Enterprise Systems and Digital Transformation Mexico

Building and Running a Security Governance Programme Training Course

Security governance fails most often at the point where policy, risk ownership, and operational execution should meet, which is why ISO/IEC 27001:2022 and COBIT are so often used together to turn intent into accountable control, especially now that AI-assisted monitoring, cloud collaboration, and faster regulatory expectations are reshaping how security teams work. Security governance programme is the structured approach to defining decision rights, policies, oversight routines, risk treatment, and performance reporting for information security. It enables professionals to align security with business priorities, assign accountability, monitor control performance, and present governance evidence in a form leaders can act on. This course is designed for security governance managers, information security officers, IT risk specialists, compliance leads, and GRC analysts who need to build a workable programme, not a paper exercise. You will leave with practical outputs such as a governance charter, RACI matrix, policy map, risk treatment tracker, committee agenda, and dashboard-ready KPI set, giving you a credible way to run security governance with discipline and clarity.

Duration
5 Days
Duration
Certificate
Certificate
Included
Delivery
Instructor-Led
Delivery
Level
Intermediate
Level
Download Brochure

Choose Your Preferred Training Format

Training Options

Reserve Your Spot Today — Pay When You're Ready!

Classroom Training

In-person sessions at premier locations

Nairobi Kenya
Mon - Fri
5 Days
USD 1,800
View Sessions
Kigali Rwanda
Mon - Fri
5 Days
USD 2,100
View Sessions
Dubai United Arab Emirates (UAE)
Mon - Fri
5 Days
USD 4,600
View Sessions
Zanzibar Tanzania
Mon - Fri
5 Days
USD 2,900
View Sessions
Customized Content
Team Training
Flexible Dates

In-person training at our premier venues — pick a city and date that works for you.

Location Duration Fee Language
Nairobi, Kenya Mon - Fri (5 Days) USD 1,800 English See dates & reserve →
Kigali, Rwanda Mon - Fri (5 Days) USD 2,100 English See dates & reserve →
Dubai, United Arab Emirates (UAE) Mon - Fri (5 Days) USD 4,600 English See dates & reserve →
Zanzibar, Tanzania Mon - Fri (5 Days) USD 2,900 English See dates & reserve →
Abuja, Nigeria Mon - Fri (5 Days) USD 3,100 English See dates & reserve →
Addis Ababa, Ethiopia Mon - Fri (5 Days) USD 2,700 English See dates & reserve →
Mombasa, Kenya Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Cape Town, South Africa Mon - Fri (5 Days) USD 4,200 English See dates & reserve →
Johannesburg, South Africa Mon - Fri (5 Days) USD 3,800 English See dates & reserve →
Kampala, Uganda Mon - Fri (5 Days) USD 2,100 English See dates & reserve →
Pretoria, South Africa Mon - Fri (5 Days) USD 3,600 English See dates & reserve →
Lagos, Nigeria Mon - Fri (5 Days) USD 2,500 English See dates & reserve →
Arusha, Tanzania Mon - Fri (5 Days) USD 2,000 English See dates & reserve →
Dar es Salaam, Tanzania Mon - Fri (5 Days) USD 2,094 English See dates & reserve →
Accra, Ghana Mon - Fri (5 Days) USD 3,800 English See dates & reserve →
Bangalore, India Mon - Fri (5 Days) USD 4,600 English See dates & reserve →
Muscat, Oman Mon - Fri (5 Days) USD 4,800 English See dates & reserve →
Naivasha, Kenya Mon - Fri (5 Days) USD 1,900 English See dates & reserve →

Live, instructor-led sessions you can join from anywhere — pick the next start date below.

Code Start Date End Date Duration Fee
No Data

Our instructor comes to your office — same curriculum and accredited certificate, with case studies built around the work your team actually does.

Team Training

Train your entire team together in a familiar environment for better collaboration

Fully Customized

Content tailored to your industry, tools, and specific business challenges

Cost Effective

Save on travel & accommodation costs when training multiple employees

Flexible Scheduling

Choose dates that work best for your team's availability and projects

How It Works
1
Request a Quote

Tell us about your team size, preferred dates, and training goals

2
Get a Custom Proposal

Receive a tailored training plan and competitive pricing within 24 hours

3
We Come to You

Our certified trainer arrives ready to deliver impactful, hands-on training

Ready to upskill your team on Building and Running a Security Governance Programme Training?

No commitment required · Response within 24 hours

What You'll Master in This Training

Built by industry pros — practical insights, real-world examples, and strategies you can apply immediately.

Module 1: Security Governance Foundations

  • Security governance programme scope and operating model
  • ISO/IEC 27001:2022 governance context
  • COBIT governance and management objectives
  • Security policy, standard, and procedure hierarchy
  • Exercise: draft a governance scope statement
  • Security governance maturity assessment approach
  • Risk register structure and ownership fields
  • Control self-assessment using ISO/IEC 27001:2022
  • Gap analysis for policy and evidence coverage
  • Exercise: build a governance baseline scorecard
  • RACI matrix for security governance roles
  • Decision rights mapping for control exceptions
  • Governance charter membership and quorum rules
  • Escalation paths for unresolved security risks
  • Exercise: create a RACI matrix
  • Security policy lifecycle management
  • Policy exception handling workflow
  • Control mapping to annex-style requirements
  • Security standards and procedure alignment
  • Exercise: design a policy hierarchy map
  • Risk treatment plan development
  • Security KPI and KRI selection
  • Control effectiveness and overdue action tracking
  • Dashboard reporting for governance committees
  • Exercise: build a risk treatment tracker
  • Third-party security oversight expectations
  • Supplier control evidence and attestation cycles
  • Operational control ownership across IT service teams
  • Exception review for outsourced services
  • Exercise: map third-party governance obligations
  • Committee pack design and action logging
  • Board reporting for security governance performance
  • PDCA cycle for governance improvement
  • Automated compliance monitoring concepts in GRC tools
  • Exercise: create a 90-day governance improvement roadmap

Drop Us a Query

Fill out the form below and we'll get back to you.

About the Course

Organizations want security results they can prove, not just policies they can store. In security governance, that means demonstrating control ownership, exception handling, risk treatment progress, policy compliance, and board-level visibility using structures such as ISO/IEC 27001:2022, COBIT, and a clear governance charter. To do that well, you need to show five capabilities in practice: decision rights mapping, policy lifecycle control, risk register management, committee reporting, and control performance tracking.

This Security Governance Programme training turns fragmented practices into a structured operating system for oversight. You will practice building a RACI matrix, drafting a security governance charter, designing a policy hierarchy, shaping a risk treatment plan, and setting up reporting that fits leadership and audit expectations. You will also be introduced to how automated compliance tracking, dashboard reporting, and AI-supported log review are changing day-to-day governance work, but the hands-on focus remains on governance design, role clarity, and evidence-based reporting. What you will learn: how to establish a security governance programme, define ownership and oversight, and create a reporting structure that supports risk decisions. You will practice with templates and scenarios; you will be introduced to broader enterprise architecture and advanced automation patterns at overview level.

Security governance teams rarely work with perfect data, unlimited budget, or fully mature controls. They usually manage competing priorities, distributed stakeholders, inconsistent documentation, and pressure to show measurable progress against risk and compliance commitments. This course is built for those conditions, so you can design a realistic programme that works with the systems, people, and reporting cycles you already have.

Target Audience

This course is built for professionals who already work inside security, risk, compliance, or IT control environments and need to run governance with more structure, visibility, and accountability. It is especially relevant when you are responsible for translating security expectations into policies, committees, control ownership, and reportable action plans.

  • Security Governance Manager overseeing programme design and committee cadence
  • Chief Information Security Officer aligning governance decisions with enterprise risk
  • Information Security Officer maintaining policy ownership and control accountability
  • GRC Analyst tracking security controls, exceptions, and evidence status
  • IT Risk Manager mapping security risks into treatment priorities
  • Compliance Manager coordinating control attestation and policy review cycles
  • Security Compliance Specialist preparing governance evidence for audits
  • Internal Auditor testing governance controls and committee records
  • Data Protection Officer coordinating security governance with privacy obligations
  • IT Service Manager supporting control ownership across operational teams

Course Objectives

This course equips you to plan, execute, and measure security governance initiatives that strengthen control accountability, support compliance, and improve executive decision-making.

  • Assess the current security governance model using COBIT and an ISO/IEC 27001:2022 control review.
  • Apply a risk-based governance methodology to prioritize security controls, exceptions, and treatment actions.
  • Design a security governance charter with roles, decision rights, committee scope, and escalation paths.
  • Build a RACI matrix and policy hierarchy for security ownership across business and IT teams.
  • Evaluate governance controls against ISO/IEC 27001:2022 clauses, audit evidence, and policy compliance.
  • Navigate stakeholder requirements from executives, auditors, IT operations, and risk owners using structured reporting.
  • Implement KPI tracking for security exceptions, overdue actions, and committee decisions through a dashboard workflow.
  • Synthesize governance findings into a board-ready status report, action plan, and improvement roadmap.

Requirements & Prerequisites

Participants should have a working knowledge of information security, risk concepts, and day-to-day IT operations. Prior experience in security operations, IT governance, audit support, compliance, or GRC work is recommended. No coding is required, although familiarity with spreadsheets, policy documents, and reporting dashboards will help you complete the exercises more efficiently. Advanced concepts are taught at an operational application level, with selected automation and analytics topics introduced conceptually where they affect governance design.

Professional and Organizational Impact

When you lead security governance with credible data and practical strategies, you become a trusted driver of control discipline and risk visibility.

  • Build stronger competence in governance charter design and role definition.
  • Gain confidence in policy lifecycle control and exception management.
  • Strengthen your ability to translate ISO/IEC 27001:2022 requirements into action.
  • Enhance your control reporting with committee-ready metrics and evidence packs.
  • Develop sharper judgment on risk treatment priorities and escalation thresholds.
  • Position yourself as a security governance lead who can brief executives clearly.
  • Expand your value across audit, compliance, risk, and IT governance work.

Organizations that embed security governance excellence into control oversight reduce costs, mitigate risks, and build lasting competitive advantage.

  • Reduce governance gaps that lead to unresolved security risks and audit findings.
  • Improve financial returns by lowering rework, duplication, and control drift.
  • Strengthen risk reduction through clearer ownership of security actions and exceptions.
  • Increase board confidence through timely, structured security performance reporting.
  • Improve policy compliance across distributed teams and operational functions.
  • Support faster remediation by assigning decisions, deadlines, and accountable owners.
  • Enhance market positioning by demonstrating mature security oversight to clients and partners.

Training Methodology

This is a practical, outcome-driven course designed to turn security governance aspiration into measurable action and credible reporting.

Methodology includes:

  • Hands-on calculation of governance KPIs using a security exceptions tracker and dashboard template.
  • Scenario simulation of a security committee meeting facing an overdue risk acceptance decision.
  • Assessment exercise using an ISO/IEC 27001:2022 control checklist and governance maturity review.
  • Stakeholder mapping workshop across executive sponsors, control owners, auditors, and IT operations.
  • Case study analysis across financial services, healthcare, SaaS, and manufacturing security governance patterns.
  • Group workshop to draft a governance charter, policy map, and 90-day action plan.
  • Reflection exercise using benchmarked control ownership and committee cadence evidence.

Upcoming Sessions

Next available dates worldwide

No international sessions scheduled

Certification

Recognized credentials that advance your career

Participants who complete the Building and Running a Security Governance Programme Training Program earn a Trainingcred Certificate of Achievement, demonstrating professional competence and alignment with global standards in learning and development.

NITA Accredited

Accredited by the National Industrial Training Authority, ensuring programs meet nationally recognized standards of quality and relevance.

CPD Certified

Recognized by the CPD Certification Service, ensuring every program meets internationally benchmarked standards of professional excellence.

Each certification reflects practical expertise, strategic insight, and readiness to excel in today's competitive, fast-evolving workplace.

Why this course earns its place on your CV

Accredited training, practitioner trainers, and peers on the same career track — the three things real expertise is built on.

Effective Learning & Skill Development

  • Build expertise with structured, outcome-driven learning.
  • Equip individuals and teams with skills that grow with industry needs.
  • Reinforce learning through real-world scenarios, case studies and practical exercises.

Career Growth & Professional Advancement

  • Apply what you learn with a proven methodology that ensures lasting impact.
  • Develop immediately usable skills that translate directly into workplace success.
  • Gain the expertise needed for career advancement and leadership roles.

Training Optimization & Learning Excellence

  • Tailor training to industry-specific challenges and organizational goals.
  • Use data-driven insights and automation to enhance training effectiveness.
  • Evaluate progress and ensure long-term learning success.

Real Results from Real Professionals

Thousands of professionals have transformed their careers through our training programs. Now, it's your turn.

View All Reviews

Frequently Asked Questions

Got questions? We've gathered the answers to common queries to help you feel confident and informed.

You will gain practical skill in governance charter design, RACI mapping, policy hierarchy planning, ISO/IEC 27001:2022 control review, and risk treatment tracking. The course uses templates for committee packs, governance scorecards, and action logs so you can apply the work immediately.
It is designed for Security Governance Managers, CISOs, Information Security Officers, GRC Analysts, IT Risk Managers, Compliance Managers, and Internal Auditors who already work with security controls. The level is intermediate, so it suits professionals who know basic security and risk concepts and now need to run governance more confidently.
The course is delivered through short concept briefings followed by practical workshops, scenario work, and document-building exercises. You will spend most of the time creating governance artefacts such as a charter, RACI matrix, policy map, and KPI tracker rather than listening to theory.
You receive working templates for a governance charter, RACI matrix, risk treatment tracker, committee agenda, and board reporting outline. The materials are designed as reusable work products, so you can adapt them to your security governance programme after the training.
You should arrive with working knowledge of information security, IT operations, and basic risk management, plus familiarity with policy documents and spreadsheets. If possible, bring a current governance challenge, such as a committee structure, policy set, or risk register, so you can use it during the exercises.

Trusted by 100+ organizations across 40+ countries

Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University