Todays’ executives and boards are tasked to prioritize cybersecurity more than ever before and emphasize the importance of turning awareness into action. The first and foremost step in ensuring preparedness against cyber attacks is establishing strong cybersecurity governance. The ISO/IEC 27001 standard defines cybersecurity governance as: “The system by which an organization directs and controls security governance, specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks”. At first glance the definition seems quite straightforward and easy to implement. But the reality is that many organizations struggle with developing and implementing effective cybersecurity governance. This session will share tips for establishing strong cybersecurity governance and will emphasize the importance of applying a holistic, top-down and bottom-up approach that is integrated with the organization’s enterprise risk management program.


Maggie Ivanova
Enterprise Risk Management Practice Lead | British Columbia Institute of Technology

Maggie is a seasoned governance and enterprise risk management professional with over 15 years of progressive experience in developing and implementing effective and strategically integrated ERM programs. She has held various leadership positions throughout her career and has been strategically involved with different boards and professional associations providing oversight, leadership and support on various programs and initiatives. She is currently the ERM Practice Lead at BCIT responsible for building and implementing the Institute's ERM program and practices. In her everyday work, she supports management, senior and executive leaders navigate complex strategic, financial, governance, policy and operational issues by providing unique perspectives on emerging risks and opportunities, and helping them respond effectively through strong risk governance. Maggie has Bachelor’s and Master’s Degrees in Accounting, an MBA in Strategy and professional designations in risk management and internal auditing.


Sunny Jassal
Interim CIO | British Columbia Institute of Technology

Sunny is a transformational leader accomplished at developing and executing business strategy with a mission to enable and secure digital transformation. He is a passionate technologist and trusted leader striving to deliver innovative technology solutions with strong credibility across business and technology groups. Sunny brings over two decades of progressive on-the-ground IT experience leading highly technical teams across various sectors. Sunny has special interests in cybersecurity and governance and leads by the principle of ‘security by design’. Sunny holds a B.Tech in Technology Management from BCIT along with top industry certifications, Certified Chief Information Security Officer (CCISO), Certified Information Security Manager (CISM), Certified Data Privacy Solutions Engineer (CDPSE) and Systems Security Certified Practitioner (SSCP). Sunny is also an active member of, and participates in, various local, national and international professional associations and boards providing strategic leadership and direction to various programs and initiatives.