you outline your career pathway to date?

Most of my career has been working in tech, growing up through the ranks of IT, often in banking and financial services. Not that I planned it, but when Enron happened and the birth of SOX (Sarbanes-Oxley), I found myself positioned well with an undergrad in Accounting, a CPA license, and much tech experience and the growing field of cybersecurity.

I finished my corporate career building out and running the IT GRC practice for a global bank. In 2016, I left that role to start Hotman Group, a boutique cybersecurity/ GRC practice.

At Hotman Group, we build, implement, and run companies’ cybersecurity and GRC programs. Because we have commitment to integrity and approaching cybersecurity the right way to achieve the right outcomes, we help business leaders with integrity gain the trust of their clients through their cybersecurity/ GRC programs.

I’m definitely a nerd and love this stuff. Very satisfying to help companies solve their complex problems and actually realize the value of GRC!

What are the business benefits of prioritizing GRC strategy and creating a smarter GRC solution?

I would say one of the main business benefits of GRC today is customer assurance. Customers only work with companies they can trust and feel confident are serious about security.

The main business benefit of a smarter GRC solution is efficiency, sustainability, and ability to grow/ scale. GRC is a lot of details and staying on top of all the changing demands. Absent a strategy, that can easily spiral out of control to not achieve its outcomes and be very inefficient and overwhelming as well.

Additionally, cybersecurity is all about effective risk management, the “R” in GRC. By addressing governance, compliance, and risks proactively, businesses can identify and mitigate risks, reducing the chances of costly disruptions, embarrassment, lost revenue, or compliance issues.

In essence, investing in smarter GRC solutions not only ensures regulatory compliance and risk mitigation, but also strengthens customer relationships and revenue by assuring the security and integrity of their data. 

In today’s world, prioritizing GRC isn’t just strategic; it’s essential for long-term success, maintaining customer trust, and revenue growth.

What are the primary challenges facing organizations as they bid to move towards the establishment of such systems?

The primary challenges organizations face in establishing a comprehensive GRC system for cybersecurity include navigating a constantly changing dynamic landscape (internally and externally); the need for budget and expert resource allocation, and taking action on the fact that GRC is a vital core business function that directly affects revenue.

Implementing an effective GRC system requires a significant amount of strategy, planning, effort, and resources. It’s an iterative journey that has milestones, must be continually monitored and improved, but never ends. Organizations must allocate sufficient time and resources to sustain and repeat these efforts efficiently.

Additionally, GRC is a core business function, just like HR and Legal, no longer a nice-to-have. However, getting the entire business (and Executives) on board with this fact can be challenging. Buy-in all the way up and across the organization is critical to short-term traction and long-term success. 

Achieving consistent prioritization of GRC/ cybersecurity within the organization requires commitment from leadership, strategic planning, consistent budget allocations, sufficient personnel, and subject matter expertise to make/ keep GRC a top priority.

Bottom-line: GRC should no longer be viewed as a cost center, but can be a revenue-generating powerhouse to a company by speeding up the sales pipeline, helping to land the larger deals, and increasing customer trust in the marketplace.

Don’t miss Cheri Hotman exploring these issues to depth in the PrivSec & GRC Connect Chicago panel: From Cost Center to Competitive Edge: Operationalizing GRC.

Enterprise GRC professionals are often pressured to minimize spend on risk and compliance initiatives while still maximizing their efficiency and keeping their organizations secure and compliant.

Fortunately, there’s a growing realization that the right GRC solution, traditionally seen as a cost center, holds untapped potential for better decision-making, unlocking a significant competitive advantage.

As a result, they need to break down the data silos between risk and compliance activities to get a transparent, holistic view of their compliance and risk postures, but they aren’t always sure where to start.

Join our experts Cheri Hotman, Partner, vCISO at Hotman Group and Aidan Collins, Director, Strategic Accounts, Hyperproof to learn more about:

  • The drivers creating a growing need for transition from viewing GRC as a compliance obligation to operationalizing it as a strategic solution
  • Practical strategies for transforming GRC operations, with a focus on breaking down silos
  • Best practices for unifying risk and compliance data
  • How to best prioritize GRC initiatives


From Cost Center to Competitive Edge: Operationalizing GRC

10:15pm – 10:45am CST

Date: Wednesday 17 April 2024

The session sits within a packed agenda of insight and guidance at PrivSec & GRC Connect Chicago taking place April 16 and 17, 2024.

Discover more at PrivSec & GRC Connect Chicago

GRC, Data Protection, Security and Privacy professionals face ongoing challenges to help mitigate risk, comply with regulations, and help achieve their business objectives - they must…

  • Continually adopt new technologies to improve efficiency and effectiveness.
  • Build a culture of compliance and risk awareness throughout the organisation.
  • Communicate effectively with stakeholders and keep them informed of GRC activities.

PrivSec & GRC Connect Chicago takes you to the edge of the debate, uniting the most influential GRC, Data Protection, Privacy and Security professionals, to present, debate, learn and exchange ideas.

This dynamic and content-rich experience takes place over April 16-17 at the Crowne Plaza Chicago West Loop.

Click here to register for free to PrivSec & GRC Connect Chicago