Skip to content Skip to footer
Home Focus Groups Governance, Risk & Compliance (GRC)

Governance, Risk & Compliance (GRC)

The ambition of the GRC Focus Group is to build a trust platform for the exchange of success factors and delivery methods, the ‘how’ (e.g., when should a security policy be reviewed, how to do security-by-design, etc.) but also the ‘what content’, such as challenges faced with new technologies’ implementation (e.g., defining efficient security controls for mobile devices, defining suppliers’ requirements, etc.).

The objective of the GRC Focus Group is to share experiences in three challenging GRC aspects supporting organizational agility: 

Security policies

Keeping security under control is becoming increasingly challenging: digital transformation, continuous development, mobility, cloud usage, etc. require much more agile security controls and processes. Security policies need to stay relevant to keep up with changes.  

Security processes

Security processes must not jeopardize the way of business but instead foster it (security-by-design, vulnerability management, exception management, etc.) 

Security risk & compliance measurement

Furthermore, as boards and executive committees are getting more and better informed, being able to measure the security risk and communicate it effectively becomes an indicator of how relevant the Security Function is.

The members are currently focusing on:

  • Metrics, KPI, KRI & ways to report
  • Conducting risk assessment
  • Legal compliance (NIS2 & DORA)

Activities range from presenting lessons learned & sharing best practices on methods applied to sharing or co-creating assets.

Recent topics included an ISO 27002 and ISO 27701 update; integration of IT control frameworks; tooling for mapping industry standards to control assessments; risk appetite, risk registers and risk assessments; vendor management recommendations based on ISO 27001 audits, and practical application of the FAIR risk assessment methodology.

The GRC Focus Group generally convenes in-person on a quarterly basis. 

Governance, Risk & Compliance (GRC)

How to join the group

The members of this Focus Group are all active in GRC domains.

Become a member

Permanent Chair

Jo Van Damme

Jo Van Damme

Cyber Security Strategy & Programme Manager at Proximus
Laurie-Anne Bourdain,

Laurie-Anne Bourdain

Data Protection Officer at Isabel Group
Peter Debasse

Peter Debasse

Group Information Security Officer at KBC Bank & Verzekering
Yves Van Wassenhove

Yves Van Wassenhove

Safe Business Officer IT Chapter Lead at ING Belgium

Operations Office

Pascal Champagne

Business Development Manager

You May Also Like

View All
Regulations & Standardizations
Regulations & Standardizations
 Cyber Incident Detection & Response (CIDR)
Cyber Incident Detection & Response (CIDR)
 Identity & Access Management
Identity & Access Management (IAM)
 Awareness
Awareness
 Cryptography
Cryptography
 Cybersecurity for Hospitals
Cybersecurity for Hospitals
Join our podcast
Please choose your preferred listening platform and language

Spotify

EN

FR

NL

Apple

EN

FR

NL

Join our newsletter

Cyber Pulse keeps you up-to-date on the latest cybersecurity news, community actions and member stories.

Subscribe on LinkedIn