RSA Archer Summit 2018

August 15-17 | Nashville, Tennessee

 

Program

Agenda at a Glance

Subject to change

Wednesday | Thursday | Friday

Wednesday, August 15

All day Various Preconference Training Available
1:00 pm – 5:00 pm RSA Archer Summit Registration Desk Open 
1:00 pm – 3:00 pm
Working Group: IT & Security Risk ManagementCLOSED (this session is full and not accepted additional registrations) 
The IT & Security Risk Management working group will discuss how to leverage external data to drive metrics and awareness of risk and the role of advanced analytics, such as AI and machine learning, to drive your risk management programs. We will also highlight recent updates to the IT Security Vulnerabilities Program Management and IT Controls Assurance use cases.
Working Group: Regulatory & Corporate ComplianceCLOSED (this session is full and not accepted additional registrations) 
The RCCM working group will give an overview of the updates to Controls Assurance and then a focused discussion on upcoming RCCM initiatives. We’ll explore topics around Regulatory Change Management, a full Policy Lifecycle, Controls Monitoring, SOX and utilizing new technologies as part of these processes.
Working Group: System Administrator - CLOSED (this session is full and not accepted additional registrations) 
Topics will pertain to things the administrator persona does in their daily duties. Features such as EPIC, calculated cross-reference, report object, and many more were born out of this working group. These discussions and shared insights into your everyday challenges help influence future development around System Admin functionality.
3:30 pm – 5:30 pm
Working Group: Digital Risk ManagementCLOSED (this session is full and not accepted additional registrations) 
Digital Risk Management programs are rapidly growing within organizations. This working group will focus on how these programs are structured and how these teams are defining their scope of work to manage risk. Topics will include identifying and building an expended digital asset inventory, conducting digital transformation projects to identify, assess and manage risk moving from analogue products to digital technologies.
Working Group: Integrated Risk ManagementCLOSED (this session is full and not accepted additional registrations) 
The Integrated Risk Management working group will focus on connecting data across domains to create a more holistic picture of risk. We’ll explore topics around common risk taxonomy, enterprise-wide risk reporting, and connecting risk to strategic objectives.
Working Group: User Experience - CLOSED (this session is full and not accepted additional registrations) 
Discussion around making Archer more usable, user friendly, and intuitive. Items such as Silverlight replacement, Bookmarks Bar, History Breadcrumbs, Button Consolidation, Multi-Columnar Layouts, and Appearance Themes may be discussed.
4:00 pm – 5:00 pm Financial Services User Group - REGISTER NOW!
6:30 pm – 10:00 pm Welcome Reception @ Acme Feed & Seed sponsored by PwC

 

Thursday, August 16

7:15 am – 8:15 am Breakfast
7:15 am – 8:15 am
Partner Expo Open
8:30 am – 10:00 am Opening Keynotes 
10:00 am – 6:00 pm  RSA Archer Clubhouse Open 
10:00 am – 6:00 pm  Partner Expo Open 
10:00 am – 10:30 am Networking Break
10:30 am – 11:15 am
Track Session Speaker/Instructor
Business Risk Management in Practice 1

Driving Quality Control via Questionnaires and Executive Dashboards

Our executive leaders had a problem - they were getting multiple loan quality control testing reports from different functional teams.  Each team had different testing criteria, different error definitions, different metrics and different time frames.  It was difficult for our executive leaders to determine acceptable error rates and nearly impossible to compare production quality across functional teams.  By establishing a consistent framework in RSA Archer, which utilized robust quality control questionnaires, workflow, and standard error calculations, we were able to provide an enterprise-wide consolidated quality control program.  This program has enabled greater efficiencies for the testing teams and improved executive oversight via dashboards.  

Justin Weber, Director Operations Risk Management, BECU; 
Xiaoxing Guo, System Administrator, of Microsoft previously with BECU; 
Andrew Gaines, System Administrator, BECU 
Christine Blackburn, RWC/Archer Expert Consultant 
Business Risk Management in Practice 2

How Much is Your GRC Program Worth?

Whether you are a prospect customer or a GRC “old hand” trying to expand your program, you will be asked to justify GRC value at some point. Like many of us, you probably struggle to define and clearly articulate clear business benefits. It ain’t easy, but in this presentation you will learn a variety of techniques from veteran practitioners with over 20 years of GRC experience to develop quantitative and qualitative benefits to track and communicate GRC business value.

Phil Aldrich, Director, GRC/ERM, Dell and Jennifer Pesci-Anderson, Verterim Inc. 
The RSA Archer Journey

Simple Wisdoms from an RSA Archer Agile Journey

If you want something you have never had, you’ll have to do something you have never done.  MD Financial Management began its GRC journey in 2016.  Throughout this expedition, MD has gained treasured wisdoms on what worked well and not so well.  MD has shaped a governance and stakeholder model that builds collaboration, momentum, and results and adopted an agile approach that works for MD by choosing simplicity over sophistication in development, administration, and support.

Shane Bracewell, A-VP Enterprise Risk Management, MD Financial 
RSA Archer Technical Track 1 

Advanced Workflow to the Rescue:  Solving Complex Approval Challenges

Education and understanding the differences between Data Driven Events and Advanced Workflow is the first step in the conversion process of complex approval flows in your RSA Archer GRC implementation. Testing the waters in a development environment becomes crucial to a successful migration effort. Getting around lack of support for uploading existing records at any point in the workflow avoids a fatal deal breaker. Come learn how NASA successfully mitigated the risk of Death by DDEs using Advanced Workflow. 

Steve Kerney, Systems Architect, NASA (NDTI) and Brent Thome, Advisory Consultant, RSA
RSA Archer Technical Track 2 (Advanced) Creating Order From Chaos: Using RSA Archer to Tame Your Data
Do you have data scattered across your organization in a seemingly endless variety of systems and formats? Come see how recent improvements to RSA Archer’s Integration ecosystem can help you create order from the chaos, and centralize your data into a single system. From updated translation capabilities, to performance boosts, to a game changing new transporter type, the latest version of Archer gives you the “keys to the kingdom” by allowing you to consume virtually any data source.
Scott Hagemeyer, Senior Product Manager, RSA
Results Driven Risk Management Strategic Partnering: Accelerating from Zero to Sixty 
In this session attendees can expect to learn how early engagement of the business and strong leadership support can transform your GRC program before it even takes flight. We will explore insights and lessons learned from a brand new GRC system evaluation through establishing governance and strategic road mapping initiatives. 
Adam Wisnieski, Deloitte 
Devin Amato, Deloitte 

Tips & Tricks Learning Lab Access Permissions Escape Room with E.P.I.C. Crutch
Dive into an escape room that introduces the basic concepts of RSA Archer permissions and the brand new E.P.I.C. (Effective Permissions Investigation Console) feature. Test roles, record permissions and use the console to help you investigate and escape!
Marcy Gaynes, Dedicated Support Engineer III, RSA and Sheila Gordon, Systems Engineer, RSA
RSA Archer Self-Guided Exploration Lab RSA Archer Self-Guided Exploration Lab Speakers TBD
11:30 am – 12:15 pm
Track Session Speaker/Instructor
Business Risk Management in Practice 1

Integrating Public Sector and Commercial Solutions

Join us as we share how Parsons Corporation approached implementation of a game changing federal DoD regulation to manage business risk and compliance for our project delivery teams to meet government audits by self-assessments. The RSA Archer journey involved several challenges and innovative approaches to gain business commitment andget the GRC program up and running using RSA Archer. Issues to be tackled included organizational culture, technical maturity, and showing return on value to meet a compliance deadline of December 2017.

Vijaya Ramamurthi, Sr. Manager, Cyber Risk & Compliance, Parsons Corporation and Kirk Whittaker, Sr. Cyber Specialist, Parsons Corporation
Business Risk Management in Practice 2

How RSA Archer Third Party Governance has delivered procurement success at ME Bank

The ME Bank Procurement team has recently completed an implementation of RSA Archer Third Party Governance. This session will cover the lessons learned from the implementation and present the unique solution that has been delivered, as well as demonstrating the risk, compliance, and commercial benefits that are being achieved across the whole organization.

Michael Morpeth, General Manager Procurement and Property, ME Bank 
The RSA Archer Journey

Good Ideas – No Buy In

Many times technology is used to prop up broken and misaligned processes—the solution lies in the alignment of objectives, processes, and people.  This presentation covers what to do when stakeholders are resistant to the change required to mature your risk and compliance program. 

Jamie Galioto, Sr. Director Risk and Compliance Operations, Target Corporation and Kevin Brown, Director GRC & Reporting, Target Corporation 
RSA Archer Technical Track 1 

Achieving More in RSA Archer Utilizing the API

Ever wanted the ability to copy a record in RSA Archer without bringing over all the linkages or just target certain fields?  Have you ever needed to extract hundreds of records including attachments to provide information for external auditors?  Have nightly recalculations become too burdensome on the system?  If you answered yes to any of these, you need to attend this session to learn how RSA Archer’s API can be used to extend the Platform’s capability to achieve almost anything!

Brian Olberz, IT Manager, Humana and Mark Klimesh, Humana
RSA Archer Technical Track 2 (Advanced) The Benefits of Hardware Sizing and System Performance Health Checks
This session will show what the offerings are for sizing and performance health checks as well as what benefits to organizations can be gained. We will also discuss common pitfalls organizations typically fall into as well from an RSA Archer configuration standpoint.  
Kevin Miller, Consultant, RSA
Results Driven Risk Management Modernizing The RSA Archer User Experience For Business Teams
In this session we will cover how to use Custom Objects, Custom Webpages, and the RSA Archer REST API to bridge the gaps that exist between your business needs and Archer functionality. Common problems will be addressed, such as creating records, reducing the number of clicks to accomplish tasks, readability, and overall webpage style
Steven Asplund, GRC Product Lead, Starbucks
Samuel Bradley, Director, Edgile 
Andrew Stull, Engineer, Edgile
Tips & Tricks Learning Lab Annual Assessment Design Hack: Less effort and better information
Learn how to build a risk assessment program using control procedures and in-line edit reports instead of questionnaires. This design reduces labor burden on control owners while simultaneously improving documentation quality and populating the RSA delivered compliance percentage field for cyber security, compliance and audit functions.
Dustin Aldrich, Cyber Security Analyst III, St. Luke's Health System and Liz McNamara, Systems Engineer, RSA
RSA Archer Self-Guided Exploration Lab RSA Archer Self-Guided Exploration Lab Speakers TBD 
12:15 pm – 1:15 pm  Lunch 
1:15 pm – 2:00 pm
Track Session Speaker/Instructor
Business Risk Management in Practice 1

Center for Medicare and Medicaid Services (CMS) Cyber Journey

The RSA Archer Platform has supported the Center for Medicare and Medicaid’s (CMS) ability to adapt and mature its cyber risk program.  This session will discuss CMS’s journey with RSA Archer, how it set the stage for change, the capabilities, metrics, process and organizational changes it has supported, and where we are headed next. 

Teresa Proctor, Deputy Director, Division of Security and Privacy, Information Security Office of IT, Center for Medicare and Medicaid Services and Susan Halterman, Cyber Security Engineering, MITRE
Business Risk Management in Practice 2

Taming the GDPR Beast: Build an End-to-End Framework for Managing GDPR Compliance

Join LabCorp as they share their journey in establishing a framework of 70 key action items to meet GDPR compliance requirements. From centralizing data processing activities to managing data breach notifications, learn how LabCorp leveraged RSA Archer as the core technology for managing GDPR compliance along with other key technology investments, including Radar, Splunk, and multiple CMDBs to facilitate the company’s end-to-end GDPR program

 

Josh Britten, Manager, Crowe Horwath
The RSA Archer Journey

Recipe for Success: A Collaboration of People and Integrated Technology

FirstBank recently deployed RSA Archer as an integrated risk management solution to replace a legacy GRC platform. They knew from the start that in order to be successful, they needed people from across the organization to work together and be on the same page. In this session, you'll hear how FirstBank and Iceberg fostered this teamwork throughout every stage of the project -- from software selection, to planning, implementation and finally deployment.

Kristy Ruthstrom, Cloud Integration Analyst, FirstBank and Melissa Cohoe, Director of Implementation, Iceberg
RSA Archer Technical Track 1 

Utilizing Cloud Infrastructure to Optimize RSA Archer Workflow Development

Over the past year, Nordstrom completely rebuilt its RSA Archer environments using cloud infrastructure.  Learn how we leverage cloud flexibility to create both on demand and scheduled availability environments to effectively work various development efforts concurrently.  Utilizing this infrastructure, we have created workflows for RSA Archer applications as well as infrastructure changes, combining change management processes with rapid development cycles.

Christopher Baxter, Engineer 3, Nordstrom and Joaquim Rosario, Information Security and Compliance; Nordstrom 
RSA Archer Technical Track 2 (Advanced) Report Like A Boss, For Your Boss, Using the Content API and BI Tools
The Content API is a new feature to the RSA Archer platform that enables clients to expose and interact with Archer data in the same manner and terminology they are used to seeing in the User Interface. The API also enables integrations with common BI Tools such as Tableau, Power BI, and QlikView. Come see how to leverage this API in your organization and give your reporting a boost.
Scott Hagemeyer, Senior Product Manager, RSA
Results Driven Risk Management

Simplify the End User Experience – Lessons Learned from Deploying RSA Archer Risk Assessments

Join Procter & Gamble as they describe their journey of implementing a custom use case within the RSA Archer platform to facilitate the documentation and assessment of project initiatives as part of the application acquisition and deployment life cycle.  The solution accesses the potential impact to key compliance areas of focus, facilitates consultations with Enterprise Architectural and Information Security personnel to document required design artifacts, and prescribes a required controls framework to ensure that critical information security controls are met during project design and execution.  Integration with the Issues Management use case facilitates the documentation of control compliance issues to initiate the organization's preexisting issue remediation and risk treatment processes.   Learn how the organization resolved the challenges of meeting unique business requirements and the impact over-complexity can have on end user adoption of the process.  By leveraging the core features of the RSA Archer platform and consistent assessment approaches the solution delivers a consistent end user experience while also achieving the organization's key objectives. 

Rob Gould, Procter & Gamble and Brett Sommers, Senior Manager, Crowe Horwath 
Tips & Tricks Learning Lab Introducing the New RSA Archer JavaScript Transporter - Part 1
The RSA Archer JavaScript Transporter lab will focus on the basics of setting up a data feed to utilize JavaScript. Attendees will learn how to obtain an API key, create custom parameters, and make an API call that will populate recent news publications into RSA Archer.
Wes Loeffler, Solutions Engineer, RSA
RSA Archer Self-Guided Exploration Lab RSA Archer Self-Guided Exploration Lab Speakers TBD 
2:15 pm – 3:00 pm
Track Session Speaker/Instructor
Business Risk Management in Practice 1

Math is Hard: Compliance to Continuous Risk Management

Moving from a compliance mindset to a culture of risk management requires a progressive shift toward a secure, integrated, and continuously monitored environment.  Sandia's implementation of a risk-based approach provides organization-wide awareness through the collection, correlation, and analysis of organizational data.  Participants will walk through a use case that demonstrates planning and implementation of a robust risk management process, while avoiding key cultural and communication pitfalls.

Christie Gross, Senior Cyber Assurance Architect, Sandia National Laboratories
Business Risk Management in Practice 2

Answer the Call for Transparency and Accountability - Managing Third Party Risk Using RSA Archer

Discover’s Third Party Risk Management process was in need of process improvements and RSA Archer was chosen as a key component of the solution.  The session will outline key challenges we faced across core business functions/ critical process steps within the end-to-end Third Party Risk Management process.  We will explain how we utilized Archer to address the challenges resulting in added process transparency, improved key personnel accountability, increased automation, and streamlined Risk Assessment Process.

Jason Sharratt, Manager, Discover Financial Services and Petar Ivancevic, Senior Associate, Discover Financial Services 
The RSA Archer Journey

Starting From Square One – RSA Archer Out-of-the-Box Light

RSA Archer comes out the box exploding with content for Risk Managers to enhance their processes. However, many companies struggle to convert their paper processes into robust systems processes. We’ve all heard to go “out-of-the-box” and avoid the allure of complex customization – yet we think the real secret to success is to start small, and mature your process before you build.

Mikael Rosenberger, VP, Risk Analytics, BofI Federal Bank
RSA Archer Technical Track 1 

How to Make Supporting RSA Archer Easier: Best Practices to Thank Yourself Later

Join us as we share various developer standards that IMF has chosen to put into place in RSA Archer based on almost eight years of implementation experience.  We will cover examples, suggestions, and mistakes to avoid so that you can build out RSA Archer in a way that takes the long term view.  These suggestions may not always be the quickest during the development phase, but will most definitely pay off when your organization is much more easily able to do additional rounds of enhancements and support RSA Archer in the future.

Katie Bacon, RSA Archer Architect, IMF
RSA Archer Technical Track 2 (Advanced) What's new in Advanced Workflow? Electronic Signatures, Audit and Permissions!
This talk expands on foundational knowledge of Advanced Workflow. The first topic is how to configure, permission, and display information about Electronic Signatures in Advanced Workflow. Next, we'll explain how to configure Advanced workflow Audit, permission Advanced Workflow Audit data, and display the data on in the History Log field. The last piece covered is configuration of Rules and Permissions for transitions and User Initiated buttons in the Advanced Workflow Designer.
Konstantin Vakshteyn, Senior Principal Software Engineer, RSA and Bruce Allison, Senior Software Quality Engineer, RSA
Results Driven Risk Management Operationalizing Vendor Assurance Within RSA Archer 
Organizations are continually challenged with making the process of evaluating and monitoring controls around third party products and services. This session will explore how EY Global is leveraging the RSA Archer (6.3x) platform to enable their Vendor Assurance process to address increasing regulatory challenges including GDPR and improvement in collaboration within EY and externally to increase efficiencies while maintaining effective information security risk management. 
Rob Otten, EYG and John Mitchell, EY
Tips & Tricks Learning Lab Introducing the New RSA Archer JavaScript Transporter - Part 2
The RSA Archer JavaScript Transporter lab will focus on the basics of setting up a data feed to utilize JavaScript. Attendees will learn how to obtain an API key, create custom parameters, and make an API call that will populate recent news publications into RSA Archer.
Wes Loeffler, Solutions Engineer, RSA
RSA Archer Self-Guided Exploration Lab RSA Archer Self-Guided Exploration Lab Speakers TBD 
3:00 pm – 3:30 pm  Networking Break
3:30 pm – 4:15 pm
Track Session Speaker/Instructor
Business Risk Management in Practice 1

Thinking Inside the Box – Being Judicious About Customization

RSA Archer is a great tool to manage IT risk. A premier feature is its deep customization capabilities. But every virtue, if taken too far, can become a vice. Let’s revel in RSA's version of RSA Archer, rather than attempting to reinvent the wheel. Our discussion is centered on taking a measured, judicious approach in determining what to customize. We will discuss five argument for resisting the pressure to customize RSA Archer’s Use Cases.

Sean McHenry, Cybersecurity Analyst and GRC Specialist, State of Utah, Dept. of Technology Services
Business Risk Management in Practice 2

Quantifying Cyber Risk with RSA Archer 

This session will introduce RSA Archer Cyber Risk Quantification – the latest addition to the RSA Archer use case portfolio. Learn about how this use case fits into RSA Archer’s strategy, see the use case in action and how quantifying cyber risk in RSA Archer can benefit your organization.

Marshall Toburen, GRC Strategist, RSA , Mark Hofberg, Risk Transformation Office, RSA, Chris Patteson, Risk Transformation Office, RSA, Jack Jones, Chairman, The Fair Institute, Paul DeLuca, Risk Architecture Director, AIG, Mat Bonderud, IT Risk Manager, FedEx and Harrison Tedder-King, Sales Engineer, RSA Archer 
The RSA Archer Journey

A Fool With A Tool, Is Still A Fool, Creating An Effective and Efficient Risk Assessment Workflow

What is driving your IT Risk Assessment process?  Most likely, it is state and/or federal laws or company policy and other legal obligations. At UF, we are beholden to FERPA, HIPAA, FIPA (Florida Information Privacy Act), GLBA, PCI, CJIS, and many other contractual obligations from our researchers. We realized that the tools needed are only as good as the processes that back it up. Join us as we share how RSA Archer allowed us to effectively target assessment effort and involve all of the right partners (e.g. privacy, legal, procurement etc.,) to eliminate over-emailing, reduce our meeting times, and much more. 

Cheryl Granto, Information Security Manager, University of Florida and Thomas Brown, Senior IT Security Analyst, University of Florida
RSA Archer Technical Track 1 

The Wonderful World of (Advanced) Workflow. A Panel. 

Excited about Advanced Workflow in RSA Archer 6.x but not sure where to begin? Knee-deep in implementing but you have some tricky questions? Not sure what the payoff will be for converting your DDE-based workflows to Advanced Workflow? If you are looking for answers to these kind of questions and more, come and check out the Advanced Workflow Panel, featuring a mix of RSA Archer Administrators and RSA Experts. 

Margo Brosnan, Lead InfoSec GRC Architect, MITRE, Larry Darrow, GRC Specialist, Pepsico and 
Tiffany Milstead, RSA Archer Developer, Pepsico
RSA Archer Technical Track 2 (Advanced) Risk-based Vulnerability Management with RSA Archer IT Security Vulnerabilities Program Management
Join us as we introduce the new RSA Archer IT Security Vulnerabilities Program Management use case.  We’ll demonstrate the full end-to-end processing of vulnerabilities from detection to remediation, including pre-built integrations with third party scan vendors.  Leveraging RSA Archer's business context and well-defined process flows, along with the new platform capabilities, analysts and IT operations can easily prioritize their remediation efforts based on the risk to the organization.
Jim McNab, Senior Manager, Professional Services, RSA
Bobbi Ireton, Principal Software Engineer, RSA
Results Driven Risk Management

Third Party Risk Management – at Global Scale and Pace

HSBC is one of the world's largest banking and financial services organisations with around 3,900 offices in both established and emerging markets. HSBC undertook a global initiative to leverage Archer for supply chain risk management. Join us as we discuss how program management and the culture for risk management influenced each other.

Mark Coderre, Global Practice Director, TUV Rheinland OpenSky and  Daniel Crease, Head of Third Party Management, HSBC
Tips & Tricks Learning Lab Mad About Mail Merge: Learn How to Use RSA Archer’s Mail Merge Functions to Create Great Documents
RSA Archer’s Mail Merge capability is a powerful tool for creating documentation for your organization. It allows quickly and easily exporting records into a standardized Word or PDF document, with formatting options far beyond standard Archer exports. This lab will include an introduction to Mail Merge and hands on experience with creating Mail Merge documents. Come learn how to use Mail Merge to meet your user’s needs.
Matt Dostal, Business Systems Administrator, Bank of the West and Austin Tyler, Systems Engineer, RSA
RSA Archer Self-Guided Exploration Lab RSA Archer Self-Guided Exploration Lab Speakers TBD 
4:30 pm – 6:00 pm  RSA Archer Cocktail Reception sponsored by KPMG
6:30 pm – 10:00 pm  RSA Archer Customer Appreciation Event sponsored by Deloitte
10:00 pm – 12:00 am RSA Archer After Hours Party sponsored by Edgile

 

Friday, August 17

8:00 am – 8:45 am  Breakfast 
8:00 am – 8:45 am  Financial Services Breakfast - open to all attendees
8:00 am – 11:00 am Partner Expo Open 
9:00 am – 9:45 am
Track Session Speaker/Instructor
Business Risk Management in Practice 1

Internal Audit’s Integrated Approach with the 2nd Line of Defense

Join this session to learn how and why Internal Audit initiated and led the development of an integrated approach program. The session will cover:

  • The immediate benefits gained for the audit group when the audit use case was implemented – more accuracy and efficiency in managing the audit universe, annual risk assessment and annual audit plan processes
  • The foreseeable benefit for the three lines of defense when other governance groups implement RSA Archer – leveraging risk and control assessment information, coordination and leveraging of control testing, potential agile audit plan as risk process matures for first and second line of defense
  • Why Internal Audit still has a seat at the table even though our implementation is complete 
Marcia Schow, AVP, Audit Services, Manulife/John Hancock
Business Risk Management in Practice 2

Rio Tinto’s Journey Towards Integrated Enterprise Wide Management of Risk

For 145 years, Rio Tinto has been pioneering the production of materials essential to human progress. The minerals and metals we produce play a vital role in a host of everyday items and innovative technologies that help make modern life work. This presentation will share an overview of our vision for integrated management of risk across the 3 lines of defence, progress made and lessons learnt to date. Highlights to date include how every risk we capture in RSA Archer can be viewed through the risk and performance thresholds of each management team from the site to the Group level, and how we are able to profile risk across the Group by both functional area and line accountability. Next up: slicing and dicing monitoring and performance data, integrated assurance, streamlining our control framework and leveraging machine learning, natural language classification and clustering.

Matthew Hancock, Principal Advisor - Risk, Rio Tinto 
The RSA Archer Journey

What Can You Get Done in 9 Months? Implement 11 Use Cases

Marathon Petroleum Corporate and Verterim, Inc. will conduct a walk-through of the successful, expansive implementation and operationalization of eight RSA Archer use cases in nine months. The presentation will focus on strategy and project execution, and operational components, including: information security, risk, SOX and audit use cases, strategy planning and project management, success criteria, team commitment and deployment activities to operationalize RSA Archer.  

Jeff Kirkendall, IT Business Analyst, Marathon Petroleum Corporate and Lynda Heij, GRC Strategic Consultant
Verterim, Inc.
RSA Archer Technical Track 1 

RSA Archer with SSO – One Password to Rule Them All
Join us as we discuss the fundamental knowledge on setting up utilizing various single sign on technology with RSA Archer. These include ADFS federation, Azure AD, and HTTP header with mutual authentication, as well as LDAP integration. There will be a demonstration of the various setup discussed in the presentation 
Tim Tsang, Chief Technical Advisory, RSA 
RSA Archer Technical Track 2  Ask the Admin Panel
The “Ask the Admin” Panel session has be a staple for the RSA Archer Summit for years.  If you want to Know How, this is the place of the Know Hows.  Join an interactive panel of customer and RSA technical administrators as they discuss the Ins and Outs of the RSA Archer Platform, use cases, operational support processes and all things Admin.
Toby Maack, System Liaison 3, First Interstate Bank
Patrick Johnson, Team Lead, eGRC Technology, Sempra Energy
Raj Pyakurel, Information Security Analyst, Albertson’s Companies
Results Driven Risk Management

Enterprise Incident Management utilizing RSA Archer 

Join us as we share how the RSA Archer platform was used to streamline and automate CME’s Enterprise Incident Program across the entire lifecycle. We will discuss how CME’s Center of Excellence helped design the overall architecture to accommodate Cyber, Legal, HR, Compliance and Physical Security incidents. We will also discuss the challenges faced by us and further improvement opportunities 

David Ellett, Senior Associate, KPMG LLP and Courtney Elder, Director, CME
Tips & Tricks Learning Lab Hello Again, World! Writing Archer API Utilities Quickly and Easily with the RSA Archer API SDK - Part 1
Don't be scared of the RSA Archer APIs, embrace them! This session will aim to highlight what the RSA Archer Suite APIs are, what they can do for you, and how you can leverage them in a simplified system using the new RSA Archer API Software Development Kit (SDK). Doing so will both extend and maximize your RSA Archer Suite return on investment. Participants will be writing code alongside our guides to see how to make the most of their RSA Archer platform.
Scott Hagemeyer, Senior Product Manager, API Evangelist (RSA)
RSA Archer Self-Guided Exploration Lab RSA Archer Self-Guided Exploration Lab Speakers TBD 
10:00 am – 10:45 am
Track Session Speaker/Instructor
Business Risk Management in Practice 1

A Unique Approach to “Agile” Business Impact Analysis in RSA Archer

The Vanguard team has developed a unique approach to the Agile Methodology that works with the RSA Archer Platform. Our approach combines classic Agile, rapid prototyping, concurrent environment testing, and more. In this session, we will share the various aspects of this tailor-made Agile approach we used for the implementation of the Business Impact Analysis Use Case.

Charles Gowdy, Technical Specialist II, Vanguard and Bradford  Grant, Business Contingency Manager, Vanguard
Business Risk Management in Practice 2

Risk Management. Powered-Up

In the face of a highly complex risk landscape, Microsoft has digitally transformed its risk management program to execute streamlined risk reviews, risk mitigation plans, and risk reduction initiatives—all powered through the RSA Archer Suite.  Join us to learn how Microsoft and KPMG leveraged RSA Archer to accelerate the handling of risks and drive accountability by bringing together key players to protect the business.

Nick Butcher,Sr. Engineering Program Manager,  Microsoft and Eric Cha, Senior Associate,  KPMG Advisory
The RSA Archer Journey

One Team to Manage it All

As the saying goes, you can't please everyone all the time - especially while facing increased consumption and use case demand from the business. Learn how one small Risk and Compliance team  was able to balance roles as GRC practitioners, platform owners, project managers, and system administrators to deliver an incremental development strategy, all while meeting the organization’s maturing risk management capabilities and still keeping RSA Archer’s lights on. 

Steve Taylor, Risk Systems Manager, Qsuper 
RSA Archer Technical Track 1 

Bringing Value to Users with Optimal Look, Feel and Navigation in RSA Archer

If end users do not see the benefits, they may be reluctant to provide sufficient data. Data collection processes must be easy and RSA Archer must give back relevant easy-to-find information. We will show how Central Bank of Norway customizes RSA Archer with HTML to create a simple user friendly start page, pages for Division Managers, diagrams as alternative to task-driven dashboard, technique behind “buttons,” automated report filters.

Bjørn Egge, Senior Compliance Officer, Norges Bank (Central Bank of Norway) and Tuan Khoa Pham, GRC Consultant, Mnemonic
RSA Archer Technical Track 2 (Advanced)

Identity & Access Management for RSA Archer based on RSA Identity Governance Lifecycle 
Having acquired both RSA Archer eGRC and RSA Identity Governance Lifecycle our aim was to integrate them and benefit from the strength of both. This session elaborates our company’s approach to manage user accounts and access to RSA Archer GRC. It covers identity provisioning, processes for access request, access review and the access control model that we have established on our RSA Archer Governance Platform for various use cases.

Dieter Huell, Cyber Risk Analyst, Daimler AG
Results Driven Risk Management

Don’t forget about HR; Using RSA Archer Incident Management for Employee Relations incidents

Use case for implementing RSA Archer Incident Management module for HR that works in conjunction with other departments. Data tells HR a story when it comes to employee relations issues, we wanted to track that data to find root causes or trends for reporting. We customized the system to meet needs and have continued to build on the platform to pull even more insight to HR incidents.  What we got was a system that allows HR to communicate with other departments to work collectively in one system of record

Patrick Bernardy, Director, GRC Enablement Solutions, PwC and Kevin Housing, Assistant Vice President Human Resources, GM Financial
Tips & Tricks Learning Lab Hello Again, World! Writing Archer API Utilities Quickly and Easily with the RSA Archer API SDK - Part 2
Don't be scared of the RSA Archer APIs, embrace them! This session will aim to highlight what the RSA Archer Suite APIs are, what they can do for you, and how you can leverage them in a simplified system using the new RSA Archer API Software Development Kit (SDK). Doing so will both extend and maximize your RSA Archer Suite return on investment. Participants will be writing code alongside our guides to see how to make the most of their RSA Archer platform.
Scott Hagemeyer, Senior Product Manager, API Evangelist (RSA)
RSA Archer Self-Guided Exploration Lab RSA Archer Self-Guided Exploration Lab Speakers TBD 
11:00 am – 12:00 pm   Closing Keynotes 
12:30 pm – 2:30 pm Working Group: Third Party Risk Management - REGISTER NOW!
Description: The third party working group will be a roundtable lunch format. The lunch will be an opportunity for third party management professionals to network with peers and discuss best practices for implementing a third party risk management program. Topics will also include recent or planned enhancements in Archer’s third party use cases, including contract authoring and integrations with content providers. 

Questions? Don't hesitate to contact us.

For general RSA Archer Summit 2018 questions, please contact: stacy.sakellariou@rsa.com