Print this page

Third-Party Risk Deep-Dive: How to Operate Your Program

073020tn

Recorded:    April 29 | 2021      Attend

Procurement, IT, and Compliance leaders struggle to manage today’s complex regulatory environment, expansive supply chains, and compliance burdens. Difficulties increase as organizations subject themselves to additional risk by involving more third parties—suppliers, sales agents, and even charities—as regulations grow ever-more complex.

These third-party threats can result in severe impact to your brand and bottom line—but compliance gaps can be managed more effectively, often by eliminating manual processes and embracing digital tools. On this CPE Accredited webinar our panel of experts will take a deep-dive into how to operate your program and drive effective third-party risk management, including:

  • KPIs to measure effectiveness and prove the impact and benefits of risk management strategies
  • Examples of real-life third-party risk management programs—what worked (and what didn’t)
  • Roles that Governance, Risk, and Compliance (GRC) play in your risk management

 

Moderator

colin whittakerColin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

HeadShotBrenda Ferraro, Global Governance Risk and Compliance Executive at Prevalent. Brenda Ferraro is a member of the senior management team at Prevalent and a US/UK Shared Assessments Steering Committee Board Member. She is a 2020 honoree of The Top 25 Women in Cybersecurity and The Most Influential Women in Arizona and recognized on the Tech Innovators list of the ‘2021 Leaders to Watch’. Brenda has brought surmounted attention to true risk management and third-party risk by economizing sector agnostic third-party processes and programs. Her strategic leadership paves way for corporations, consortiums, and Information Security and Analysis Centers (ISACs) to recognize value, remove program complexities, perform compliance readiness, and implement a flexible enterprise risk solution. Prior to joining Prevalent, Brenda’s over 2 decades of experience has led organizations through control standardization, regulatory compliance, incident/crisis management, process improvements, KPI/KRI reporting, and risk governance at companies such as; Edwards Air Force Base, Arrowhead Healthcare Centers, Charles Schwab, PayPal/eBay, Coventry and Aetna. She prides herself on personal growth and mentoring individuals and teams to continuously improve within their area of passion.

PRHSPerry Robinson, Solutions Architect for Product Strategy at ProcessUnity. He has more than 30 years experience in Risk Management, and Enterprise Applications via his technical leadership and management roles at Deloitte, OpenPages, Oracle, and Seal Software. Perry has extensive hands-on experience with many GRC, Workflow, and Contract Management applications. A common thread throughout his career has been his ability to embrace technological change and leverage it to develop solutions, enable sales and deliver customer success. Perry is responsible for collaborating with customers, partners, and internal teams to develop and deliver high-value risk and compliance solutions. In his role as Solutions Architect, Perry works closely with our customers to analyze their current application ecosystem and to optimize ProcessUnity’s solutions within their ecosystem.

Jaymin Headshot Jaymin Desai, Vendorpedia Offering Manager. Jaymin serves as the Offering Manager at OneTrust VendorpediaTM — part of the largest and most widely used technology platform to operationalize third-party risk, security, and privacy management. In his role, Desai is responsible for driving the development and delivery OneTrust's third party risk management product as well as driving the refinement of the toolset and offerings. He works with clients to centralize their vendor information across business units, assess risks based on use cases and relevant standards like CSA, CAIQ, SIG, GDPR and CCPA while also monitoring threats to seamlessly mitigate vendor risks throughout the engagement lifecycle. Desai takes a customer-based approach to product development and derives the majority of his backlog from customer feedback and direction.

JonEhretJon Ehret is Vice President of Strategy and Risk for RiskRecon. Jon brings 20+ years of experience in technology and risk, including extensive experience building, maturing and running third party risk programs in both the finance and healthcare industries. Before joining RiskRecon, Jon built and lead the third party risk program for BlueCross BlueShield of WNY and also served as President and Co-founder of the Third Party Risk Association, an international professional association of third party risk practitioners and vendors. Jon is a frequent speaker at third party risk conferences and holds a BS in Information Technology from the Rochester Institute of Technology, as well as the CISSP, CISA and CRISC professional.