Print this page

How to Improve Efficiencies in Your Vendor Risk-Management Program

073020tn

Recorded:    June 24 | 2021      Watch Now

Traditional Vendor Risk Management tactics are inadequate for understanding the cybersecurity posture of your vendor ecosystem. Your organization should also make sure that your program is efficient in its processes and works to enable business, mitigate risk, ensure compliance and that it fits into your organization’s overall structure. Whatever your company size and regardless of the number of vendors you have, creating efficiencies across your vendor risk management program isn’t just helpful—it’s critical if you want to properly assess the security posture of your vendors.

Join this expert panel webinar and learn how to make your VRM process more efficient, including how to:

  • Use automated solutions to drive continuous monitoring.
  • Tier your vendors based on their risk, and ensure your vendor knows the expectations set for them.
  • Organize your team to put a process in place and stick to it.
  • Make your cybersecurity posture a competitive advantage.

Moderator

colin whittakerColin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

Headshot Todd BoehlernewTodd Boehler, Senior Vice President of Product Strategy, at Process Unity. Todd collaborates with customers, partners and internal product teams to develop and deliver high-value risk and compliance solutions. In his role, he drives the company’s cloud services roadmap and defines ProcessUnity’s overall strategic direction. For nearly 20 years, Todd has served in product management and strategy roles for leading technology providers. In 2003, his governance, risk and compliance (GRC) startup was purchased by Stellent, which was soon after bought by Oracle Corporation. Todd worked for Oracle for seven years before joining ProcessUnity in 2014. He has extensive GRC experience, working with organizations’ engineering, services and sales teams to develop solutions, enable sales and deliver customer success.

EmilyShea Murphy, GRCP, Third-Party Risk Solutions Engineer at OneTrust VendorpediaTM . Shea serves as a Third-Party Risk Solutions Engineer for OneTrust VendorpediaTM – a purpose-built software designed to operationalize third-party risk management. In her role, Murphy advises companies throughout their third-party risk management implementations to help meet requirements relating to relevant standards, frameworks, and laws (e.g. ISO, NIST, SIG, GDPR and CCPA). Murphy works with clients to centralize their third-party information across business units, assess risks and performance, and monitor threats throughout the entire third-party relationship, from onboarding to offboarding. 

JonEhretEmily Shipman, Director, Product Management at RiskRecon, a Mastercard Company, leading product development, and innovation initiatives. Prior to her role at RiskRecon, she spent 10 years at RSA Archer responsible for RSA Archer’s Integrated Risk Management offerings and also spent seven years in Archer’s presales consulting group, working with hundreds of GRC customers globally to develop tailored solutions for cutting-edge risk management.

 

JasonJason Steer, Director at Recorded Future, has over 20 years of information security experience, having worked at a number of successful technology companies over the past 15 years, including IronPort, Veracode, and FireEye. Jason also has experience as a media expert with the BBC, CNN, and Al Jazeera, and has worked with both the EU and U.K. governments on cybersecurity strategy.