Recorded:    Sept. 21 | 2023      Watch

In today's interconnected business landscape, managing risks associated with third-party relationships has become crucial for organizations across industries. Continuous Controls Monitoring (CCM) offers a proactive approach to monitor and mitigate risks by continuously evaluating controls and compliance measures.

Join our expert panel on this CPE webinar and equip yourself with the knowledge and practical guidance needed to implement CCM effectively for third parties, and:

• Understand the significance of CCM in the context of third-party risk management: Discover why traditional point-in-time assessments are no longer sufficient and how CCM provides real-time insights into the effectiveness of controls implemented by third parties.
• Learn the key steps involved in implementing CCM for third parties: Gain practical knowledge of the step-by-step process required to establish a robust CCM program, including defining control objectives, selecting appropriate monitoring techniques, and setting up an automated monitoring system.
• Explore best practices for selecting and assessing third-party controls: Identify the critical factors to consider when evaluating third-party controls and gain insights into effective control assessment methodologies that align with CCM principles.
• Discover strategies to enhance third-party risk mitigation through CCM: Explore how CCM enables organizations to identify and address control gaps and non-compliance issues in real time, enhancing risk mitigation efforts and fostering stronger relationships with third parties

Moderator

Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

Panel

Chris Strand, Global General Manager of Compliance. Chris Strand is the Global General Manager of Compliance at Sevco Security. He has more than 25 years of technical, security and compliance experience, including launching and leading the cyber-compliance and security risk division at Carbon Black. Chris also served as Chief Compliance Officer at IntSights Cyber Intelligence, where he built and led the first intelligence based global risk and compliance program. A PCI Professional (PCIP) and trained Quality Security Assessor (QSA), Chris has also been certified on and is proficient with regulatory disciplines and data protection frameworks including HIPAA, NERC CIP, NIST CSF, and GDPR.

Val Manahor, Director of Customer Experience and Engagement, CTPRP, at RiskRecon by Mastercard. Val has over 20 years of experience designing, building and implementing enterprise risk management, third party risk management, governance, risk and compliance (GRC), and compliance / regulatory programs. In her current role, Val leverages her experience by helping clients from various industries effectively implement and mature third-party risk programs using continuous monitoring methodology. Prior to joining RiskRecon\Mastercard, Val served as a key advisor for enterprise-wide information security committees and initiatives.

Gary W. Phipps, Vice President Strategy & Business Transformation, GRCP CTPRP, at ProcessUnity. Gary has over 20 years of experience providing program design support to program initiatives involving risk management, regulatory compliance and internal control enforcement for clients in various industries including but not limited to finance, government, defense, healthcare and higher education. Prior to joining CyberGRX, Gary advised the Citizen Utility Boards on compliance matters and acted as advisor to many Fortune 50 financial institutions as well as the DOD including the Joint Staff on how to effectively comply with imminent regulatory statutes.

Bob Ertl, Sr. Director, Product Marketing, Kiteworks. Bob brings over 20 years of enterprise software product marketing, consulting, and product management experience, covering compliance and security, unstructured and structured content, and analytics. Prior to joining Kiteworks in 2014, he brought innovative business intelligence and data warehousing products to market at Oracle, Hyperion, Brio, and several start-ups, and led implementation projects across a variety of industries.