Join us for the ISACA Chicago Convergence Conference on August 27, 2026, at 320 Events in Chicago.
This year’s conference brings together distinguished subject‑matter experts and thought leaders from across the world to explore the rapidly evolving landscape of Governance, Risk Management, Compliance, Cybersecurity, Information Security, IT Audit, and Assurance. This conference offers participants the opportunity to engage in high‑value discussions, exchange practical insights, and collaborate on the trends and emerging challenges shaping the future of our profession.
Anchored in the theme “The Trust Imperative: Securing What’s Next,” the 2026 conference will deliver a rich learning experience designed to strengthen global perspectives and professional capability. Attendees will have the opportunity to deepen their expertise through two focused tracks:
- Track 1: Governance, Risk, Compliance, and Audit
- Track 2: Security and Resilience
Together, these tracks create a dynamic environment for knowledge sharing, innovation, and meaningful connections that advance trust and security across industries and borders.
Why Attend?
- Networking Opportunities: Connect with industry professionals who share your passion and drive for emerging technologies.
- Inspiring Sessions: Discover new perspectives and ideas to drive personal and professional growth.
- Enjoy the happy hour reception
____________________________________________________________________________
Registration & Breakfast
8:00 AM-9:15 AM
____________________________________________________________________________
Keynote | Succeeding with Security at Scale: Lessons learned from a career across borders and communities
9:15 AM-10:00 AM
Bjorn R. Watne
Global CISO
INTERPOL
Session Overview: "If you want to go far - go together." An ancient proverb captures a modern truth: in cybersecurity, ambition without collaboration is fragmented; collaboration without strategy is chaotic. This presentation weaves together three perspectives — a cybersecurity practitioner's experience across multiple continents, an ISACA member's journey in professional networks, and an international organization's approach to transnational security governance — to show how transnational collaboration drives cybersecurity maturity and organizational resilience.
What You'll Learn:
- Practical lessons from managing cybersecurity programs in multi-country organizations, including the real obstacles and breakthrough moments
- How international standards bridge different regulatory environments and create common security language across teams
- Why ISACA membership accelerates your ability to build these global networks and stay current with evolving threats
- Real-world examples of how international organizations achieve superior security outcomes through borderless collaboration and shared standards.
Ideal For:
Security leaders expanding into international roles, ISACA members seeking to maximize professional network value, and teams building security cultures across organizational boundaries.
Key Takeaway: Cybersecurity excellence at enterprise scale is impossible alone — but with intentional collaboration across teams, borders, and professional communities, it becomes achievable.
Fireside Chat
10:00 AM-10:45 AM
Bjorn R. Watne
Global CISO
INTERPOL
____________________________________________________________________________
Morning Break
10:45 AM-11:00 AM
____________________________________________________________________________
Track 1 | Session 1 | Cyber-risk oversight and governance – What Directors and Boards Need to Know
11:00 AM-11:30 AM
Uros Zust
IT Assurance & Advisory Partner
Forvis Mazars
Synopsis:
Cyber risk has moved well beyond the IT domain and has rapidly become a core responsibility of directors and boards. Today, cybersecurity is widely recognized as a strategic, enterprise‑wide risk that directly affects value creation, organizational resilience, regulatory exposure, and trust with key stakeholders. As with financial, operational, and strategic risks, boards are now ultimately accountable for cyber risk oversight as well.
The Internet Security Alliance (ISA), in collaboration with the National Association of Corporate Directors (NACD), has developed the Director’s Handbook on Cyber‑Risk Oversight to help boards address these evolving responsibilities. The handbook is built around a set of interdependent principles that together form a practical governance framework for effective cyber‑risk oversight. These principles cover cybersecurity as a strategic enterprise risk; legal and disclosure implications; board oversight structures and access to expertise; enterprise frameworks for managing cyber risk; cybersecurity measurement and reporting and the need to encourage systemic resilience and collaboration.
This presentation highlights why cyber‑risk management has become a board‑level imperative, introduces the key governance principles directors should understand and apply, and presents selected practical tools that boards can use to strengthen oversight of cybersecurity in specific risk areas.
____________________________________________________________________________
Track 2 | Session 1 | Beyond the Firewall: Cyber Resilience as a Fiduciary Duty and the Rise of Personal Liability
11:00 AM-11:30 AM
Pierluigi Sartori
Enterprise Risk Manager, Senior Cybersecurity Executive,
GOSP
Abstract
In an era where cyber incidents can erase billions in market value overnight, the role of the CISO is undergoing a radical transformation: from a technical guardian to a strategic risk manager. With the SEC’s increasing scrutiny in the U.S. and the implementation of DORA in Europe, cybersecurity has officially entered the boardroom as a matter of fiduciary duty. This session will explore the shifting landscape of personal liability for C-level executives and Board members.
Drawing from leadership experience in global systemic insurance groups and independent financial institutions, we will analyze why the "reporting to the CRO" model is becoming the gold standard. Participants will gain a pragmatic framework to bridge the gap between technical vulnerabilities and financial risk, ensuring that cyber resilience becomes a pillar of corporate governance rather than a line item in the IT budget.
____________________________________________________________________________
Track 1 | Break | S1 - TBA
11:30 AM-11:40 AM
Track 2 | Break | S2 - TBA
11:30 AM-11:40 AM
____________________________________________________________________________
Track 1 | Session 2 | AI Governance vs. AI Assurance: Do You Know the Difference?
11:40 AM-12:10 PM
Pam Nigro
Senior Vice President of Security and Security Officer
Medecision
Synopsis
As organizations pivot from AI experimentation to full-scale integration, a critical "Trust Gap" has emerged. Many leaders believe that having an AI Ethics Policy means their systems are secure and compliant. However, in the era of "The Trust Imperative," policy is only half the battle. This session provides a high-impact breakdown of the two pillars of AI trust: Governance (the rules of engagement) and Assurance (the proof of performance).
Designed for GRC professionals and auditors, this session will clarify why governance without assurance is a liability, and how assurance without governance is aimless. Attendees will learn how to move beyond "checkbox compliance" and develop a dual-pronged strategy that verifies whether AI systems are doing what they are told—and, more importantly, whether they are doing what they were intended to do. This is the roadmap for securing "What's Next" in the AI-driven enterprise.
Learning Objectives
By the end of this 30-minute session, participants will be able to:
- Distinguish Between Oversight and Evidence: Define the functional differences between AI Governance (setting policies, ethical frameworks, and risk appetite) and AI Assurance (the technical validation, testing, and auditing of model outcomes).
- Identify the "Trust Gap" in Current Frameworks: Recognize where traditional GRC frameworks fail to address the non-deterministic nature of AI and identify the specific points where assurance must step in to provide real-time verification.
- Implement an Assurance-First Audit Approach: Map out a transition plan for internal audit teams to move from static, point-in-time AI assessments to a continuous assurance model that monitors for model drift, bias, and hallucinations.
- Execute a "Governance-to-Assurance" Workflow: Apply a 3-step checklist to any new AI deployment to ensure that high-level governance objectives are backed by measurable, auditable assurance evidence for stakeholders and regulators.
____________________________________________________________________________
Track 2 | Session 2 | Risk Roulette
11:40 AM-12:10 PM
In Cybersecurity, every decision comes with trade-offs, and not all risks are created equal. In this high-energy, live debate, top security leaders face off to tackle some of the toughest “what-if” scenarios CISOs encounter daily, from ransomware vs. silent data breaches, to strict access controls vs. business agility, and everything in between.
Audiences will witness real-time arguments, expert insights, and a clash of perspectives as panelists defend their stance on difficult security dilemmas. Attendees will gain insights into:
* A deeper understanding of the trade-offs behind major security decisions* Actionable frameworks for prioritizing risk in their own organizations* Fresh insights into how leading CISOs think under pressure.
____________________________________________________________________________
12:10 PM-1:00 PM
Track 1 | Break | S3 - TBA
Track 2 | Break | S4 - TBA
____________________________________________________________________________
Track 1 | Session 3 | Privacy in the Age of AI: From Compliance to Trust
Ulrika Dellrud
Chief Privacy & Data Ethics Officer
Smarter Contracts
Synopsis
Artificial intelligence is transforming how organizations use, share, and generate value from data — and introducing new categories of privacy risk that traditional compliance approaches were never designed to address. To thrive in the AI-driven era, organizations must rethink privacy not as a checklist, but as a strategic enabler of trust, ethics, and responsible innovation.
This session explores why embedding privacy and ethics directly into AI governance is essential for managing risk and maintaining public trust. Drawing on global regulatory developments and real-world enforcement cases — including the expanding US state privacy patchwork, Illinois BIPA litigation, and FTC enforcement actions — it offers practical strategies for integrating privacy into AI development and deployment. Key themes include:
- Understanding new privacy risks introduced by AI systems, including agentic and autonomous AI.
- Navigating the US regulatory landscape: state law complexity, sector-specific obligations, and the NIST AI Risk Management Framework.
- Strengthening data governance to ensure compliance, accountability, and audit readiness.
- Moving beyond compliance to build trust as a competitive advantage
Participants will leave with a clear view of the privacy challenges posed by AI, the regulatory expectations shaping the field in the US and globally, and actionable governance strategies to safeguard rights while enabling innovation.
____________________________________________________________________________
Track 2 | Session 3 | AI as the Force Multiplier: Scaling Security and Resilience in an Era of Infinite Vulnerabilities
Sasha Belyi
Director of Risk & Governance
Arity
Synopsis
Security teams face an impossible equation: vulnerability discovery is accelerating, engineering bandwidth is finite, and the pressure to ship never slows. Security by design helps — but it doesn't eliminate the flood of CVEs, open-source dependency risks, and misconfiguration findings that land in every queue daily.
This session makes the case that AI doesn't replace security judgment — it scales it. Through three demonstrations, attendees will see AI applied across three leverage points: translating technical findings into business language, triaging competing priorities with contextual reasoning, and synthesizing disparate data into a defensible risk narrative.
We'll address the context problem honestly — data flows, SBOMs, architecture docs, and dev-embedded tools like GitHub Copilot, Cursor, Gemini, and Claude unlock AI's full potential, but that context is rarely ready. The good news: even basic business context delivers immediate value, and a disciplined feedback loop makes AI more powerful over time.
Attendees leave with a practical maturity model, guidance on where to start, and a clear-eyed view of the guardrails required to do it responsibly.
____________________________________________________________________________
Track 1 | Session 4 | Internal Audit Journey to Excellence
1:45 PM-2:30 PM
Karem Obeid
Chief Audit Executive, Board and Audit Committee Member
Synopsis
This presentation encapsulates a transformative evolution of the Internal Audit function from a conventional, compliance-focused entity to a forward-looking, value-creating strategic partner. It underscores the fusion of digital innovation, stakeholder collaboration, and agile, risk-based methodologies to drive alignment with organizational strategy. Rooted in ethics, foresight, and continuous improvement, this journey redefines Internal Audit as a catalyst for governance excellence and sustainable organizational growth.
____________________________________________________________________________
Track 2 | Session 4 | When AI Works Perfectly That Is When It Breaks
1:45 PM-2:30 PM
Hajira Sultana
AI Systems Developer
Next Generation Technologies
Synopsis
Most AI failures do not happen when systems are broken. They happen when systems are working well and users begin to trust them.
In this session I explore how trust becomes a core vulnerability in modern AI deployments. Through real world examples across enterprise and institutional systems I show how AI tools can expose sensitive data bypass intended safeguards and behave unpredictably under normal usage.
I focus on practical failure patterns such as over permissioned data access prompt based data leakage internal misuse and the lack of refusal boundaries. I also explain why traditional cybersecurity models are not enough when applied to AI systems and how these gaps create real organizational risk.
Attendees will leave with a clear understanding of how these risks emerge in production and what can be done to reduce them. This includes designing systems that can safely refuse limiting data exposure testing adversarial behavior and building resilient systems that account for how people actually use AI.
____________________________________________________________________________
Track 1 | Break | S5 - TBA
Track 2 | Break | S6 - TBA
____________________________________________________________________________
Track 1 | Session 5 | The Hive: From Control Chaos to Control Clarity
2:40 PM-3:15 PM
Brian Albertson
GRC Architect
State Farm
Synopsis
This session will focus on lessons learned from real world governance transformation efforts and how organizations can reduce complexity, align control objectives, and create sustainable governance models that support both innovation and resilience.
____________________________________________________________________________
Track 2 | Session 5 | AI- Enhanced Malware Reverse Engineering Workflows
2:40 PM-3:15 PM
Michael Toczycki
Cyber Threat Hunter
Northern Trust
Dan Dumitrescu
VP & Principal, Cyber Security Threat Management
Northern Trust
Synopsis
Overview of AI in Reverse Engineering
AI Automates Complex Tasks
AI automates challenging reverse engineering tasks, reducing manual effort and expertise requirements effectively.
Enhanced Pattern Detection
Machine learning models identify patterns and anomalies in malware code for faster, accurate threat analysis.
Real-Time Data Processing
AI processes large data volumes in almost real time, speeding up analysis and threat response times significantly.
Adaptive Threat Recognition
AI adapts to evolving malware, helping to analyze new variants that evade traditional detection methods successfully.
____________________________________________________________________________
Break
3:15 PM-3:30 PM
____________________________________________________________________________
CISO Panel | A Decade Later
3:30 PM-4:15 PM
General Session
____________________________________________________________________________
4:15 PM-4:45 PM
General Session
Katie Arrington
Chief Information Officer
IONQ
____________________________________________________________________________
Closing Remarks
4:45 PM-5:00 PM
CPE: Earn up to 8 CPE credits in the area of Information Technology.
Fees:
*Early Bird Discount: ISACA members and non-members who register by July 15, 2026, will save $50 on the conference fee.
- ISACA Members: $200
- Non-Members: $250
- Students and In-Transition: $100
- There is a 10% discount on registration for groups of five or more for the 2026 conference.
_____________________________________________
A Special Gift for Our Attendees
As part of our commitment to supporting local authors and thought leaders, every registered attendee will receive a complimentary digital copy of "Digital Transformation: How to Build a World-Class Program for SMBs" by Nahil Mahmood.
Upon registration, you will receive access to the download link, along with additional resources and exclusive attendee materials included in your conference package.
We hope you enjoy this valuable resource and the additional surprises we have prepared for you as part of your conference experience.
Thank you for joining us; we look forward to seeing you at the event!
Register Now: Don't miss out on this exceptional opportunity to participate in ISACA Chicago’s Conference+ 2026!
Stay tuned for more information!