Cheri Hotman to speak at PrivSec & GRC Connect Chicago

Taking place April 16 and 17 at Crowne Plaza Chicago West Loop, PrivSec & GRC Connect Chicago provides a platform for organizations to address the cumulative nature of risk.

PrivSec & GRC Connect Chicago’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape. 

Event speaker, Cheri Hotman is Partner, vCISO at Hotman Group. She has spent her career building GRC programs with integrity, staying on top of expertise in a range of industries, including banking, financial services, healthcare, consulting, technology and software.

Cheri Hotman will be attending PrivSec & GRC Connect Chicago to discuss how to implement GRC systems in ways that drive competitive edge throughout the organisation.

Learn more about Cheri and her session themes below:

Could you outline your career pathway to date?

Most of my career has been working in tech, growing up through the ranks of IT, often in banking and financial services. Not that I planned it, but when Enron happened and the birth of SOX (Sarbanes-Oxley), I found myself positioned well with an undergrad in Accounting, a CPA license, and much tech experience and the growing field of cybersecurity.

I finished my corporate career building out and running the IT GRC practice for a global bank. In 2016, I left that role to start Hotman Group, a boutique cybersecurity/ GRC practice.

At Hotman Group, we build, implement, and run companies’ cybersecurity and GRC programs. Because we have commitment to integrity and approaching cybersecurity the right way to achieve the right outcomes, we help business leaders with integrity gain the trust of their clients through their cybersecurity/ GRC programs.

I’m definitely a nerd and love this stuff. Very satisfying to help companies solve their complex problems and actually realize the value of GRC!

What are the business benefits of prioritizing GRC strategy and creating a smarter GRC solution?

I would say one of the main business benefits of GRC today is customer assurance. Customers only work with companies they can trust and feel confident are serious about security.

The main business benefit of a smarter GRC solution is efficiency, sustainability, and ability to grow/ scale. GRC is a lot of details and staying on top of all the changing demands. Absent a strategy, that can easily spiral out of control to not achieve its outcomes and be very inefficient and overwhelming as well.

Additionally, cybersecurity is all about effective risk management, the “R” in GRC. By addressing governance, compliance, and risks proactively, businesses can identify and mitigate risks, reducing the chances of costly disruptions, embarrassment, lost revenue, or compliance issues.

In essence, investing in smarter GRC solutions not only ensures regulatory compliance and risk mitigation, but also strengthens customer relationships and revenue by assuring the security and integrity of their data. 

In today’s world, prioritizing GRC isn’t just strategic; it’s essential for long-term success, maintaining customer trust, and revenue growth.

What are the primary challenges facing organizations as they bid to move towards the establishment of such systems?

The primary challenges organizations face in establishing a comprehensive GRC system for cybersecurity include navigating a constantly changing dynamic landscape (internally and externally); the need for budget and expert resource allocation, and taking action on the fact that GRC is a vital core business function that directly affects revenue.

Implementing an effective GRC system requires a significant amount of strategy, planning, effort, and resources. It’s an iterative journey that has milestones, must be continually monitored and improved, but never ends. Organizations must allocate sufficient time and resources to sustain and repeat these efforts efficiently.

Additionally, GRC is a core business function, just like HR and Legal, no longer a nice-to-have. However, getting the entire business (and Executives) on board with this fact can be challenging. Buy-in all the way up and across the organization is critical to short-term traction and long-term success. 

Achieving consistent prioritization of GRC/ cybersecurity within the organization requires commitment from leadership, strategic planning, consistent budget allocations, sufficient personnel, and subject matter expertise to make/ keep GRC a top priority.

Bottom-line: GRC should no longer be viewed as a cost center, but can be a revenue-generating powerhouse to a company by speeding up the sales pipeline, helping to land the larger deals, and increasing customer trust in the marketplace.