Panel Discussion: Bridging the Cybersecurity Ecosystem: ISACA & ISC2 in Conversation

 Moderator: Arif Hameed, Chief Information Security Officer, C&R Software

Arif Hameed is a seasoned and award-winning Cybersecurity Leader with 25 years of technology experience. He is a two-time Chief Information Security Officer and has had roles in Security Advisory, IT Risk, Client Assurance and IT Audit in the financial services and technology verticals. He actively volunteers for professional associations and participates in advisory committees for academic programs in Cybersecurity. He has presented, moderated and took part in panels for Information Security events including the RSA Conference, InfoSec World, SecureWorld, etc. He holds the CISA, CISSP and CRISC certifications. He also has a Level II (Secret) Canadian Federal Government clearance.

Panelists:

Najib Hayat, President, ISACA Toronto Chapter

Najib is a versatile and seasoned leader with multiple years of experience (over 10 years) in the areas of accounting and finance, audit and IT. Najib Hayat is a Chartered Professional Accountant (CPA), Chartered Accountant (CA), Certified Information Systems Auditor (CISA) and Certified Internal Auditor (CIA). As the CEO and founder of NHK Consultants, he provides accounting, financial and IT audit, controls, risk management and consulting expertise to clients throughout North America. He has previously held management positions with professional services firms such as GrantThornton, KPMG and EY. Najib has a strong passion for information system assurance, security, enterprise governance, risk and compliance and controls and an even stronger belief in the mission of the organization. Najib is applying his several years of knowledge and experience, having worked with several other Boards, to ensure that the ISACA continues to be the leading global provider of knowledge, certifications, community, advocacy and education. 

Ronny Labban, Continuing Education Director, ISACA Toronto Chapter

Ronny holds a bachelor’s degree in computer engineering and a master’s degree in business administration. He has complemented his academic accomplishments with professional industry certifications in Project Management, Information Technology, Cybersecurity, Cloud Computing, and Risk Management.

As a dynamic cybersecurity executive with over 25 years of experience, Ronny has led strategic projects and built high-performing teams in Cybersecurity, Risk Management, and Information Technology. His track record includes driving valuable output for a multitude of stakeholders with on-time, on-budget, and easily consumable deliverables.

He is a platinum member of ISACA and has previously volunteered on CISA and CISM material development and currently serving as the Director of Continuing Education. He holds the PMP, PMI-RMP, CRISC, CISM, CISA, CGEIT, CDPSE, CEH, CCISO, CISSP, CCSP, CCSK, HISP, Open FAIR, AI Governance, and ITIL Expert designations.

Jon Rohrich, President & Board Chair, ISC2 Toronto

Jon Rohrich is an Award-winning business leader, mentor, solution architect, and military veteran. As Director of Avanade’s, Canadian Security Consulting Practice, Jon serves as a strategic leader driving business growth, sales strategy, solution development and delivery for the region. Prior to joining Avanade, Jon worked in a solution engineering role at Microsoft, driving the growth of Microsoft’s vast security portfolio. He holds 25+ Certifications including Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP). In addition to his role at Avanade, Jon is an active member of the cybersecurity community. He is a respected public speaker and educator. Jon has been a featured speaker at prominent industry events including iTech, Microsoft Ignite Tour, Microsoft Ready, GoSec, Cyber Tech & Risk, BSides and ISC2 chapter meetings. He is passionate about mentoring and coaching fellow security professionals to advance and grow in their careers.

Camille Kloppenburg, Strategic Partnership Director, ISC2 Toronto

Camille, drawing from over two decades of experience, serves as a trusted advisor for organizations striving to develop secure products from the outset, preserving their competitive advantage and promoting innovation. Her diverse background spans aerospace engineering, software development, entrepreneurship, and leadership. In her role as Director of Strategic Partnership, she plays a pivotal role in advancing her field.

Session 1: Using AI in SOX Audits: Where Efficiency Ends and Professional Judgment Begins 

Speaker: Ellie Liu, Specialist, IT Audit & Technology Risk, RSM Canada

Session Description:

Audit teams are increasingly using AI to support SOX work, whether analyzing full populations of transactions, identifying unusual patterns, drafting variance explanations, or suggesting which controls or journal entries deserve the most attention. While these tools promise major efficiency gains, they also change what auditors mean by evidence, coverage, and professional judgment.

This session examines how AI is reshaping core audit activities. Through practical case scenarios, we will explore situations where AI identifies what is “high risk,” generates explanations that look like audit documentation, or filters large data sets in ways that auditors can no longer fully observe or reproduce. These examples show how efficiency gains can quietly shift key judgments away from people and into models.

The discussion will focus on where auditors must draw clear judgment boundaries when using AI: when it is appropriate to rely on model-driven analysis, and when human skepticism, experience, and accountability must take over. We will also examine the new risks that arise when audit procedures depend on opaque algorithms, including hidden bias, missed exceptions, or persuasive but unverifiable outputs.

Attendees will leave with a practical framework for using AI to enhance SOX audits without weakening audit quality, control reliance, or professional responsibility.

Speaker Bio:

Ellie Liu is an IT audit and technology risk professional specializing in IT SOX and control assurance. She has supported companies preparing for or recently completing an IPO, as well as global enterprises, middle market organizations, and Fortune 500 clients operating in complex regulatory environments. Her expertise includes IPO and first‑year SOX readiness, SOX 404(a)/(b) program design and execution, annual scoping and walkthroughs, deficiency evaluation and remediation, and SOC 1 and SOC 2 readiness and reporting. Ellie is known for translating complex technical and regulatory requirements into clear, actionable guidance that enables strong governance and sustainable control environments.

Education & Certification

Master of Science, Accounting, Boston College

Bachelor of Science in Business Administration, Financial Planning, Colorado State University

Certified Information Systems Auditor (CISA)

Session 2: Risk-Based Segmentation for Audit and Assurance

Speaker: Ola Aliu, Cyber Specialist, RSM Canada

Session Description:

Risk-based segmentation replaces “one-size-fits-all” audits with a structured approach to grouping systems into risk zones (e.g., PCI, HR/Payroll, SaaS/Cloud) and applying fit‑for‑purpose control baselines.

This session explores what effective segmentation looks like from an assurance standpoint, the types of evidence that demonstrate segmentation is working, and how this approach reduces scope creep and audit fatigue while strengthening overall governance.

Speaker Bio:

Ola is a seasoned IT and cybersecurity professional with over a decade of experience in technology risk and assurance. He specializes in implementing and evaluating IT risk and security controls across multiple frameworks, including PCI DSS, NIST CSF, NIST 800 series, ISO/IEC 27001, HIPAA, and GDPR. His expertise spans conducting gap and risk assessments, developing cyber resilience strategies, and aligning security requirements with business objectives. Ola brings a practical, evidence driven approach to evaluating control design and operating effectiveness, validating evidence quality, and translating technical findings into actionable assurance outcomes for internal audit, risk, and security stakeholders. Drawing from cross-framework assessment experience, he shares practical ways to improve audit efficiency, reduce ambiguity, and strengthen governance.

Education

Master’s degree in Risk Management

BSc in Engineering

CPE:4.0 Hrs.

Refund & Cancellation Policy in effect