RSA Archer Summit 2018

August 15-17 | Nashville, Tennessee

 

Program

Agenda at a Glance

Subject to change

Wednesday | Thursday | Friday

Wednesday, August 15

All day Various Preconference Training Available
1:00 pm – 5:00 pm RSA Archer Summit Registration Desk Open 
1:00 pm – 3:00 pm
Working Group: Digital Risk Management - REGISTER NOW! 
Working Group: Regulatory & Corporate Compliance - REGISTER NOW!
Working Group: System Administrator - REGISTER NOW!
3:00 pm – 5:00 pm
Working Group: IT & Security Risk Management - REGISTER NOW!
Working Group: Integrated Risk Management - REGISTER NOW!
Working Group: User Experience - REGISTER NOW!
RSA Archer Cyber Risk Quantify User Group - REGISTER NOW!
6:30 pm – 10:00 pm Welcome Reception @ Acme Feed & Seed sponsored by PwC

 

Thursday, August 16

7:15 am – 8:15 am Breakfast
8:30 am – 10:00 am Opening Keynotes 
10:00 am – 6:00 pm  RSA Archer Clubhouse Open 
10:00 am – 6:00 pm  Partner Expo Open 
10:00 am – 10:30 am Networking Break
10:30 am – 11:15 am
Track Session Speaker/Instructor
Business Risk Management in Practice 1 Driving Quality Control via Questionnaires and Executive Dashboards
Our executive leaders had a problem - they were getting multiple loan quality control testing reports from different functional teams.  Each team had different testing criteria, different error definitions, different metrics and different time frames.  It was difficult for our executive leaders to determine acceptable error rates and nearly impossible to compare production quality across functional teams.  By establishing a consistent framework in RSA Archer, which utilized robust quality control questionnaires, workflow, and standard error calculations, we were able to provide an enterprise-wide consolidated quality control program.  This program has enabled greater efficiencies for the testing teams and improved executive oversight via dashboards.  
Justin Weber, Director Operations Risk Management, BECU;  Xiaoxing Guo, System Administrator, BECU; and Christina Todd, Quality Assurance Lead, BECU
Business Risk Management in Practice 2 How Much is Your GRC Program Worth?
Whether you are a prospect customer or a GRC “old hand” trying to expand your program, you will be asked to justify GRC value at some point. Like many of us, you probably struggle to define and clearly articulate clear business benefits. It ain’t easy, but in this presentation you will learn a variety of techniques from veteran practitioners with over 20 years of GRC experience to develop quantitative and qualitative benefits to track and communicate GRC business value.
Phil Aldrich, Director, GRC/ERM, Dell and Jennifer Pesci-Anderson, Verterim Inc. 
The RSA Archer Journey Simple Wisdoms from an RSA Archer Agile Journey
If you want something you have never had, you’ll have to do something you have never done.  MD Financial Management began its GRC journey in 2016.  Throughout this expedition, MD has gained treasured wisdoms on what worked well and not so well.  MD has shaped a governance and stakeholder model that builds collaboration, momentum, and results and adopted an agile approach that works for MD by choosing simplicity over sophistication in development, administration, and support.
Shane Bracewell, A-VP Enterprise Risk Management, MD Financial 
RSA Archer Technical Track 1  Advanced Workflow to the Rescue:  Solving Complex Approval Challenges
Education and understanding the differences between Data Driven Events and Advanced Workflow is the first step in the conversion process of complex approval flows in your RSA Archer GRC implementation. Testing the waters in a development environment becomes crucial to a successful migration effort. Getting around lack of support for uploading existing records at any point in the workflow avoids a fatal deal breaker. Come learn how NASA successfully mitigated the risk of Death by DDEs using Advanced Workflow. 
Steve Kerney, Systems Architect, NASA (NDTI)
RSA Archer Technical Track 2 (Advanced) RSA Archer Technical Session TBD Scott Hagemeyer, Senior Product Manager, RSA
Results Driven Risk Management Results Driven Risk Management  Speakers TBD 
Tips & Tricks Learning Lab Tips & Tricks Learning Lab: Permissions & EPIC Speakers TBD 
Choose your Own Adventure  Learning Lab: Choose your Own Adventure  Speakers TBD
11:30 am – 12:15 pm
Track Session Speaker/Instructor
Business Risk Management in Practice 1 Integrating Public Sector and Commercial Solutions
Join us as we share how Parsons Corporation approached implementation of a game changing federal DoD regulation to manage business risk and compliance for our project delivery teams to meet government audits by self-assessments. The RSA Archer journey involved several challenges and innovative approaches to gain business commitment andget the GRC program up and running using RSA Archer. Issues to be tackled included organizational culture, technical maturity, and showing return on value to meet a compliance deadline of December 2017.
Vijaya Ramamurthi, Sr. Manager, Cyber Risk & Compliance, Parsons Corporation and Kirk Whittaker, Sr. Cyber Specialist, Parsons Corporation
Business Risk Management in Practice 2 How RSA Archer Third Party Governance has delivered procurement success at ME Bank
The ME Bank Procurement team has recently completed an implementation of RSA Archer Third Party Governance. This session will cover the lessons learned from the implementation and present the unique solution that has been delivered, as well as demonstrating the risk, compliance, and commercial benefits that are being achieved across the whole organization.
Michael Morpeth, General Manager Procurement and Property, ME Bank 
The RSA Archer Journey Good Ideas – No Buy In
Many times technology is used to prop up broken and misaligned processes—the solution lies in the alignment of objectives, processes, and people.  This presentation covers what to do when stakeholders are resistant to the change required to mature your risk and compliance program. 
Jamie Galioto, Sr. Director Risk and Compliance Operations, Target Corporation and Kevin Brown, Director GRC & Reporting, Target Corporation 
RSA Archer Technical Track 1  Achieving More in RSA Archer Utilizing the API
Ever wanted the ability to copy a record in RSA Archer without bringing over all the linkages or just target certain fields?  Have you ever needed to extract hundreds of records including attachments to provide information for external auditors?  Have nightly recalculations become too burdensome on the system?  If you answered yes to any of these, you need to attend this session to learn how RSA Archer’s API can be used to extend the Platform’s capability to achieve almost anything!
Brian Olberz, IT Manager, Humana and Mark Klimesh, Humana
RSA Archer Technical Track 2 (Advanced) RSA Archer Technical Session TBD Speakers TBD 
Results Driven Risk Management Results Driven Risk Management  Speakers TBD 
Tips & Tricks Learning Lab Tips & Tricks Learning Lab: Mail Merge Speakers TBD 
Choose your Own Adventure  Learning Lab: Choose your Own Adventure  Speakers TBD 
12:15 pm – 1:15 pm  Lunch 
1:15 pm – 2:00 pm
Track Session Speaker/Instructor
Business Risk Management in Practice 1 Center for Medicare and Medicaid Services (CMS) Cyber Journey
The RSA Archer Platform has supported the Center for Medicare and Medicaid’s (CMS) ability to adapt and mature its cyber risk program.  This session will discuss CMS’s journey with RSA Archer, how it set the stage for change, the capabilities, metrics, process and organizational changes it has supported, and where we are headed next. 
Teresa Proctor, Deputy Director, Division of Security and Privacy, Information Security Office of IT, Center for Medicare and Medicaid Services and Susan Halterman, Cyber Security Engineering, MITRE
Business Risk Management in Practice 2 Answer the Call for Transparency and Accountability - Managing Third Party Risk Using RSA Archer
Discover’s Third Party Risk Management process was in need of process improvements and RSA Archer was chosen as a key component of the solution.  The session will outline key challenges we faced across core business functions/ critical process steps within the end-to-end Third Party Risk Management process.  We will explain how we utilized Archer to address the challenges resulting in added process transparency, improved key personnel accountability, increased automation, and streamlined Risk Assessment Process.
Jason Sharrett, Manager, Discover Financial Services and Petar Ivancevic, Senior Associate, Discover Financial Services 
The RSA Archer Journey Recipe for Success: A Collaboration of People and Integrated Technology
FirstBank recently deployed RSA Archer as an integrated risk management solution to replace a legacy GRC platform. They knew from the start that in order to be successful, they needed people from across the organization to work together and be on the same page. In this session, you'll hear how FirstBank and Iceberg fostered this teamwork throughout every stage of the project -- from software selection, to planning, implementation and finally deployment.
Kristy Ruthstrom, Cloud Integration Analyst, FirstBank and Kirk Hogan, Iceberg
RSA Archer Technical Track 1  Utilizing Cloud Infrastructure to Optimize RSA Archer Workflow Development
Over the past year, Nordstrom completely rebuilt its RSA Archer environments using cloud infrastructure.  Learn how we leverage cloud flexibility to create both on demand and scheduled availability environments to effectively work various development efforts concurrently.  Utilizing this infrastructure, we have created workflows for RSA Archer applications as well as infrastructure changes, combining change management processes with rapid development cycles.
Christopher Baxter, Engineer 3, Nordstrom and Joaquim Rosario, Information Security and Compliance; Nordstrom 
RSA Archer Technical Track 2 (Advanced) The Benefits of Hardware Sizing and System Performance Health Checks
This session will show what the offerings are for sizing and performance health checks as well as what benefits to organizations can be gained. We will also discuss common pitfalls organizations typically fall into as well from an RSA Archer configuration standpoint.  
Kevin Miller, Consultant, RSA
Results Driven Risk Management Simplify the End User Experience – Lessons Learned from Deploying RSA Archer Risk Assessments
Join Procter & Gamble as they describe their journey of implementing a custom use case within the RSA Archer platform to facilitate the documentation and assessment of project initiatives as part of the application acquisition and deployment life cycle.  The solution accesses the potential impact to key compliance areas of focus, facilitates consultations with Enterprise Architectural and Information Security personnel to document required design artifacts, and prescribes a required controls framework to ensure that critical information security controls are met during project design and execution.  Integration with the Issues Management use case facilitates the documentation of control compliance issues to initiate the organization's preexisting issue remediation and risk treatment processes.   Learn how the organization resolved the challenges of meeting unique business requirements and the impact over-complexity can have on end user adoption of the process.  By leveraging the core features of the RSA Archer platform and consistent assessment approaches the solution delivers a consistent end user experience while also achieving the organization's key objectives. 
Rob Gould, Proctor & Gamble and Brett Sommers, Senior Manager, Crowe Horwath 
Tips & Tricks Learning Lab Tips & Tricks Learning Lab: Strategies for Addressing Multiple Records (Inline Edit/Bulk Actions) Speakers TBD 
Choose your Own Adventure  Learning Lab: Choose your Own Adventure  Speakers TBD 
2:15 pm – 3:00 pm
Track Session Speaker/Instructor
Business Risk Management in Practice 1 Math is Hard: Compliance to Continuous Risk Management
Moving from a compliance mindset to a culture of risk management requires a progressive shift toward a secure, integrated, and continuously monitored environment.  Sandia's implementation of a risk-based approach provides organization-wide awareness through the collection, correlation, and analysis of organizational data.  Participants will walk through a use case that demonstrates planning and implementation of a robust risk management process, while avoiding key cultural and communication pitfalls.
Christie Gross, Senior Cyber Assurance Architect, Sandia National Laboratories
Business Risk Management in Practice 2 Taming the GDPR Beast: Build an End-to-End Framework for Managing GDPR Compliance
Join LabCorp as they share their journey in establishing a framework of 70 key action items to meet GDPR compliance requirements. From centralizing data processing activities to managing data breach notifications, learn how LabCorp leveraged RSA Archer as the core technology for managing GDPR compliance along with other key technology investments, including Radar, Splunk, and multiple CMDBs to facilitate the company’s end-to-end GDPR program
Neena Ballard, Director, Risk Management, Office of Information Security, LabCorp, Sean Robinson, GDPR Compliance Manager, LabCorp and
Josh Britten, Manager, Crowe Horwath
The RSA Archer Journey Starting From Square One – RSA Archer Out-of-the-Box Light
RSA Archer comes out the box exploding with content for Risk Managers to enhance their processes. However, many companies struggle to convert their paper processes into robust systems processes. We’ve all heard to go “out-of-the-box” and avoid the allure of complex customization – yet we think the real secret to success is to start small, and mature your process before you build.
Mikael Rosenberger, VP, Risk Analytics, BofI Federal Bank
RSA Archer Technical Track 1  How to Make Supporting RSA Archer Easier: Best Practices to Thank Yourself Later
Join us as we share various developer standards that IMF has chosen to put into place in RSA Archer based on almost eight years of implementation experience.  We will cover examples, suggestions, and mistakes to avoid so that you can build out RSA Archer in a way that takes the long term view.  These suggestions may not always be the quickest during the development phase, but will most definitely pay off when your organization is much more easily able to do additional rounds of enhancements and support RSA Archer in the future.
Katie Bacon, RSA Archer Architect, IMF
RSA Archer Technical Track 2 (Advanced) RSA Archer Technical Session TBD Speaker TBD 
Results Driven Risk Management Results Driven Risk Management  Speakers TBD 
Tips & Tricks Learning Lab Tips & Tricks Learning Lab: Calculated Xref Speakers TBD 
Choose your Own Adventure  Learning Lab: Choose your Own Adventure  Speakers TBD 
3:00 pm – 3:30 pm  Networking Break
3:30 pm – 4:15 pm
Track Session Speaker/Instructor
Business Risk Management in Practice 1 Thinking Inside the Box – Being Judicious About Customization
RSA Archer is a great tool to manage IT risk. A premier feature is its deep customization capabilities. But every virtue, if taken too far, can become a vice. Let’s revel in RSA's version of RSA Archer, rather than attempting to reinvent the wheel. Our discussion is centered on taking a measured, judicious approach in determining what to customize. We will discuss five argument for resisting the pressure to customize RSA Archer’s Use Cases.
Sean McHenry, Cybersecurity Analyst and GRC Specialist, State of Utah, Dept. of Technology Services
Business Risk Management in Practice 2 Evaluator – Next Level Risk Analysis with Open Source, OpenFAIR, and RSA Archer
This session introduces a method for performing a repeatable, strategic, and quantitative risk assessment. By using open sourced software with RSA Archer risk management workflows, organizations can increase their risk management capabilities and provide better organizational guidance on their risk landscape.  Participants will receive an introduction to OpenFAIR, the Evaluator engine, and how both may be used to perform quantitative risk assessments with integration with a RSA Archer risk management solution. 
David Severski, Lead Risk Data Scientist, Starbucks 
The RSA Archer Journey

A Fool With A Tool, Is Still A Fool, Creating An Effective and Efficient Risk Assessment Workflow

What is driving your IT Risk Assessment process?  Most likely, it is state and/or federal laws or company policy and other legal obligations. At UF, we are beholden to FERPA, HIPAA, FIPA (Florida Information Privacy Act), GLBA, PCI, CJIS, and many other contractual obligations from our researchers. We realized that the tools needed are only as good as the processes that back it up. Join us as we share how RSA Archer allowed us to effectively target assessment effort and involve all of the right partners (e.g. privacy, legal, procurement etc.,) to eliminate over-emailing, reduce our meeting times, and much more. 

Cheryl Granto, Information Security Manager, University of Florida and Thomas Brown, Senior IT Security Analyst, University of Florida
RSA Archer Technical Track 1  Workflow Panel  Speakers TBD 
RSA Archer Technical Track 2 (Advanced) RSA Archer Technical session TBD Speakers TBD 
Results Driven Risk Management Third Party Risk Management – at Global Scale and Pace
 HSBC is one of the world's largest banking and financial services organisations with around 3,900 offices in both established and emerging markets. HSBC undertook a global initiative to leverage Archer for supply chain risk management. Join us as we discuss how program management and the culture for risk management influenced each other.
Mark Coderre, Global Practice Director, TUV Rheinland OpenSky and  Daniel Crease, Head of Third Party Management, HSBC
Tips & Tricks Learning Lab Tips & Tricks Learning Lab: TBD Speakers TBD 
Choose your Own Adventure  Learning Lab: Choose Your Own Adventure  Speakers TBD 
4:30 pm – 6:00 pm  RSA Archer Cocktail Reception sponsored by KPMG
6:30 pm – 10:00 pm  RSA Archer Customer Appreciation Event
10:00 pm – 12:00 am RSA Archer After Hours Party sponsored by Edgile

 

Friday, August 17

8:00 am – 8:45 am  Breakfast 
9:00 am – 11:00 am  Partner Expo Open 
9:00 am – 9:45 am
Track Session Speaker/Instructor
Business Risk Management in Practice 1

Internal Audit’s Integrated Approach with the 2nd Line of Defense
Join this session to learn how and why Internal Audit initiated and led the development of an integrated approach program. The session will cover:

  • The immediate benefits gained for the audit group when the audit use case was implemented – more accuracy and efficiency in managing the audit universe, annual risk assessment and annual audit plan processes
  • The foreseeable benefit for the three lines of defense when other governance groups implement RSA Archer – leveraging risk and control assessment information, coordination and leveraging of control testing, potential agile audit plan as risk process matures for first and second line of defense
  • Why Internal Audit still has a seat at the table even though our implementation is complete 
Marcia Schow, AVP, Audit Services, Manulife/John Hancock
Business Risk Management in Practice 2 Rio Tinto’s Journey Towards Integrated Enterprise Wide Management of Risk
For 145 years, Rio Tinto has been pioneering the production of materials essential to human progress. The minerals and metals we produce play a vital role in a host of everyday items and innovative technologies that help make modern life work. Rio Tinto is on a journey to further integrate its approach to managing risk across the three lines of defense.  This presentation will share an overview our vision for this journey, the progress made and the lessons learned so far.
Matthew Hancock, Principal Advisor - Risk, Rio Tinto 
The RSA Archer Journey What Can You Get Done in 9 Months? Implement 8 Use cases!
Marathon Petroleum Corporate and Verterim, Inc. will conduct a walk-through of the successful, expansive implementation and operationalization of eight RSA Archer use cases in nine months. The presentation will focus on strategy and project execution, and operational components, including: information security, risk, SOX and audit use cases, strategy planning and project management, success criteria, team commitment and deployment activities to operationalize RSA Archer.  
Jeff Kirkendall, IT Business Analyst, Marathon Petroleum Corporate and Lynda Heij, GRC Strategic Consultant
Verterim, Inc.
RSA Archer Technical Track 1  Ask the Admin Panel Speakers TBD 
RSA Archer Technical Track 2 (Advanced)

Identity & Access Management for RSA Archer based on RSA Identity Governance Lifecycle

Having acquired both  RSA Archer eGRC and RSA Identity Governance Lifecycle our aim was to integrate them and benefit from the strength of both. This session elaborates our company’s approach to manage user accounts and access to RSA Archer GRC. It covers identity provisioning, processes for access request, access review and the access control model that we have established on our RSA Archer Governance Platform for various use cases.

Dieter Huell, Cyber Risk Analyst, Damlier AG
Results Driven Risk Management Results Driven Risk Management  Speakers TBD 
Tips & Tricks Learning Lab Tips & Tricks Learning Lab: API (Part 1)  Speakers TBD 
Choose your Own Adventure  Learning Lab: Choose Your Own Adventure  Speakers TBD 
10:00 am – 10:45 am
Track Session Speaker/Instructor
Business Risk Management in Practice 1 A Unique Approach to “Agile” Business Impact Analysis in RSA Archer
The Vanguard team has developed a unique approach to the Agile Methodology that works with the RSA Archer Platform. Our approach combines classic Agile, rapid prototyping, concurrent environment testing, and more. In this session, we will share the various aspects of this tailor-made Agile approach we used for the implementation of the Business Impact Analysis Use Case.
Charles Gowdy, Technical Specialist II, Vanguard and Bradford  Grant, Business Contingency Manager, Vanguard
Business Risk Management in Practice 2 Risk Management. Powered-Up
In the face of a highly complex risk landscape, Microsoft has digitally transformed its risk management program to execute streamlined risk reviews, risk mitigation plans, and risk reduction initiatives—all powered through the RSA Archer Suite.  Join us to learn how Microsoft and KPMG leveraged RSA Archer to accelerate the handling of risks and drive accountability by bringing together key players to protect the business.
Michael Lumia, Senior Program Manager, Microsoft and Eric Cha, Senior Associate,  KPMG Advisory
The RSA Archer Journey One Team to Manage it All
As the saying goes, you can't please everyone all the time - especially while facing increased consumption and use case demand from the business. Learn how one small Risk and Compliance team  was able to balance roles as GRC practitioners, platform owners, project managers, and system administrators to deliver an incremental development strategy, all while meeting the organization’s maturing risk management capabilities and still keeping RSA Archer’s lights on. 
Steve Taylor, Risk Systems Manager, Qsuper 
RSA Archer Technical Track 1  Bringing Value to Users with Optimal Look, Feel and Navigation in RSA Archer
If end users do not see the benefits, they may be reluctant to provide sufficient data. Data collection processes must be easy and RSA Archer must give back relevant easy-to-find information. We will show how Central Bank of Norway customizes RSA Archer with HTML to create a simple user friendly start page, pages for Division Managers, diagrams as alternative to task-driven dashboard, technique behind “buttons,” automated report filters, and an “early win” IRAM2 integration as a part of a step-wise implementation.
Bjørn Egge, Senior Compliance Officer, Norges Bank (Central Bank of Norway) and Tuan Khoa Pham, GRC Consultant, Mnemonic
RSA Archer Technical Track 2 (Advanced) Demonstration on Various Single Sign On Integration Solutions with RSA Archer
Join us as we discuss the fundamental knowledge on setting up utilizing various single sign on technology with RSA Archer. These include ADFS federation, Azure AD, and HTTP header with mutual authentication, as well as LDAP integration. There will be a demonstration of the various setup discussed in the presentation 
Tim Tsang, Chief Technical Advisory, RSA 
Results Driven Risk Management Don’t forget about HR; Using RSA Archer Incident Management for Employee Relations incidents
Use case for implementing RSA Archer Incident Management module for HR that works in conjunction with other departments. Data tells HR a story when it comes to employee relations issues, we wanted to track that data to find root causes or trends for reporting. We customized the system to meet needs and have continued to build on the platform to pull even more insight to HR incidents.  What we got was a system that allows HR to communicate with other departments to work collectively in one system of record
Patrick Bernardy, Director, GRC Enablement Solutions, PwC and Kevin Housing, Assistant Vice President Human Resources, GM Financial
Tips & Tricks Learning Lab Tips & Tricks Learning Lab: API (Part 2)  Speakers TBD 
Choose your Own Adventure  Learning Lab: Choose Your Own Adventure  Speakers TBD 
11:00 am – 12:00 pm   Closing Keynotes 

Questions? Don't hesitate to contact us.

For general RSA Archer Summit 2018 questions, please contact: stacy.sakellariou@rsa.com