Recorded: Oct 31 | 2019 Attend
High-Profile Data Breaches have placed a spotlight on the risk of cyber security breaches with vendors and subcontractors, expanding the need to have greater rigor in third party risk management and ongoing risk assessments. Maintaining an effective third-party risk management program doesn't happen overnight. It's a journey that involves continual learning, refinement and evolution.
And as a program matures over time, it results in the management of vendors and other third parties with fewer risks, lower costs, better performance and stronger compliance. Since every company is at a different place in their journey towards better vendor management, it's important to identify steps that you can follow as you mature your program, and to consider your vendor risk ecosystem and the data and services that can have an enormous impact on risk reduction. On this CPE accredited webinar our panel of experts will address some key steps to mature your third-party risk management program, including how to:
- Create a third-party risk-management maturity roadmap,
- Connect with enterprise systems to create a centralized data repository and enable seamless vetting activities across processes,
- Incorporate external content sources for a more wholistic view of your vendors plus more sustainable ongoing monitoring,
- Strengthen and streamline your third-party risk management efforts.
Moderator
Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. At APACS he started the move to confront the reality of the threat to payment systems and the implications this has on any risk and security decisions taken. He was instrumental in helping the industry coordinate the response to the wave of e-banking attacks that started in 2004, and the development of a card based customer authentication strategy to protect e-banking channels. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. This included contributing to the strategic development of the Council through representing Visa Europe at the PCI SSC's Executive Committee, as well as the technical development of the standards. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe. Colin was responsible for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. He has now built on this experience by learning first-hand what PCI DSS means to merchants through his experience at Carlson Wagonlit Travel. Applying PCI DSS to probably one of the most complex industry verticals and one where it is almost impossible to spend money as a customer without using credit cards! He is now working as a freelance consultant helping retailers and service providers solve their cyber security and payment security compliance dilemmas.
Panel
Todd Boehler, Vice President of Product Strategy, at Process Unity. Todd collaborates with customers, partners and internal product teams to develop and deliver high-value risk and compliance solutions. In his role, he drives the company’s cloud services roadmap and defines ProcessUnity’s overall strategic direction. For nearly 20 years, Todd has served in product management and strategy roles for leading technology providers. In 2003, his governance, risk and compliance (GRC) startup was purchased by Stellent, which was soon after bought by Oracle Corporation. Todd worked for Oracle for seven years before joining ProcessUnity in 2014. He has extensive GRC experience, working with organizations’ engineering, services and sales teams to develop solutions, enable sales and deliver customer success.
Mark Deluca, Senior Vice President, Coupa. Mark is a career sales professional with expertise in enterprise applications for Fortune 500 firms. He has over a decade of experience in the HR space with ADP and PeopleSoft followed by over a decade in the supply chain space with firms such as Ariba, Accenture and Hiperos. Mark has performed in a variety of roles across sales, marketing, product management and sales management. He participated in the shift over to client server computing at PeopleSoft, followed by the shift over to eBusiness at Ariba. Following Ariba Mark got hooked on third party management at Accenture and spent over 8 years pioneering that space at Hiperos, which is now part of Coupa.
Jason Sabourin, Product Manager, CIPP/E, CIPM, CSPO. Jason Sabourin is the Vendor Risk Management Product Manager for OneTrust, the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. In his role, Sabourin is responsible for driving the development and delivery OneTrust's Vendor Risk Management product as well as driving the refinement of the toolset and offerings. He takes a customer-based approach to product development and derives the majority of his backlog from customer feedback and direction. Prior to launching the Vendor Risk Management module, Sabourin spent the last year bringing OneTrust's Data Mapping and Data Subject Access Rights products to market in preparation for the European Union’s General Data Protection Regulation (GDPR). Prior to OneTrust, Sabourin spent six years at Manhattan Associate’s as a Design Lead where he collaborated with customers and R&D directors to identify market trends and opportunities for efficiency gains within clients distribution centers by utilizing Warehouse Management for Open Systems (WMOS). Sabourin is a Certified Information Privacy Professional (CIPP/E, CIPM) and a Certified Scrum Product Owner. He holds a Bachelor of Engineering in Mechanical Engineering from Vanderbilt University.
Evan Tegethoff is Director of Engineering and Consulting at BitSight. He previously held numerous leadership roles in Risk and Compliance Management. Prior to BitSight, he developed Third Party Risk approaches for numerous large organizations. Additionally, he led consulting teams focused on third party risk assessment and risk management. He completed his education at Michigan State University.