Recorded:    June 27th | 2024      Watch

Organizations expect to share 41% of critical data with third parties in the next five years, resulting in an exponential increase in vendor evaluation tasks. Ponemon research reveals that third parties spend an average of 15,000 hours annually on assessments, often characterized by length and redundancy.

In a landscape saturated with bespoke security questionnaires, the efficiency gains of a risk Exchange are often overlooked. On this webinar this webinar we will delve into the tangible challenges of legacy systems and offer practical insights into gaining support for a risk Exchange. Attendees will learn how to:

• Grasp the overwhelming volume and redundancy challenges of third-party risk assessments.
• Transform the vendor assessment process, focusing on time-saving and reducing friction for both assessors and assesses.
• Learn strategies to foster internal adoption of a risk Exchange by emphasizing near and long-term benefits, particularly the time and energy saved.
• Discover key success metrics for measuring the effectiveness of a risk assurance program, including quantifying time savings, streamlining assessment processes, and accelerating purchasing decisions for both vendors and customers.

 Moderator

Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

Panelists

Shane Hasert, Director of Threat Research and Cyber Security Standards at ProcessUnity. Shane has 35 years of experience as a cybersecurity professional, and 18 of those years are dedicated specifically to third-party risk management and auditing. He is an Air Force veteran and has held positions leading security programs with several global consulting and security services firms supporting numerous industries including financial services, retail, healthcare, higher education, mortgage insurance, and gaming. Shane is a Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), Certified Third-Party Risk Assessor (CTPRA), and a Certified Third-Party Risk Professional (CTPRP); and holds an AS in Intelligence Analysis, BS in Business Management and MBA in Project Management.

Steve Tobias, Lead Client Success Advisor. As a Lead Client Success Advisor at RiskRecon by Mastercard, Steve partners with clients from various industry sectors to ensure they get the most out of the RiskRecon platform. He leverages his risk management experience to provide recommendations for incorporating vendor security ratings into and maturing third-party cyber risk management programs. His 20+ years of cybersecurity experience include information security, frameworks, governance, risk & compliance, third-party risk management and cyber risk program development. Prior to RiskRecon\Mastercard, he led a cyber risk management team and helped develop a cyber risk/TPRM program in the Healthcare sector. Steve holds a Bachelor’s in Information Systems Management, as well as CISSP, CISM and CTPRP certifications.

Shiven Patel serves as Director of Product Management at OneTrust, the Trust Intelligence Platform, unlocking every company’s value and potential to thrive by doing what’s good for people and the planet. OneTrust connects privacy, GRC, ethics, and ESG teams, data, and processes, so all companies can collaborate seamlessly and put trust at the center of their operations and culture. In his role, Shiven supports the OneTrust Third-Party Risk Management solution where he advises companies on how to reduce third party risks and build mutual trust between the business and its vendors.