---

How CISOs Are Redefining GRC

An invite-only dinner for executive security and compliance leaders to discuss where GRC is headed and what it takes to get there.

DATE

July 15, 2026
6:00pm – 9:00pm ET

LOCATION

Adalina Italian Chicago

You’re not short on frameworks. You’re short on time, headcount, and honest answers about what’s actually working. The compliance program keeps growing. The team doesn’t. And somewhere between the board presentation and the next audit, the actual security work is getting squeezed out.

This dinner exists for that gap. Michael Rasmussen, the analyst who defined the GRC category and RegScale are bringing together a small, hand-selected group of CISOs in Chicago for an evening of unfiltered peer conversation around modernizing GRC.

What you’ll walk away with:

• A clearer read on where automation is delivering and where it’s still falling short
• Perspective from peers navigating the same tradeoffs between security rigor and business velocity
• Michael Rasmussen’s unfiltered take on where GRC is heading and what separates programs keeping pace from ones that aren’t
• Insights from RegScale executives who’ve built compliance programs at the NSA and AWS

The evening takes place in the private lounge at Adalina, one of Chicago’s premier Italian restaurants. An intimate setting that matches the conversation.

Space is limited, secure your seat today

*Invites are non-transferable.

GRC 20/20 Risk Appetite Facilitator . . .

If you ask my family what I do for a living, they might say that I “travel the world talking about risk.” And honestly, that wouldn’t be far from the truth. But the more formal introduction is that I am an analyst, researcher, storyteller, and, as the industry likes to remind me, the Father of GRC. More than 23 years ago, while at Forrester Research, I coined the acronym GRC and articulated it as a way to integrate governance, risk management, and compliance capabilities in strategy, process, and technology.

Today, through GRC 20/20 Research, I spend my days studying how organizations around the world navigate complexity and uncertainty. My job is to observe patterns, identify challenges, understand how strategy, process, and technology intersect, and help organizations evolve to be more effective, efficient, resilient, and agile. Along the way, I also founded GRC Report, a global news and insights platform focused entirely on governance, risk management, compliance, and business integrity news and insights around the world. It has become a place where practitioners, executives, policymakers, and technologists can see the GRC landscape through a global lens.

I also host two podcasts — Risk Is Our Business Podcast and Hitchhiker’s Guide to the GRC Technology Galaxy Podcast — because I believe conversation is one of the most powerful tools we have for changing how people think about risk and integrity. These podcasts allow me to explore big ideas with remarkable minds from around the world, and they keep me grounded in the reality that risk is not merely a function — it is the fabric of every decision and every ambition. In many ways, I am an explorer of uncertainty. As an industry analyst, I map and monitor the ever-expanding GRC galaxy — now tracking over 1,500 solutions and the professional services orbiting them. The universe of GRC is vast, dynamic, and constantly in motion, and I am endlessly fascinated by how organizations chart their course through it.

Risk Appetite Dinner Host . . .

RegScale is a continuous controls monitoring (CCM) platform that enables faster, better GRC outcomes by bridging security, risk, and compliance.