Jump to navigation Jump to content

Speaker

Megan Epperson

Megan Epperson

Director of Cybersecurity Risk and Assurance, but favorite things include knowledge sharing (to do more with less) and mentoring young professionals

Nashville, Tennessee, United States

Actions

Megan Epperson is currently the Director of Cybersecurity Risk and Assurance at Axonius. She is responsible for elements of enterprise risk, cyber risk, vendor risk, customer assurance, audit compliance, and overall governance of the GRC program. Before joining Axonius, Megan was the Director of Cyber Risk and Resiliency at IHS Markit, where she drove the Cyber Risk/Business Continuity/Crisis Management/DR cloud migration program. She also helped engineer the transition to an overarching Operational Resiliency framework through strategy development and resource allocation. Her career originated in the private sector as an enlisted soldier, where she worked her way up to a company-grade officer in the U.S. Army.

Megan has demonstrable experience leading cross-functional information security and risk teams toward successful risk reduction in support of security programs in multiple industries, such as financial services, energy, transportation, technology, and retail. Throughout her 15-year career, she has obtained numerous industry certifications, including Certified Information Security Manager (CISM), Certified Data Privacy Solution Engineer (CDPSE), Business Continuity Institute’s Member (MBCI), Certified Business Continuity Professional (CBCP), and Certified Business Continuity Vendor (CBCV).

In her free time, Megan enjoys reading books on human psychology/neurodiversity and attempting to train her smart but overly stubborn mini-Aussies.

Links

Area of Expertise

  • Business & Management

Topics

  • Risk Management
  • IT Risk Management
  • Vendor Risk Management
  • Risk Analysis
  • Quantitative Risk Analysis
  • ISO 27001
  • ISO 31000
  • Risk Assessments
  • Biometric Privacy Issues
  • Responsible Decision-Making
  • Leading Remote Teams
  • Motivating Remote Workers
  • Security & Compliance
  • Cybersecurity Compliance and Auditing
  • Cybersecurity Regulations and Compliance
  • Governance risk and compliance
  • Cybersecurity Governance and Risk Management
  • Information Security Governance and Risk
  • Business Continuity and Disaster Recovery
  • Business Impact Analysis
  • ISO22301

Sessions

The Strategic Convergence of Risk Disciplines

New regulations and threats push organizations to regularly evaluate and effectively integrate prevention, detection, response, and recovery capabilities. These evolving threats require a multi-disciplinary approach to deploy limited resources, but how do you identify these threats? One effective solution is to leverage a fit-for-purpose impact and risk assessment designed to front-end multiple operational risk domains to enhance the identification of critical processes and products.

Organizations want the ability to implement a quantitative approach to risk analysis but often require specialized training, consultants, and resources that are outside of their budget, pushing them to stick with a qualitative approach. What would you say if I showed you another possibility to align more strategically on the convergence of the various risk disciplines? A modified hybrid approach that lies somewhere between the conventional BIA and RA but also aligns with aspects of FAIR, NIST, and ISO standards - would you be interested?

Megan Epperson

Director of Cybersecurity Risk and Assurance, but favorite things include knowledge sharing (to do more with less) and mentoring young professionals

Nashville, Tennessee, United States

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top