Chapter Events

The San Diego Chapter is dedicated to providing world-class content to our members in the areas of information systems (IS) audit, governance, risk management, privacy, and security. Our chapter meets on the third Thursday of each month (typically from 12:00 to 2:00 PM PST) and there’s a minimum of one (1) continuing professional education (CPE) credit for each meeting. Members are invited to follow ISACA’s CPE Policy. Content from meetings will help our members maintain current knowledge to support their CISA, CISM, CRISC, CGEIT certifications as well as the CyberSecurity Nexus certificate. Members are welcomed to submit ideas for meeting topics to Guests are always welcomed and the fees for monthly meetings are kept low or free to ensure active participation. Organizations are invited to sponsor monthly meetings for a nominal fee.

Loading Events

« All Events

  • This event has passed.

ISACA and IIA Joint Chapters’ Full Day IT Seminar

November 14, 2018 @ 8:00 am - 4:00 pm

Date/Time: Wednesday, November 14th 8:00am-4:00pm


Topic: ISACA and IIA Joint Chapters’ Full Day IT Seminar
Speakers: Matt Stamper, Michael Cox, Neil Packard, Emily O’Carroll, Rebecca Hanovice, David Matthews, Lester M. Sussman

Building a Successful Audit Plan for Cloud Services 2.0 hrs (100 minutes)

All organizations use the cloud in one form or another. Whether its infrastructure as a service (IaaS) or a hosted application delivered as software as a service (SaaS), our exposure to cloud services has never been greater. In many cases, the use of cloud services is actually more secure than traditional on-premise IT. That being, internal auditors and IT auditors need to ensure that how they assess cloud services accurately captures and reflects different types of risk including the correct way to use these services, their impact with respect to “shadow” IT, as well as growing privacy concerns.

Learning objectives:
– Develop a cloud audit program that is comprehensive and repeatable.
– Validate privacy and security risks of cloud services to meet organizational objectives and risk tolerances.
– Apply professional skepticism in evaluating and assessing vendor claims relative to governance and security.

Breaking Down Privacy – The Landmark California Consumer Privacy Act of 2018 and How it Compares to HIPAA and EU’s GDPR 3.0 hrs (150 minutes)

In this session, we will explain the concept of data privacy and its relationship with information security. You will learn the essential elements of an effective governance framework for establishing a defensible and sustainable privacy and security program. You will be introduced to the California Consumer Privacy Act of 2018 (CaCPA), along with its recent Amendments. We will discuss key aspects of the law including, what businesses must comply with CaCPA, how broadly personal information is defined, new consumer rights, enforcement, and key operational impacts. The session lays out a roadmap for compliance, including how to conduct data mapping and a gap/risk assessment. Finally, we will compare similarities and differences between CaCPA, HIPAA and EU’s GDPR, including consumer rights.

Learning objectives:
– Describe data privacy and its connection with information security.
– Define information governance and how it is managed across privacy and security.
– Explain key operational impacts for complying with the California Consumer Privacy Act.

Cyber Security Incident Response Best Practices 2.0 hrs (100 minutes)

This session will provide an overview of cybersecurity threat trends and incident response best practices. We will discuss how to develop a defensible incident response plan, obtain support from management, and test and refine the plan.

Learning objectives:
– Prepare and test a defensible incident response plan.
– Clearly communicate cybersecurity incidents to impacted parties, executive management, and board of directors.
– Select a cybersecurity insurance policy using a risk-based approach.

Robotic Process Automation 1.0 hr (50 minutes)

In this interactive session, we will provide an overview of Robotic Process Automation (RPA) and the potential audit implications. We will examine how companies are establishing and advancing this business solution, and discuss proven methodologies to achieve sustainable results.

Learning objectives:
– Describe the potential benefits of RPA.
– Discuss the risks associated with RPA.
– Demonstrate an RPA application.

Matt Stamper, MPIA, MS, CISA, CISM, CIPP-US, ITIL – Matt Stamper is the Chief Information Security Officer (CISO) and Executive Advisor at EVOTEK. He is a Certified Information Systems Auditor (CISA), a Certified Information Security Manager (CISM), a Certified Information Privacy Professional (CIPP-US) and a member of the board of the San Diego ISACA chapter and the San Diego CISO Round Table. Prior to EVOTEK, Matt served as a Research Director for Gartner’s (NYSE: IT) security and risk management practice where he covered incident response, breach and attack simulation, and security governance. Matt is the co-author of the CISO Desk Reference Guide (Volumes 1 & 2).

Michael Cox, CIPP- Michael is the president and founder of SoCal Privacy Consultants and its Chief Privacy Consultant. Previously, he was the part-time Chief Privacy Officer for Pathway Genomics Corporation, an international laboratory, for eight years. His prior experience included serving as Business Risk Officer for Capital One Auto Finance where he was responsible for establishing an enterprise risk management (ERM) program. Earlier in his career, he was vice president of operations at multiple financial service companies. Michael’s risk management, operations, and executive experience benefit his consulting approach. He is a frequent speaker on privacy and security subjects and co-authored the security chapter for the HIMSS Good Informatics Practices (GIP) book. He is a Certified Information Privacy Professional (CIPP) and member of the International Association of Privacy Professionals (IAPP), the IAPP Privacy Professional Faculty, and a Lares Institute privacy think-tank. He has a B.S. in Business Administration from Virginia Tech.

Neil Packard, CISA – Neil is Chief Security Consultant at SoCal Privacy Consultants. He accumulated extensive experience and knowledge in a breadth of industries, mastering diverse roles in technology, analysis, information security, and risk management. Neil’s previous experience entailed working with the Office of Inspector General, Department of Veteran Affairs performing Information Security assessments and the Federal Trade Commission fortifying information risk management and compliance programs. In addition to founding a company focusing on eDiscovery Compliance and Risk Management and computer forensics, he has held increasing responsibilities in IT engineering and management roles, improving and overseeing the completion of information management initiatives. Neil is a United States Naval Veteran and taught courses in computer science, data collection and analysis, and information processing. Neil is a Certified Information Systems Auditor (CISA) and holds a BS in Business Administration from the University of La Verne.

Emily O’Carroll, CISA – Emily obtained her Bachelor’s degree from UC San Diego in Math and Economics and started her career at KPMG LLP in their IT Advisory practice. During her 10 year career at KPMG, Emily led audit and consulting teams working for global Fortune 500 companies, was a Director in the IT Risk and Compliance group — specializing in IT audit and security compliance projects such as SOX 404, Service Organization Control reports (SOC 1, SOC 2, and SOC 3), and security readiness assessments (PKI and ISO 27001) — and served in a consulting role for the Infrastructure Security department at a global online payments processor. In her current role as Senior Manager at Callaway Golf Company, Emily oversees the Company’s Global Information Security and IT Compliance departments and helped develop and implement a global cybersecurity strategy that includes employee training and the acquisition, implementation, and operationalization of security tools and technologies. Emily maintains her accreditation as a Certified Information Systems Auditor (CISA).

Rebecca Hanovice – Rebecca obtained her Bachelor’s and Juris Doctor degrees from Cornell University. Rebecca is a registered patent attorney, and began her career as a patent litigator for an intellectual property boutique law firm and a large, international law firm, before joining Callaway Golf Company in 2010 as in-house counsel. In her current role as Senior Corporate Counsel at Callaway, Rebecca created and oversees the Company’s global data privacy and security program, manages litigation, and develops the company’s patent portfolio.

David Matthews – David has more than 25 years of global Procurement and Supply Chain management experience across multiple industries, both as a practitioner and currently as Regional Vice President of Advisory Services at RGP. David also is a designated Subject Matter Expert in Robotic Process Automation at RGP. Prior to joining RGP, David was with Clorox for fifteen years and during this time he held numerous positions in both Australia and the United States. His last role with Clorox was Director of Global Sourcing – Contract Manufacturing, and, in this capacity, was responsible for the sourcing and supply chain management of 50+ third-party manufacturers in the United States, Canada, Mexico, and Asia. David’s background as both a practitioner and practice leader enables him to serve as a trusted business advisor to RGP’s clients.

Lester M. Sussman, CPA – Les has 40+ years of professional services and private industry experience in accounting, auditing, and corporate governance. He is a Vice President of Advisory Services in the Governance Risk & Compliance (GRC) practice area for Resources Global Professionals (RGP), providing corporate governance, risk management, and compliance services to clients globally. Prior to joining RGP in 2005, Les was an audit partner at Deloitte and a Chief Accounting Officer at Gemstar TV Guide. Les is also a member of the Board of Directors of East West Bancorp, where he serves as chairman of the Audit Committee and a member of the Risk Oversight Committee. He is a licensed certified public accountant in the State of California and maintains current memberships with the American Institute of CPA’s, the California Society of CPA’s and the Institute of Internal Auditors.


November 14, 2018
8:00 am - 4:00 pm