Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT strategy and service management.   With over 28 years of professional experience Mark has a wide array of industry experience including government, health care, finance and banking, manufacturing, and technology services.  He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards.   Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor.  Mark also holds the CGEIT, CRISC and CDPSE certifications.

Topic Title

Trends and best practices to sustainability in today’s high velocity digital environment. 


Today’s rapidly changing and high velocity digital environment has introduced risks and vulnerabilities never seen in our industry.  Leveraging technology can be a significant enabler when considering your organizational sustainability.  Key to doing this is an organization’s evolution of their agility, resilience and the ability to predict and manage risks.  In this information packed opening keynote, we will explore the current landscape of our environment and learn top tricks and tips to addressing these to enhance your sustainability posture. 

Learning objectives:

  • Explore emerging risks in a high velocity and digitally transforming environment
  • Recognize key considerations to addressing organizational sustainability
  • Learn tops tricks and tips to creating agility and resilience in your enterprise strategy

Dr. Francisco Castillo is currently Senior Vice President and Chief Information Officer of Maynilad Water Services, Inc.. In 2013 he was named “Outstanding ASEAN CIO” by IDG, and in 2016 was voted Best ASEAN CIO 2016 during the ASEAN IT Strategy Forum in Singapore. He has also recently been named among the top 10 Asean CIOs by IDG this 2021.

He is an ECE graduate from the De La Salle University, and holds a Ph.D. in Electronics and Telecommunications Engineering from the Universidad Politecnica de Cataluña (Barcelona, Spain), where he also taught as Associate Professor and was Associate Director (equivalent to Vice Dean) for the Technical Engineering College. He is also the author of the book entitled “Managing Information Technology” published by Springer (Germany). He has also delivered lectures on IT worldwide including Switzerland, Denmark, Germany, Singapore, Sweden, Hong Kong, among others, and is currently part-time Adjunct Professor in the Asian Institute of Management (AIM-Manila), teaching on a diverse set of topics related to the management of technology. He is also a founding member of the CISSP Philippine chapter.

Topic Title

How Security has evolved due to the changing technology landscape

As technology has evolved, so too are the tools, techniques and governance around it. We shall go over some of what I believe are the more salient points of this journey in the last 5 years or so, and what this means for us professionals in the field.


Mr. Ross is Executive Principal of Risk Masters International and holds certification as a Certified Information Systems Security Professional (CISSP) as well as a Master Business Continuity Professional (MBCP), a Certified Information Systems Auditor (CISA) and a Certified Data Privacy Solutions Engineer (CDPSE).  Mr. Ross is a specialist in the field of information systems security and control, specializing in Information Security, Business Continuity Management, Data Privacy and IT Disaster Recovery Planning services.  He has implemented Information Security programs for numerous banks, government agencies and industrial corpo­rations. Prior to founding Risk Masters, Mr. Ross was a Director and global practice leader with Deloitte & Touche. 

In consulting engagements, he specializes in planning, policy development, implementation, and standardization of Information Security processes.  In recent years, his focus has been on reliability, prevention, detection and recovery from the technical and business impact of cyberattacks.  He has published a book, Creating a Culture of Security. He was editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series, including e-Commerce Security: Public Key Infrastructure. Since 1998, Mr. Ross has regularly published the column, “IS Security Matters”, in the ISACA Journal.  In 2022, he has been inducted into the ISACA Hall of Fame.  In 2022, he was inducted into the ISACA Hall of Fame.

Topic Title

Cybersecurity and the Effects of Downtime



Willem Hoekstra is an associate managing director in the Cyber Risk practice, based in Hong Kong. Willem is specialized in operational resilience, business continuity, and crisis management.He leverages over 25 years of experience in Europe and Asia in various capacities and project management positions, mainly in the COO sphere of large international corporate and investment banks, covering areas such as finance, IT, operational risk management and compliance. He is a business resilience expert, with a focus on business continuity and crisis management programs for the last 10 years. 

Prior to joining Kroll, Willem served as the president of Continuity Group Ltd. (CGA), which is a specialized consultancy firm that provides crisis management and business continuity expertise, organizes training and conferences and provides interim management to banks and other financial institutions as well as organizations in a variety of industries, including insurance firms, legal firms, hospitality companies and manufacturing companies. CGA was also the organizer of the annual Hong Kong Business Continuity Conference.

For many years, Willem played an active role as chairman of the Hong Kong Financial Service Business Continuity Management (HKFSBC) forum, which is the professional peer group for business continuity professionals in the financial sector in Hong Kong, and there he was leader of the WISE15 and WISE17 industry-wide crisis management simulation exercises for the financial industry in Hong Kong. Currently, he is also the Hong Kong Forum leader of the Business Continuity Institute (BCI).

Willem has presented and/or participated at numerous conferences and seminars on business resilience around the globe. He has received the BCM Industry Personality of the Year 2013 award issued by BCI Asia. Willem holds an MBA from Business School Nederland. He also holds a Dutch degree of Doctorandus in communication science from the University of Amsterdam and a Propeadeuse degree in economics from Vrije Universiteit Amsterdam. In his spare time he continues work on his Ph.D. thesis on organization culture. Willem is admitted as the Fellow of the Business Continuity Institute (FBCI).

Topic Title
Operational Resilience, variations on a theme?

Mr. Manrique is a Partner and the Head of Technology Consulting of KPMG in the Philippines.

He has more than 15 years of extensive, professional experience in the field of IT audit, SOC or attestation, cybersecurity, data privacy, ERP implementation, robotics process automation, data & analytics and IT project management. He is a Certified Public Accountant, a Certified Information Systems Auditor and has been a Certified in Risk & Information Systems Control.

Topic Title:
Leading the way: Empowering innovative technologies through risk-based and continuous audit

Experience how audit can lead the way through digital transformation by improving work planning, staffing, and budgeting while also empowering business operations.

Des is a Privacy and Data Governance Professional with extensive knowledge in data protection laws across the Asia-Pacific (APAC) Region and Europe. An advocate of Privacy-by-Design, and a strong believer that data privacy should be recognized as a strategic business enabler.

She is currently the Data Privacy officer and AI & Data Governance Head at UnionDigital Bank Inc..

She is a former Privacy Executive at PLDT and a Compliance Officer for Privacy, Change Manager, Business Process Lead at ABS-CBN. She graduated from the University of the Philippines Diliman with a Bachelor's Degree in Industrial Engineering and holds an Advanced Diploma in Data Protection from Singapore Management University.

Topic Title:

Unlocking the Power of Data through Strategic Privacy by Design

The rapid growth and flow of data has become one of the most important building blocks of our increasingly digital society. The processing of data, and specifically, personal data, is inevitable as organizations shift to a more data-driven approach in making business decisions. This is where conversations and strategies on privacy and ethics should come in.

Privacy and ethics should be at the forefront of every data-centric business initiative and should be recognized as integral components of an organization’s strategy. Adopting a Privacy by Design approach would not only promote digital resilience and ensure compliance but would enable organizations to leverage the power of data to draw valuable, actionable insights and drive business growth.

Melo_Alcala.png Madame Pk
Extensive experience in IA Management and IT GRC; Internal Audit Head; Enterprise Risk Manager; Information Systems Auditor; GRI-Certified Sustainability Professional; ESG Competent Board; PECB-Accredited Trainor on Risk Management and ISMS; SEC-Accredited Trainor on Corporate Governance; ISACA-Manila Past President; ICD Training Fellow on CorpGov, Sustainability, Risk Management, Data Privacy, and Digital Transformation; NPC-registered Data Protection Officer; Conference Speaker, Lecturer, Trainor, ISACA Mentor.

Topic Title:
"ESG and Its Implications on Technology"

ESG has emerged to become one of the hottest issue today, and potentially may become one of the most transformative not only for industries but for societies as well. Because of this, ESG will greatly influence the IT landscape over the coming months and years. In this session, we will look at the impacts and implications of ESG on technology. Implications of ESG on IT will reach consumers, buyers, end-users, technology suppliers and service providers. The impacts are both far-reaching and significant as almost all areas of IT will be affected or will have a role to play in shaping the future of business.

Driving Cyble’s research and strategy, Madame Dhanalaksmi PK is a seasoned cybersecurity expert with a background spanning 15+ years of experience across a wide spectrum of information security ranging from reverse engineering malware, cyber forensics, cloud security research, cyber threat and dark web intelligence. A senior Information Security Professional with a solid technical background, she has previously worked as a Malware Research Scientist at McAfee Software, in addition to having worked with prestigious organizations such as Zscaler Softech and Wells Fargo.

Topic Title:
"Cyble on DeepTech Predicts & Prevents Cyber Attacks: Rumuor or Reality"

We are witnessing an industrialized cyber crime are (a) Organized cyber crime syndicates operating in a business line fashion on the dark web. (b) Threat Actors routinely trading compromised credentials, stolen code signing certificates, zero-day vulnerabilities, malwares and even ransonware as a service on various dark web forums and market-places. (c) Threat Actor Groups seen advertising access to specific business entities and organizations such as banks, manufacturing companies and pharma companies on the dark web.


Mr. Chan is a Partner leading the Digital Trust & Cybersecurity practice within PwC Malaysia. In the last 14 years, he led multiple projects advising clients in the area of Cybersecurity, Data Privacy and Technology Risks, including Cloud Security, Risk and Compliance, and provided strategic advices to executives on how to embed digital trust as a value creation to businesses. Clarence is also a Board member of ISACA Malaysia Chapter. Mr. Chan holds a Bachelor’s degree in Information Technology and Commerce (Accounting) from the Monash University, Australia. He was appointed as member of Digital Technology Implementation Committee (DTIC) Working Group by the Malaysia Institute of Accountant.

Topic Title:Adopting an Offensive Security approach in testing your security defenses”


Whilst penetration testing is an essential component of the security assessment program, organisations should start employing more adversarial or offensive approach i.e. Red Team exercise, in testing their security defenses. In recent years, various regulators amongst APAC countries have started to introduce guidelines and requirements expecting organisations to embed offensive security approach in their overall cyber risk management program to 'stress-test' their cyber defenses. 


In this session, the speaker will share with you:

- Red Team Exercise vs Penetration Testing: the key differences

- How do you plan for a Red Team exercise

- Our war stories and 'successful attacks' and its root causes

- How to incorporate Red Team Exercise into your Three Lines of Defenses (3LoD)

As a Senior Security Engineer for Palydin LLC, Greg Witte supports federal and commercial clients, primarily the NIST Information Technology Laboratory (ITL). In more than 25 years in the Information Security arena, he has helped to build and improve multiple enterprise frameworks including the NIST Cybersecurity, Privacy, and Workforce frameworks, ISACA's COBIT model, and the Baldrige Cybersecurity Excellence builder. Recently, he has led work at NIST to better integrate security and privacy activities and results into Enterprise Risk Management. Based on this experience, Greg works with organizations around the world to improve their effectiveness in managing security & privacy risk. 

Topic Title: Ensuring Stakeholder Trust in your Continuity and Response Planning” 

While many organizations focus on the technical security aspects of continuity planning and incident response, they often forget that our business operations exist in a human world. There is value in ensuring that data is sufficiently backed up, but does the entity’s culture reflect behaviours and training that are ready for the unknown? To what extent are all the relevant stakeholders’ expectations reflected in response/recovery planning? Customers? Shareholders? Regulators? Our mission is to serve a broad array of “customers”, from our actual consumers to our partners to our Board room, and our continuity planning should consider the needs and requirements of each constituency. Meanwhile, many organizations have done a great job of planning for yesterday’s issues but not necessarily for the challenges over the horizon. While few, if any, have a crystal ball to see into the future needs, there are often signs and indicators of potential opportunities (positive risk) and pitfalls (negative risk) that can be threated into the plan. This talk will explore those digital trust aspects to supplement traditional continuity/recovery planning.

Reggie is Senior Vice President - Chief Audit Executive of Bank of Commerce. He has been in external & internal audit, IT security, control & audit, governance, risk management, compliance management, related party transaction (RPT) management, project management, IT management & quality assurance for more than 35 years. As such, Reggie is thoroughly exposed in all the technical and administrative aspects of audit, information systems audit, and system development project.  He is a CPA, CIA, CISA, CISSP, CFSA, CISM, CCSA, CRMA, COBIT (F), COBIT (I), an accredited QA Validator of IIA & COBIT 5 Implementation and Foundation speaker of ISACA. He is one of the founding incorporator of ISACA Manila and a past president of the Chapter.

Topic Title: ”Transforming IT Audit Function"