Webinar: Reframing Risk Management & Assurance in the Age of Cybersecurity and AI - IRMA SG

As cyber threats and AI evolve, organisations invest heavily in controls - but are they reducing risk or merely creating confidence?

Speaker

Joel Aluko

Agenda

6:30pm - Online Session Starts
7:00pm - Presentation
8:00pm - Online Session Closes

Synopsis

This session interrogates a growing structural weakness within Information Risk Management & Assurance: the divergence between control validation and operational reality.

While regulatory alignment and audit success continue to dominate assurance narratives, they often fail to capture the dynamic, adaptive nature of modern cyber threats and AI-driven risk vectors.

Drawing on principles from behavioural science, risk theory, and adversarial security, this talk introduces the concept of an “assurance credibility gap” - a condition in which organisations possess increasing volumes of evidence, yet decreasing confidence in their actual resilience.

This gap is amplified in AI environments, where model opacity, data dependencies, and emergent behaviours challenge traditional control paradigms.

The session will critically examine:

• How compliance-driven assurance models can obscure systemic vulnerabilities.
• Why static control frameworks struggle against adaptive, intelligent threats.
• How organisational incentives and cognitive biases reinforce perception over proof.
• Where current approaches to AI governance risk replicating legacy assurance failures.

Moving beyond critique, the presentation proposes a reframed assurance model - one that prioritises continuous validation, adversarial testing, and measurable resilience over procedural completeness. It argues for a shift from trust in controls to evidence of performance under real-world conditions.

Objectives:

By the end of this session, participants will be able to:

1. Diagnose the Assurance Credibility Gap Identify where traditional Information Risk Management & Assurance practices create false confidence, and distinguish between evidence of compliance and evidence of effectiveness.
2. Understand the Impact of Cybersecurity and AI on Assurance Models Analyze how AI adoption and evolving cyber threat landscapes expose the limitations of static, control-based assurance frameworks.
3. Recognise Behavioural and Organisational Risk Drivers: Evaluate how incentive structures, cognitive biases, and governance dynamics contribute to the persistence of perception-driven security.
4. Apply Adversarial Thinking to Assurance Practices Incorporate techniques such as red teaming, simulation, and continuous control validation to test whether controls perform under realistic threat conditions.
5. Transition from Compliance-Centric to Resilience-Centric Assurance
6. Develop strategies to redesign assurance programs around:
   1. Outcome-based metrics.
   2. Real-time risk visibility.
   3. Operational proof of control effectiveness
7. Strengthen AI Risk Assurance Understand the unique challenges of AI systems (opacity, drift, manipulation) and how to integrate them into a broader, evidence-based assurance model.

About the speaker

Joel Aluko is a seasoned leader with over 15 years of experience helping organisations navigate risk, strengthen security, and build lasting resilience.

He focuses on turning cybersecurity and risk from a compliance exercise into a practical way to protect value, build trust, and support better decision-making at the highest level. His work bridges the gap between technical complexity and executive reality, ensuring organisations are not just compliant on paper, but genuinely prepared for the risks they face.

Joel has led the design and institutionalisation of cybersecurity and risk governance architectures across IT and Operational Technology (OT) environments, including highly regulated sectors such as aviation.

My experience spans global frameworks including NIST CSF, ISO 27001/27002, ISO 31000, COBIT, COSO, SOX, PCI DSS, and GDPR, enabling me to translate regulatory requirements into executive-level governance models that align cyber risk with business strategy and operational resilience.

My professional foundation is reinforced by globally recognised certifications, including CISA, CISM, CRISC, CEH, CTIA, ISO 27001 Lead Auditor, COBIT Assessor, CICP, OCP, and CompTIA CASP (SecurityX), reflecting deep capability across cybersecurity assurance, risk management, and enterprise control engineering.

To strengthen my boardroom advisory capacity, I have completed executive education at Harvard Kennedy School (Cybersecurity: Policy & Technology) and the University of Oxford (Leadership & Emotional Intelligence), enabling me to translate complex cyber risk into strategic decision intelligence for executive leadership. Further, at Imperial College London, I developed advanced capability in AI-enhanced storytelling, strengthening my ability to communicate cyber risk with clarity, influence, and strategic impact. Beyond the professional domain, I am an avid golfer—a discipline that sharpens my strategic foresight, risk calibration, focus, and decision-making under uncertainty, all of which directly mirror the dynamics of cybersecurity and enterprise risk leadership. What distinguishes my approach is the integration of governance maturity, behavioural insight, and execution discipline.

I view cybersecurity not as compliance activity, but as a core driver of institutional trust, resilience, and digital confidence.

Closing Thought: In a world of intelligent threats and autonomous systems, assurance cannot be a retrospective exercise. It must become a continuous test of whether our confidence is deserved. LinkedIn : http://linkedin.com/in/joelaluko Joel Aluko Twitter: https://x.com/aluko_joel?s=21 x @aluko_joel

Our events are for adults aged 16 years and over.

This meeting is conducted in accordance with the BCS Code of Conduct for Meetings.

BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today

Please note, if you have any accessibility needs, please let us know via groups@bcs.uk, and we’ll work with you to make suitable arrangements.

BCS privacy notice: your data will be processed by BCS in accordance with our data privacy notice.

Photography: by attending this event, you may be photographed or filmed. Please speak to a member of staff if you do not wish to be included.

This event is brought to you by: IRMA (Information Risk Management and Assurance) specialist group