Boston | July 18, 2019

08:30 - 09:00

Registration and Breakfast

09:00 - 09:30

Industry Trends in GRC –  Areas of Focus and Investment

  • Heather Gentile, Head of Regulatory Offerings, IBM’s Watson Financial Services

09:30 - 10:15

Has GRC Reached Its Tipping Point?

  • David Marmer, Vice President of Offering Management for GRC, IBM Watson Financial Services

10.15 - 10:30


10:30 - 11:15

Client Panel and Wrap Up

  • Benjamin Zhang, Senior Manager, Risk Enabled Performance Management
Heather Gentile

Head of Regulatory Offerings

IBM’s Watson Financial Services

As Head of Regulatory Offerings within IBM’s Watson Financial Services division, Heather is responsible for product strategy of regulatory solutions within IBM’s GRC portfolio.  During the past 18 years, she has specialized in developing solutions to optimize regulatory compliance initiatives and the need for risk and compliance automation in financial services.  Prior to joining IBM, Heather was responsible for overseeing the compliance analytics division of regulatory solutions at Wolters Kluwer. 

David Marmer

Vice President of Offering Management for GRC

IBM Watson Financial Services

David Marmer is Vice President of Offering Management for GRC in IBM Watson Financial Services. In his role David is responsible for the strategy, planning and execution of delivering IBM's Governance, Risk and Compliance offerings to our respective markets and geographies. IBMs flagship GRC offering, OpenPages with Watson, is a market leading solution and the backbone of hundreds of customers risk and compliance risk & compliance frameworks. Previously at IBM, David held executive positions in Product Management, Marketing, and Sales Enablement for business analytic solutions for Assets & Operations, Customer intelligence, Business Intelligence, and Corporate Performance Management.

Benjamin Zhang

Senior Manager Risk Enabled Performance Management

Ernst & Young LLP

Professional experience summary

Benjamin Zhang is a Senior Manager in the Risk Transformation practice of Ernst & Young LLP.  He has over 14 years of experience in professional consulting specializing in strategic and tactical deployment of various industry leading Governance, Risk and Compliance (GRC) solutions. Ben has worked for over 30 companies in the past 14 years as a GRC subject matter resource helping clients to enable their GRC program by addressing people, process, and technology components using a holistic, pragmatic approach.

Ben served as overall engagement lead in several GRC implementations in the US. He has led design and deployment of multiple risk and compliance management solutions using various GRC technologies such as Archer, ServiceNow, Accelus, MetricStream, RSAM, and BWise.

In addition to leading large and small scale GRC implementation engagements, Ben specializes in helping client executive management to define and operationalize key foundational GRC program elements to facilitate long-term, sustainable growth and adoption of a GRC technology platform.

Ben leverages his in-depth knowledge of the GRC technologies and business process leading methodologies to help his clients align long-term risk and compliance objectives to practical strategies, streamline and integrate GRC activities, and reduce redundant efforts in risks and controls monitoring activities.

Engagement experience

In his engagement role, Ben worked as the overall project lead in multiple GRC implementations in the US, covering design to deployment of various use cases including SOX compliance, RCSA, Information Security, ERM, IT Risk, Regulatory Compliance, Internal Audit, and ERP Access and Configuration Controls Automation.

  • GRC Program Strategy – Lead development of overall program strategy for enterprise adoption of GRC technology solution. Work with client executive management to select the right GRC vendor, define overall governance model, rationalize implementation roadmap, and design common data model and taxonomy.
  • GRC Solution Delivery – Lead GRC solutions design and implementation engagements in working closely with client executive management, cross-functional business unit client stakeholders, and PwC implementation teams. Provide overall quality assurance and day-to-day engagement oversight around GRC solution requirements, design, build, test, and roll-out.

Prior to working at EY, Ben has worked on the following recent engagements:

  • Insurance Company – Led multi-phase GRC program strategy development engagement at Property and Casualty Insurance Company. The first phase was focused on assisting the client with their GRC vendor selection, GRC program governance, implementation roadmap and integrated data model design. The second and third phase focused on establishing an integrated ERM risk management framework and assessment methodology in working closely with multiple risk assurance functions.
  • Insurance company - Led the design and implementation of information security framework and self-assessment process using RSAM GRC for a large multi-national insurance company. Worked closely with the CISO organization to automate the annual review and self-attestation of information security policy and controls. Implemented issue management and remediation workflow based on non-compliance against information security policy.
  • Large Media and Entertainment company – Led GRC technology Implementation at a large entertainment and media company in working directly with the CISO covering multiple IT Risk Management use cases.
  • Large-Size Bank - Led multi-year RSA Archer GRC implementation at a large financial services client. Worked closely with leaders of Operational Risk Management, PCI, and Regulatory Compliance to advise on industry leading practice around the design and execution of a Risk Control Self-Assessment (RCSA) program. Led parallel deployment of GRC technology to provide long-term sustainability of the program.
  • Mid-Size Bank - Led enterprise-wide, multi-year RSA Archer GRC implementation at a mid-size bank to automate and integrate RCSA, BCM, ERM, IT Risk Assessment, and Enterprise Issues Management.

Additional experience includes:

  • Led the design and implementation of information security framework and self-assessment process using RSAM GRC for a large insurance company.
  • GRC subject matter specialist advising a fortune 5 company through the design and implementation of IT Risk Management solution in Accelus GRC.
  • Functional GRC subject matter specialist assisting a large auto manufacturer in the design and implementation of SOX, ERM, and Internal Audit solutions using BWise GRC.
  • Engagement Manager responsible for the development and implementation of RCSA and ERM aggregation solutions using RSA Archer GRC at a mid-size bank.
  • Led implementation of Oracle GRC solution at a large healthcare client to automate compliance activities for Model Audit Rules and SAS70.
  • Led implementation of Oracle GRC solution at a large insurance company to address their annual SOX. certification process covering 3000+ controls to be certified by 500+ control owners.
  • Led implementation of Oracle GRC solution at an electronics distributor client for SOX compliance.

Four Seasons Hotel Boston

200 Boylston St, Boston, MA 02116, USA

Meeting Room: The Winthrop-Leverett Room

Tel: +1 617-338-4400

Venue information