Recorded: September 24 | 2020 Attend
Third-party risk management (TPRM) programs are designed to offload that risk, but the current approach isn’t providing the intended results. According to the Ponemon Institute, nearly 61% of U.S. companies have experienced a data breach caused by a third party.
To build an efficient TPRM program, it's critical to understand which vendors and suppliers present the most risk, as well as which ones are essential to your operations. By understanding where to prioritize your time, you can onboard key vendors faster, spend the right amount of time performing due diligence, and invest the most resources assessing and monitoring the third parties that matter most, helping to increase security and performance.
On this CPE accredited webinar our panel of experts will share their experiences and discuss how to:
- Overcome the most common vendor risk challenges
- Prioritize your third parties by criticality
- Streamline your due diligence and vendor assessment process
- Encourage effective communication between internal stakeholders
- Establish a continuous improvement cycle to encourage better results year over year
- Achieve efficiencies out of TPRM tools
Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.
Todd Boehler, Vice President of Product Strategy, at Process Unity. Todd collaborates with customers, partners and internal product teams to develop and deliver high-value risk and compliance solutions. In his role, he drives the company’s cloud services roadmap and defines ProcessUnity’s overall strategic direction. For nearly 20 years, Todd has served in product management and strategy roles for leading technology providers. In 2003, his governance, risk and compliance (GRC) startup was purchased by Stellent, which was soon after bought by Oracle Corporation. Todd worked for Oracle for seven years before joining ProcessUnity in 2014. He has extensive GRC experience, working with organizations’ engineering, services and sales teams to develop solutions, enable sales and deliver customer success.
Jon Ehret is Vice President of Strategy and Risk for RiskRecon. Jon brings 20+ years of experience in technology and risk, including extensive experience building, maturing and running third party risk programs in both the finance and healthcare industries. Before joining RiskRecon, Jon built and lead the third party risk program for BlueCross BlueShield of WNY and also served as President and Co-founder of the Third Party Risk Association, an international professional association of third party risk practitioners and vendors. Jon is a frequent speaker at third party risk conferences and holds a BS in Information Technology from the Rochester Institute of Technology, as well as the CISSP, CISA and CRISC professional
Stephen Boyer, CTO & Co-Founder at Bitsight. Stephen co-founded BitSight in 2011 and serves as the Chief Technology Officer. Prior to founding BitSight, Stephen was President and Co-Founder of Saperix, a company that was acquired by FireMon in 2011. While at the MIT Lincoln Laboratory, Stephen was a member of the Cyber Systems and Technology Group where he led R&D programs solving large-scale national cybersecurity problems. Before MIT, he worked at Caldera Systems, an early Linux startup. Stephen holds a Bachelor degree in Computer Science from Brigham Young University and Master of Science in Engineering and Management from the Massachusetts Institute of Technology.
Chris McCloskey, Third-Party Risk Solutions Engineer at OneTrust Vendorpedia. In his role, Chris advises companies throughout their third-party risk management implementations to help meet requirements relating to relevant standards, frameworks, and laws (e.g. ISO, NIST, SIG, GDPR and CCPA). McCloskey works with clients to centralize their third-party information across business units, assess risks and performance, and monitor threats throughout the entire third-party relationship, from onboarding to offboarding.