Recorded: June 1 | 2023 Attend
Third-party risk management (TPRM) is a crucial aspect of any organization's overall risk management strategy. With the increasing reliance on third-party vendors, contractors, and service providers, it's more important than ever to understand the risks associated with these relationships and take steps to mitigate them.
To effectively manage third-party risk, organizations must be able to track the right metrics. On this CPE webinar, we'll look at the core metrics that organizations should track and how they can be tracked. Attendees will learn about:
• The core metrics that you should track to effectively manage for third-party risk.
• How to identify, measure, and track key metrics to assess third-party risk.
• Different approaches to measuring and tracking third-party risk.
• Practical insights and best practices for effectively managing third-party risk using metrics.
This webinar is designed for risk management professionals, compliance officers, and senior executives who are responsible for managing third-party risk within their organizations. Whether you are new to the field or have been working in third-party risk management for some time, this webinar will provide you with the knowledge and tools you need to effectively track and manage third-party risk.
Moderator
Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.
Panel
Kevin Kumpf, Chief OT Strategist at Cyolo. Kevin has more than 20 years of IT security and compliance experience, including over 10 years of cybersecurity, governance and critical infrastructure experience working in the energy, medical, manufacturing, transportation and FedRAMP realms. Kevin’s past roles include Director of OT Security (N.A.) for Iberdrola, where he oversaw the security, and regulatory compliance of multiple OpCo’s, and Principal Security and Regulatory Lead for interactions with the NY and NE ISO’s, NERC, ISAC’s as well as state and federal entities. He has also worked internally and as a vendor/consultant at multiple healthcare and manufacturing entities to mitigate the threats they were under in relation to ransomware, insider threats and malware infestation. Today Kevin works as the OT Technical Lead at Cyolo.
Steve Tobias, Lead Client Success Advisor. As a Lead Client Success Advisor at RiskRecon by Mastercard, Steve partners with clients from various industry sectors to ensure they get the most out of the RiskRecon platform. He leverages his risk management experience to provide recommendations for incorporating vendor security ratings into and maturing third-party cyber risk management programs. His 20+ years of cybersecurity experience include information security, frameworks, governance, risk & compliance, third-party risk management and cyber risk program development. Prior to RiskRecon\Mastercard, he led a cyber risk management team and helped develop a cyber risk/TPRM program in the Healthcare sector. Steve holds a Bachelor’s in Information Systems Management, as well as CISSP, CISM and CTPRP certifications.
Andrew Snell, Director, Solutions Engineering, Prevalent. Andrew Snell is responsible for assisting organizations in identifying solutions for third-party risk management program efficiencies. Over the past 6 years at Prevalent, Andrew has worked with organizations of all sizes in developing, validating, and optimizing third-party risk management programs and processes through the use of risk management technology and service offerings.He comes from a background heavily built on customer success which serves as his foundation for every customer interaction.
Brad McAdams, Manager, Pre-sales at ProcessUnity. Brad McAdams has spent his entire career focused on Third-Party Risk Management, and the wider Cyber and GRC Market. Starting first as a practitioner in the consulting world, before switching over to the software side more than a decade ago. Brad has had the opportunity to be based both in North America as well as Europe.