Event Title: The Empire Had Governance. The Rebellion Had Control. (The Rise of Agentic GRC)
Format: Live webinar - after registration via Eventbrite. Up to 1.5 CPE for attendance.
Synopsis:
Most GRC programs didn’t become broken. They became obedient. We optimized for audits, artifacts, and approval, not outcomes or control. Over time, governance quietly replaced judgment, and compliance tooling taught us to confuse activity with assurance.
In Andor, the Empire didn’t fall because it lacked data, policy, or oversight. It fell because its obsession with centralized process created blind spots it could not see, signals it filtered out, and risks it documented instead of controlled. Modern GRC is dangerously close to the same failure mode.
This session draws a direct parallel between that bureaucracy and today’s compliance-first security programs and explains why agentic systems are not a Most GRC programs didn’t become broken. They became obedient. We optimized for audits, artifacts, and approval, not outcomes or control. Over time, governance quietly replaced judgment, and compliance tooling taught us to confuse activity with assurance.
In Andor, the Empire didn’t fall because it lacked data, policy, or oversight. It fell because its obsession with centralized process created blind spots it could not see, signals it filtered out, and risks it documented instead of controlled. Modern GRC is dangerously close to the same failure mode.
This session draws a direct parallel between that bureaucracy and today’s compliance-first security programs and explains why agentic systems are not a threat to governance for the reasons most people think. They do not replace humans or remove oversight. What they really threaten is the illusion of control that traditional GRC tooling has protected for years. By shifting GRC from manual coordination to autonomous signal detection and action, agentic systems expose how much “assurance” was never real to begin with.
The future of GRC is not more automation. It is less obedience and far more control.
Agenda
- 18:30 pm - Introduction by ISACA London
- 18:40 pm - 19:40 pm – Presentation by Jake Bernardes
Key Takeaways:
After attending this session, participants will be able to:
1. Distinguish governance from control, and explain why many modern GRC programs optimize for audit success rather than real risk reduction.
2. Identify the failure modes of centralized, process-heavy GRC, including how excessive reliance on artifacts and workflows creates blind spots in modern, decentralized environments.
3. Explain what agentic systems change in GRC, beyond traditional automation, and why autonomy, signals, and action matter more than task completion.
4. Recognize why agentic approaches threaten the illusion of control, not governance itself, and how this reframes the role of GRC teams and leaders.
Apply the core principles of agentic GRC to their own organizations, identifying where manual coordination can be replaced with continuous signals and outcome-driven oversight.
Speaker Details:
Jake Bernardes (CISO @ Anecdotes AI)
Experienced cybersecurity leader and CISO with a global career spanning consulting, advisory, and executive roles. I've helped startups scale and enterprises mature their security programs from zero to hero in compliance, incident response, and beyond.
https://www.linkedin.com/in/jakeleobernardes/
Any questions? Please contact admin@isaca-london.org