Life is rough for a security leader! The security product landscape is increasingly complicated but seems to always lag behind malicious actor capabilities. Organizations need proven security programs that demonstrate visible ROI, but once-vaunted security concepts have been sacrificed upon the altars of speed and mobility. Organizational leadership-level involvement has never been greater, offering access to increased funding but greatly complicating risk tolerance, needed capabilities, and desired levels of maturity in action. How can we not only maintain our capabilities but evolve them to address the in-flight needs of the business? In this session we will discuss current risk transformation needs, addressing topics such as the ongoing evolution of privacy and governance obligations, the definition of control activities that combine effectiveness and operational resilience, and the optimization of ongoing business-integrated risk management.