Podcasts about third party risk management

In this podcast session, the speaker will provide a deeper dive into all the prospective questions organizations must ask their technology providers prior to moving forward with a deal.   Although, the technology works, great, but does the company as a whole?   Moderator: @Christina Wojcik - Head of Innovation & Partnerships, Pierson Ferdinand LLP   Speaker: @Krishna Vyas - Director of Third Party Risk Management and Information Security, CITI   Recorded 5-15-2025

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Jason Elrod, CISO, MultiCare Health System. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Supercharging teams Shifting to proactive A unique opportunity A human in the legal loop HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.

Whether compliance-as-security in CNI offers security or false confidenceNavigating tool and dashboard complexity to avoid CNI cyber blind spots Attracting cyber talent into CNI and away from finance and tech This episode is hosted by Jonathan Craven:https://www.linkedin.com/in/thomlangford/Sofia Martinez Gomez, VP, Risk & Tech Practice - Cybersecurity, Privacy & Compliance, AlixPartnershttps://www.linkedin.com/in/sofia-martinez-gomez-8b5534136/?locale=en_US  Monika Atanasova, Global Head of Third Party Risk Management, Raiffeisen Gruppehttps://www.linkedin.com/in/monika-atanasova-746633b7/?originalSubdomain=chDeryck Mitchelson, Global CISO, Check Point Software Technologieshttps://www.linkedin.com/in/deryckmitchelson

This week we are pleased to bring you one of our most popular episodes of 2024. Please enjoy, and we will be back next week with more insights from the Corruption, Crime, and Compliance podcast.How do you manage risk when the vulnerabilities are outside your organization aren't in your hands? In this episode of Corruption, Crime, and Compliance, we delve into the world of third-party risk management with our guest, Natalie Druckman, from Certa. As we discuss the regulatory landscape in EMEA and the US, Natalie highlights the higher regulatory burden faced by companies in EMEA, and how Certa uses AI to streamline workflows, provide intuitive data visualization, and enhance risk forecasting capabilities. AI is the future of third-party risk management, now and in the future.Cybersecurity has become one of the top concerns for organizations. In 2012, Target worked with a third-party vendor and, as a result, suffered an attack that exposed their customers' credit data. Since then, compliance departments have started working closely with IT to prevent such vulnerabilities. Unlike the US, EU companies don't benefit from gaps created between state and federal regulations. EMEA faces a mandatory and substantial regulatory burden, particularly in areas like ESG and compliance. A forced labor scandal can sink a company, so ESG's importance is on par with cyber security.Global companies are increasingly recognizing the importance of addressing ESG topics alongside cybersecurity and financial risks. ESG considerations, such as diversity, modern slavery, and gender pay gaps, have significant reputational and revenue impacts.AI is changing the world in many ways, including compliance. Certa aims to provide a comprehensive solution for third-party risk management, compliance, and operational risks by streamlining processes and incorporating AI capabilities to enhance efficiency and effectiveness.Certa utilizes various AI capabilities, including design AI, which allows users to create workflows using plain language. They don't need to know anything about tech; they can simply dictate the process, and AI generates the necessary code and infrastructure for it. This allows the company to remain flexible and able to quickly adapt to change.Insights AI is another capability that collects and analyzes data, making it far more accessible and efficient in managing up-to-the-minute risks and developments. This technology also uses design AI, allowing for plain language inputs to immediately create actionable, detailed reports.Recall AI allows companies to guarantee rapid and consistent responses from suppliers and customers by recalling past interactions to create surveys, forms, workflows, and processes. This removes the back-and-forth burden on all parties while still retaining the human touch.Smaller and midsize companies should prioritize their risk management processes and consider automated solutions like Certa. These companies can benefit from the efficiency and effectiveness of an automated platform, regardless of their industry or size.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law GroupNatalie Druckman on LinkedInCertaEmail Natalie: nat@certa.ai

Seit dem 17. Januar 2025 ist der Digital Operational Resilience Act (DORA) anzuwenden. Schonfrist gibt es keine. Doch wie ist der Umsetzungsstand im Finanzsektor und welche Herausforderungen gab und gibt es möglicherweise immer noch? Darüber sprechen wir mit Professor Dr. Patrik Buchmüller von der DHBW Villingen-Schwenningen und Johannes Haupt (DZ Bank AG). Unsere Gäste geben außerdem einen Ausblick, wie es im regulatorischen Umfeld von DORA in den nächsten Monaten weitergeht.

Legal issues are only one element of third-party risk. Learn what other risks your program should detect and mitigate.

Learn how changing technologies can support your third-party risk management program.

In this episode of CISO Tradecraft, host G. Mark Hardy sits down with Bill Dougherty, CISO of Omada Health, to discuss a groundbreaking threat model called 'Includes No Dirt'. This comprehensive model integrates security, privacy, and compliance considerations, aiming to streamline and enhance threat modeling processes. The conversation covers the origin and principles of the model, its applicability across different sectors, and the essential aspects of threat modeling. Listeners are also treated to insights on handling third-party risks and adapting to emerging AI challenges. The episode provides practical advice for cybersecurity leaders looking to effectively manage and mitigate risks while reducing redundancy.   Big Thanks to our Sponsors: ZeroPath - https://zeropath.com/ CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!   The No DIRT Threat Model can be found here: http://www.includesnodirt.com/nodirt.pdf   Transcripts: https://docs.google.com/document/d/1vWq4Zx7pzM_B65W933m8_TE0fLKaUw3X   Chapters 03:27 The Genesis of Includes No Dirt 05:05 Combining Security, Privacy, and Compliance 07:24 Implementing the No Dirt Model 11:42 Scoring and Evaluating Risks 17:41 Third-Party Risk Management 25:49 Evaluating SaaS Requests Based on Risk 27:55 Adapting Threat Models for AI 31:24 Principles of Minimum Necessary Data 33:42 General Applicability of Security Principles 35:12 Includes No Dirt: A Comprehensive Threat Model 40:15 Final Thoughts and Recommendations

In this episode of Reimagining Cyber, host Rob welcomes Tony Gonzalez, Principal at Inner Vision Services LLC and former CISO for QBE North America. They delve into the topic of third-party risk management, exploring its evolution from a checkbox approach to a comprehensive part of an organization's risk posture. They discuss the challenges and responsibilities involving third, fourth, and even fifth-party risks, especially within large organizations across various sectors like financial services, insurance, and biotech. Regulatory influences such as NYDFS and PCI are also examined, along with practical advice for prioritizing and improving third-party risk assessment processes, highlighting the importance of strategic partnerships and efficient communication.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Segment and test Focus on you Embrace the risk lifecycle Not all vendors are the same Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

If your organization is in a regulated industry, you should anticipate regular examinations. It's good to review your regulators website to become familiar with their exam process, classification of issues, etc. In this podcast, learn common exam findings and next steps.

Cyber attackers are becoming smarter and more organized, making it crucial for healthcare systems to stay ahead with robust cybersecurity measures. In this episode of "The Future of AI in Health" podcast series, co-hosts Dr. Jenny Yu and Saul Marquez interview Ed Gaudet, CEO and founder of Censinet, on how AI revolutionizes healthcare, particularly in third-party risk and enterprise risk management. Ed shares how his company is revolutionizing the way hospitals assess the cybersecurity readiness of third-party vendors through automation and a multi-sided network, drastically reducing the time required for cybersecurity risk assessments in healthcare. Addressing the complexities of AI in healthcare, he emphasizes the importance of robust governance. He also explains why organizations need to establish clear policies for AI use, considering the unique risks associated with AI, which extend beyond traditional cybersecurity threats. Join us as we explore the future of AI in healthcare and the critical role it plays in ensuring patient safety and improved care. Stay tuned! Resources:  Watch the entire interview here. Check more episodes of this Thought Leadership Series here. Connect with and follow Ed Gaudet on LinkedIn and email him here. Follow Censinet on LinkedIn and the website. Check out the Risk Never Sleeps podcast. Connect with and follow Jenny Yu on LinkedIn. Learn more about Healthline Media on LinkedIn and their website.

In this episode of the Risk Management Show poidcast, we welcome Michael Schank, a seasoned management consultant with over 25 years of experience in financial services. Michael discusses the limitations of traditional Enterprise Risk Management (ERM) programs and introduces the Process Inventory Framework, a methodology he developed to improve risk management, compliance, and strategic decision-making. Key Topics: Michael's Career Path: His journey in risk management and founding Process Inventory Advisors LLC. Why Traditional ERM Programs Fail: Blind spots, data quality issues, and confusion in operating models. The Process Inventory Framework: How it enhances risk management by integrating a detailed process inventory. Improving Data Quality in Risk Management: Addressing root causes and leveraging process taxonomy in GRC systems. Reducing Chaos and Increasing Accountability: Streamlining operations and improving risk management efficiency. Application Across Risk Types: Benefits for Operational Risk, Compliance Risk, Operational Resiliency, and Third-Party Risk Management.  

Nick McKenzie, CI&SO with Bugcrowd & Sumit Bansal, VP Asia Pacific & Japan, BlueVoyant discuss CxO perspectives on supply chain defence and Third Party Risk Management (TPRM).To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/ #bugcrowd #mysecuritytv

Bryn Sedlacek, Vice President and Product Manager at Aravo, joins us on the podcast to discuss third-party risk management focusing on holistic risks and unified visibility. In a wide-ranging discussion, Mike Volkov and Bryn Sedlacek discuss the challenges in implementing a third-party risk management program that captures holistic risks and maintains a consistent, unified line of sight across the organization's risk profile. They focus on sanctions, capturing the source and ultimate destination of products/services and including those in screening, leveraging how to handle conflict minerals as a model, and how data intelligence providers can help. Additionally, Bryn discusses unified visibility, which provides comprehensive visibility to executives and decision-makers across risk domains and performance. Finally, they discuss InfoSec risk with third parties, where to start, and the future of risk - technology and alternative risk strategies. Join Michael and Bryn as they navigate the complexities of compliance in today's corporate landscape.Bryn discusses how crucial it is to start with a realistic approach to building a compliance program and continually improve compliance programs to mitigate risks effectively.Having a platform like Arvao's is valuable for companies as it is highly configurable and tailored to meet the unique needs of each client's business structure and risk management requirements.The partnership between IT and cyber security in a compliance program is vital for addressing cybersecurity risks effectively within organizations. It is a growing trend for IT and cyber security to focus on collaboration and meeting the unique needs of each department.Unified visibility across different risk domains and third-party activities is essential for making informed decisions and managing risks effectively. Continuous monitoring and auditing are crucial in compliance programs, with a risk-based approach to optimize resources and ensure proactive risk management.Sanctions compliance is a growing area of focus, requiring proactive monitoring, risk-based approaches, and continuous updates to mitigate risks effectively.ResourcesBryn Sedlaceck on the WebEmail: bsedlacek@arvavo.comMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

In this episode of the Risk Intel Podcast, host Ed Vincent invites Shawn Ryan back to the show to dive deeper into the recent Interagency Third-Party Risk Management (TPRM) Guidance released in May 2024. The guidance from the Federal Reserve, FDIC, and the OCC included five critical aspects of third-party risk management: planning, due diligence, contract negotiation, ongoing monitoring, and termination.  In Part 1 of this series, Shawn discussed in detail the Planning and Termination stages of third-party engagement. In this episode, Shawn covers the critical aspects of due diligence, contracting, and monitoring that financial institutions must navigate, especially when dealing with FinTech and RegTech firms. Follow SRA to Learn More.Follow us to stay in the know!

In this episode of the Risk Intel Podcast, host Ed Vincent, sat down with Shawn Ryan, Chief Financial Officer at SRA Watchtower, to delve into the intricacies of third-party risk management relating to safely onboarding FinTech partners. Their discussion centered on the recent May 2024 joint interagency guidance on third-party risk management and its implications for community banks. This episode is a must-listen for financial institutions navigating the complex landscape of risk and innovation. Follow SRA to Learn More.Follow us to stay in the know!

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report,  I have a take a deep dive into the Prevalent 2024 Third Party Risk Management Report with Brad Hibbert, the Chief Strategy Officer and COO at Prevalent. Hibbert drives Prevalent's product vision and strategy development, which draws from the Third Party Risk Management Report. The Prevalent Report outlines  the complexities of managing third-party vendor relationships, highlighting the various phases involved such as onboarding, contracting, and offboarding. It examines the inefficiencies and risks that arise from fragmented processes and technologies handled by different teams. Our conversation explores how these challenges impact risk visibility and resource management, emphasizing the downstream effects on program scalability and decision-making. Highlights in this Episode ·       Introduction to Vendor Relationship Phases ·       Challenges in Managing Vendor Relationships ·       Inefficiencies and Risks in Vendor Management ·       Impact on Risk Visibility and Decision Making ·       Pressure on Teams and Resource Implications Resources  Brad Hibbert on LinkedIn Prevalent Prevalent's 2024 Third Party Risk Management Report  Tom Fox Instagram Facebook YouTube Twitter LinkedIn   For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Podcast: ICS Pulse PodcastEpisode: Ep. 47: Brad Hibbert on Third-Party Risk ManagementPub date: 2024-05-2150% of respondents still rely on spreadsheets and multiple tools for third-party risk management. In this episode of the ICS Pulse Podcast, we talk to Brad Hibbert of Prevalent about the company's 2024 Third-Party Risk Management Study and how to create more effective risk management practices.The podcast and artwork embedded on this page are from Industrial Cybersecurity Pulse, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Pulse PodcastEpisode: Ep. 47: Brad Hibbert on Third-Party Risk ManagementPub date: 2024-05-2150% of respondents still rely on spreadsheets and multiple tools for third-party risk management. In this episode of the ICS Pulse Podcast, we talk to Brad Hibbert of Prevalent about the company's 2024 Third-Party Risk Management Study and how to create more effective risk management practices.The podcast and artwork embedded on this page are from Industrial Cybersecurity Pulse, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In the fast-paced world of FinTech, navigating regulatory landscapes requires a keen understanding of evolving standards and proactive collaboration. Listen as we explore insights from a recent Risk Intel episode featuring Phil Goldfeder, CEO of the American Fintech Council, and Ed Vincent, CEO of SRA Watchtower as they discuss regulations around third-party risk management and how the new Guide for Community Banks can be leveraged.  Let's dive into three key themes: continuous adaptation, the importance of regulatory guidance and best practices, and the need for collaboration and communication. Follow SRA to Learn More.Follow us to stay in the know!

The RSA Conference in San Francisco is renowned for being a hub of cutting-edge discussions around everything related to cybersecurity, and this year, one of the spotlight was on and AI governance. In this conversation featuring industry experts from LogicGate, the focus was on unraveling the challenges organizations face in adapting to the rapidly evolving landscape of AI implementation.Unveiling the ExpertsModerated by Sean Martin, the discussion kicked off with a warm welcome to the LogicGate team, setting the stage for a deep dive into the complexity of AI governance. Matt Kunkel, the CEO of LogicGate, shared insights from his extensive consulting background in building GRC solutions for a diverse range of organizations. His vast experience culminated in the creation of the Risk Cloud Platform, a versatile tool that aids organizations in automating risk management processes tailored to their specific needs.The CISO PerspectiveNick Kathmann, the Chief Information Security Officer at LogicGate, brought to the table over two decades of experience in cybersecurity. His journey through managing security compliance for major players like Virtustream and RSA highlighted the intricate web of challenges posed by evolving technologies like AI. Nick emphasized the critical importance of aligning internal governance with external regulations to ensure a robust security posture.Demystifying AI GovernanceAs the conversation continues Sean Martin steered the discussion towards demystifying AI governance and its impact on organizational frameworks. The panel shed light on the dual challenges organizations face – the risk of embracing AI too recklessly and stifling innovation versus the risk of over-regulating and impeding progress. The consensus was clear – a balanced approach that marries speed and security is imperative for a successful AI governance strategy.The LogicGate SolutionMatt and Nick unraveled the intricacies of the AI governance solution developed by LogicGate, designed to provide organizations with a holistic framework for managing AI risks. By integrating AI governance with existing risk management protocols, LogicGate's platform offers a transformative approach that streamlines processes, enhances visibility, and ensures compliance with emerging standards.Looking Towards the FutureThe conversation concluded with a forward-looking approach, underscoring the rapidly evolving nature of AI technologies and the indispensable need for agile governance frameworks. The consensus was that staying ahead of the curve demands continuous assessment, adaptation, and alignment of AI governance with overarching business objectives.In ClosingThis episode of On Location Coverage at the RSA Conference 2024 offered a glimpse into the complexities and opportunities that AI governance presents for organizations worldwide. With LogicGate leading the charge in innovative solutions, the future of AI governance looks promising, anchored in a foundation of collaboration, foresight, and strategic alignment.As organizations navigate the uncharted waters of AI implementation, partnering with pioneers like LogicGate is poised to be the key to unlocking the full potential of this transformative technology. Stay tuned for more insights and developments on AI governance as we journey towards a future powered by innovation and resilience.Learn more about LogicGate: https://itspm.ag/logicgate-92d6bcNote: This story contains promotional content. Learn more.Guests: Matt Kunkel, CEO at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/matt-kunkel-91056143/Nick Kathmann, Chief Information Security Officer at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/nicholaskathmann/ResourcesLearn more and catch more stories from LogicGate: https://www.itspmagazine.com/directory/logicgateView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The RSA Conference in San Francisco is renowned for being a hub of cutting-edge discussions around everything related to cybersecurity, and this year, one of the spotlight was on and AI governance. In this conversation featuring industry experts from LogicGate, the focus was on unraveling the challenges organizations face in adapting to the rapidly evolving landscape of AI implementation.Unveiling the ExpertsModerated by Sean Martin, the discussion kicked off with a warm welcome to the LogicGate team, setting the stage for a deep dive into the complexity of AI governance. Matt Kunkel, the CEO of LogicGate, shared insights from his extensive consulting background in building GRC solutions for a diverse range of organizations. His vast experience culminated in the creation of the Risk Cloud Platform, a versatile tool that aids organizations in automating risk management processes tailored to their specific needs.The CISO PerspectiveNick Kathmann, the Chief Information Security Officer at LogicGate, brought to the table over two decades of experience in cybersecurity. His journey through managing security compliance for major players like Virtustream and RSA highlighted the intricate web of challenges posed by evolving technologies like AI. Nick emphasized the critical importance of aligning internal governance with external regulations to ensure a robust security posture.Demystifying AI GovernanceAs the conversation continues Sean Martin steered the discussion towards demystifying AI governance and its impact on organizational frameworks. The panel shed light on the dual challenges organizations face – the risk of embracing AI too recklessly and stifling innovation versus the risk of over-regulating and impeding progress. The consensus was clear – a balanced approach that marries speed and security is imperative for a successful AI governance strategy.The LogicGate SolutionMatt and Nick unraveled the intricacies of the AI governance solution developed by LogicGate, designed to provide organizations with a holistic framework for managing AI risks. By integrating AI governance with existing risk management protocols, LogicGate's platform offers a transformative approach that streamlines processes, enhances visibility, and ensures compliance with emerging standards.Looking Towards the FutureThe conversation concluded with a forward-looking approach, underscoring the rapidly evolving nature of AI technologies and the indispensable need for agile governance frameworks. The consensus was that staying ahead of the curve demands continuous assessment, adaptation, and alignment of AI governance with overarching business objectives.In ClosingThis episode of On Location Coverage at the RSA Conference 2024 offered a glimpse into the complexities and opportunities that AI governance presents for organizations worldwide. With LogicGate leading the charge in innovative solutions, the future of AI governance looks promising, anchored in a foundation of collaboration, foresight, and strategic alignment.As organizations navigate the uncharted waters of AI implementation, partnering with pioneers like LogicGate is poised to be the key to unlocking the full potential of this transformative technology. Stay tuned for more insights and developments on AI governance as we journey towards a future powered by innovation and resilience.Learn more about LogicGate: https://itspm.ag/logicgate-92d6bcNote: This story contains promotional content. Learn more.Guests: Matt Kunkel, CEO at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/matt-kunkel-91056143/Nick Kathmann, Chief Information Security Officer at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/nicholaskathmann/ResourcesLearn more and catch more stories from LogicGate: https://www.itspmagazine.com/directory/logicgateView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Recent industry-shaking events have made it clear that serious points of risk lurk throughout healthcare. They've also revealed that operational risk and IT security risk are deeply intertwined, making it incumbent for CISOs and CIOs to work with others in their health systems – from the chief risk officers, to clinical leaders, to emergency management – to help develop a joint picture of third-party risk that analyzes the implications of losing services not only from a cyber outage, but for any reason. In this timely webinar,  we'll speak to leaders who are committed to going back and reviewing key third-party service providers through the lens of recent learnings so appropriate levels of total risk can be assigned, and plan Bs can be developed. Source: Reexamining Third-Party Risk Management Around Critical Service Providers on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.

On the latest episode of Risk Management: Brick by Brick, Jason Reichl is joined by Brad Hibbert, the COO and CSO at Prevalent Inc., a company that provides third-party vendor risk management solutions to eliminate security and compliance exposures.

Traditional security questionnaires just aren't cutting it anymore. Tune into this ISACA Podcast episode, Chris McGowan chats with VISO TRUST CEO and Co-founder, Paul Valente as they delve into the evolving landscape of Third-Party Risk Management (TPRM), exposing the limitations of current methods and exploring how emerging AI trends are shaping a more secure future and driving more effective third-party risk management programs. To learn more about VISO Trust please go to https://visotrust.com/

On this episode of the Sourcing Industry Landscape podcast recorded live during the Global Executive Summit, Dina Ghobrial, founder of Halo AI, discusses her transition from Chief Procurement Officer at Coupa Software to launching Halo AI - a cutting edge platform that aims to revolutionize third-party risk management by leveraging technology to streamline vendor vetting processes. Halo AI utilizes diverse data sources, such as cybersecurity, financial viability, ESG, climate, and sentiment analysis, to generate instant vendor scores. Tune in to hear about Dina's journey and how Halo AI has the potential to transform third-party risk management within the procurement industry.    Learn more about Halo AI: https://www.gohalo.ai/ 

Guest: Branan Cooper, Financial Services execOn LinkedIn | https://www.linkedin.com/in/brananc/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining Cybersecurity Podcast, hosted by Sean Martin, we dive into the intricate world of third-party risk management with the insightful Branan Cooper, boasting an impressive three-and-a-half decades of experience in financial services. Throughout this discussion, Cooper and Martin explore the evolution and critical aspects of managing third-party risk within businesses, emphasizing the ever-increasing interconnectivity and dependencies in the digital age.Branan Cooper draws on his vast experience, touching on the regulatory milestones that have shaped third-party risk management practices, from early quality assurance efforts in the '90s to the recent comprehensive interagency guidance. Highlighting the intertwined nature of third-party risk with operational, cybersecurity, and compliance aspects, the episode sheds light on the need for a holistic approach encompassing due diligence, ongoing monitoring, and a lifecycle approach to vendor relationships.Significantly, the conversation delves into practical strategies for mitigating third-party risk, the importance of fostering a culture of communication and collaboration across departments, and the pivotal role of documentation in managing and mitigating risks effectively.Cooper also shares invaluable insights into the nuances of vendor relationships, from assessing and prioritizing risks to the crucial aspect of planning for potential exit strategies. This episode not only serves as a primer on the complexities of third-party risk management but also as a guide for navigating these challenges proactively, offering listeners actionable advice and best practices drawn from decades of experience.Whether you're a business leader, IT professional, or risk management practitioner, this episode provides a wealth of knowledge on safeguarding your organization in a interconnected business ecosystem.Key Questions AddressedHow have regulatory milestones shaped third-party risk management practices over time?What are the key strategies for effectively managing and mitigating third-party risks?How does coordinating across departments contribute to managing third-party risks more effectively?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Branan Cooper, Financial Services execOn LinkedIn | https://www.linkedin.com/in/brananc/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining Cybersecurity Podcast, hosted by Sean Martin, we dive into the intricate world of third-party risk management with the insightful Branan Cooper, boasting an impressive three-and-a-half decades of experience in financial services. Throughout this discussion, Cooper and Martin explore the evolution and critical aspects of managing third-party risk within businesses, emphasizing the ever-increasing interconnectivity and dependencies in the digital age.Branan Cooper draws on his vast experience, touching on the regulatory milestones that have shaped third-party risk management practices, from early quality assurance efforts in the '90s to the recent comprehensive interagency guidance. Highlighting the intertwined nature of third-party risk with operational, cybersecurity, and compliance aspects, the episode sheds light on the need for a holistic approach encompassing due diligence, ongoing monitoring, and a lifecycle approach to vendor relationships.Significantly, the conversation delves into practical strategies for mitigating third-party risk, the importance of fostering a culture of communication and collaboration across departments, and the pivotal role of documentation in managing and mitigating risks effectively.Cooper also shares invaluable insights into the nuances of vendor relationships, from assessing and prioritizing risks to the crucial aspect of planning for potential exit strategies. This episode not only serves as a primer on the complexities of third-party risk management but also as a guide for navigating these challenges proactively, offering listeners actionable advice and best practices drawn from decades of experience.Whether you're a business leader, IT professional, or risk management practitioner, this episode provides a wealth of knowledge on safeguarding your organization in a interconnected business ecosystem.Key Questions AddressedHow have regulatory milestones shaped third-party risk management practices over time?What are the key strategies for effectively managing and mitigating third-party risks?How does coordinating across departments contribute to managing third-party risks more effectively?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business ecosystem. We have seen the threat landscape change in the last few years. It has always been important to properly identify, categorize, and address risks created by our vendors and strategic partners, to now having to understand the entire supply chain, and how interruptions can affect your business. Even more recently, with the rise of Business Email Compromise (BEC), risks may also come from organizations you have no previous relationship or agreements with. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-167

Craig Callé talks about third party risk management (TPRM) and cyber security. TPRM is a subset of Governance Risk and Compliance (GRC), which aims to help organizations achieve their objectives, address uncertainties, and act with integrity. TPRM is crucial as over half of all data breaches occur through insecure third parties. Companies need to understand their relationships and monitor them more carefully, which requires a variety of tools and processes. Chris explains that third party risk management includes cybersecurity, reputation management, supply chain issues, and other risk categories such as financial liability. Cybersecurity has become the primary focus due to the numerous issues it addresses. Privacy is another important risk, with regulations like GDPR in Europe, CCPA in California, and others worldwide ensuring companies have a firm grip on consumer data. Companies must follow through with privacy regulations unless they can follow data to third parties. Areas of Scrutiny in Third Party Risk Management Craig mentions that ESG and sustainability are also areas of scrutiny, as companies must ensure their third parties align with their company's goals and objectives. However, he stresses that one must also be aware of laws pertaining to sanctions around the world. Issues of reputation, child labor, anti-money laundering, and bribery, are also important to be attentive to, not just for their own company but also for third parties they work with. Defining Third Party Risk Management Chris explains that third party risk management and enterprise risk management, are all subcomponents of GRC. He mentions that the term includes outsource providers, software as a service (SaaS) apps, cloud hosts, contractors, ecosystem partners, technology partners, and counterparties. Emergency third party risk management is a broader category that includes enterprise risk management, business continuity or operational resilience, compliance, and internal compliance. Global Risk Control (GRC) includes enterprise risk management, a risk register, business continuity or operational resilience, and compliance. A risk register compiles all the potential threats that can impact a company, and it is crucial to continually build a more predictable and measurable system to achieve its objectives at the lowest possible risk. GRC Frameworks Craig adds that business continuity or operational resilience is an important aspect of GRC, as it involves a set of controls and risks in place to understand where the company is in the journey and be able bounce back when bad things happen. Compliance is another area under GRC, as it involves creating a methodology for ongoing monitoring of operations and ensuring compliance with global rules and regulations. He mentions that a lot of GRC work involves picking a framework and building a program around it; for example, in cybersecurity circles, a popular standards body would be NIST, and he mentions a few others that give leaders a roadmap apropos to achieving high standards of operation. Governance in Risk Management Strategy Craig states that, in the context of Global Risk Control, the governance aspect is a crucial part of the organization's overall risk management strategy and that it is set in the roadmaps that have been developed with a team for each area, such as compliance or continuity.  The head of GRC is responsible for overseeing the system and ensuring that the organization operates within its control frameworks. For example, in a Fortune 500 company, a C-suite executive responsible for GRC would report to a Chief Risk Officer or CRO, with a solid line to the CEO and a dotted line to the board audit and risk committee.He goes on to explain various titles that may be given to the person in charge of GRC and why he believes there is a deficiency in putting all risks under one umbrella. The Director of Third Party Risk Management Role Explained The director of third party risk management might have several processes, such as onboarding new third parties, periodic audits, ongoing real-time monitoring, reporting functions, and investigating and dealing with incidents and responses. However, the responsibilities depend on the organization's level of maturity and the complexity of the process. David offers a few examples to clarify the complexity of the many situations involved that have to be taken into consideration, including the fact that risk management processes can often be seen as blockers, and additionally, offers a tip on how to overcome this issue.  The Importance of Third Party Risk Management in Organizations The discussion revolves around the importance of third party risk management in organizations. It discusses the use of questionnaires and cyber risk ratings, which are non-invasive and objective tools that help triage the community of third parties and quantify vulnerability to data breaches. These tools allow TPRM professionals to compare responses on lengthy questionnaires with objective data, allowing for deeper discussions and corrective action when necessary. The discussion also touches on the need for human involvement in the processes, as automation has become increasingly popular. AI has become an important tool for parsing through voluminous data to identify central facts. However, human involvement remains an essential element in the process. Software for Third Party Risk Management Craig talks about the different types of software within the third party risk management universe. Some of the essential platforms include workflow automation platforms like Process, Unity, MetricStream, ServiceNow, LogicGate, BitSight and more. These platforms facilitate the issuance of assessments, review of responses, and routing to specific people or groups within an organization. Cyber risk ratings, which have been around for over 10 years, represent over half the market share and are now a natural complement to flow platforms. They provide easy-to-digest results that don't require an IT certification and are not based on FICO scores or letter grades. Overall, the discussion emphasizes the importance of human involvement in the third party risk management process to ensure effective and influential outcomes. Forecasting Improvements in the GRC Arena Craig believes that over the next decade, the focus of third party risk management will evolve from a risk focus within GRC to a high-electron level orchestration across CISOs, risk officers, and procurement people. This will lead to a more comprehensive view of risk and performance, ensuring that companies are not just scratching the surface when it comes to the risk aspects of third parties. Craig talks about the importance of selecting the right software for clients, highlighting the pros and cons of a best of breed approach versus a multi-module suite and a GRC-oriented suite. He explains that there are pros and cons to sharing data across modules, but there is also an opportunity for cross-sharing information across platforms. For example, if a company has a privacy module and wants to attack vendor risk, there is a natural logic to connect the data map to third parties that might pull data that needs to be aware of. However, this can be a different silo, and it can be difficult to cross-share information across platforms. He also emphasizes the need to understand the problem and inherited solutions, as well as the timeframe and budget constraints.  Timestamps: 05:15 Third-party risk management and GRC 11:57 GRC roles and responsibilities in a Fortune 500 company 16:10 Third-party risk management processes and responsibilities 21:59 Third-party risk management software and techniques 27:26 Third-party risk management and platform automation 32:21 GRC and third-party risk management Links: Company Website:https://sourcecalle.com/ LinkedIn: https://www.linkedin.com/in/craigcalle/ Unleashed is produced by Umbrex, which has a mission of connecting independent management consultants with one another, creating opportunities for members to meet, build relationships, and share lessons learned. Learn more at www.umbrex.com.  

Although a vendor's risk can change over time, risk-based due diligence is a a good strategy that provides consistent results. In this podcast, learn three ways risk-based vendor due diligence can improve your efficiency.

Third-Party Risk Management and Legal Perspective Assessing generative AI risks now – especially those involving third parties – can protect businesses from compliance problems down the road. Juliana Neelbauer, a member of our Artificial Intelligence Practice, is joined by cybersecurity consultant Matt Mettenheimer (Associate Director, S-RM) for this practical conversation. Together, their shared points of view provide a detailed look at what business should consider when using generative AI and related cyber risks when working with third-party vendors.

The economy has faced many challenges the past few years, from the pandemic, supply chain issues, ongoing global wars, and others. These events present many challenges for organizations and their looking to cut costs. As a result third-party risk management teams are on the chopping block.

How do you manage risk when the vulnerabilities are outside your organization't in your hands? In this episode of Corruption, Crime, and Compliance, we delve into the world of third-party risk management with our guest, Natalie Druckmann, from Certa. As we discuss the regulatory landscape in EMEA and the US, Natalie highlights the higher regulatory burden faced by companies in EMEA, and how Certa uses AI to streamline workflows, provide intuitive data visualization, and enhance risk forecasting capabilities. AI is the future of third-party risk management, now and in the future.Cybersecurity has become one of the top concerns for organizations. In 2012, Target worked with a third-party vendor and, as a result, suffered an attack that exposed their customers' credit data. Since then, compliance departments have started working closely with IT to prevent such vulnerabilities. Unlike the US, EU companies don't benefit from gaps created between state and federal regulations. EMEA faces a mandatory and substantial regulatory burden, particularly in areas like ESG and compliance. A forced labor scandal can sink a company, so ESG's importance is on par with cyber security.Global companies are increasingly recognizing the importance of addressing ESG topics alongside cybersecurity and financial risks. ESG considerations, such as diversity, modern slavery, and gender pay gaps, have significant reputational and revenue impacts.AI is changing the world in many ways, including compliance. Certa aims to provide a comprehensive solution for third-party risk management, compliance, and operational risks by streamlining processes and incorporating AI capabilities to enhance efficiency and effectiveness.Certa utilizes various AI capabilities, including design AI, which allows users to create workflows using plain language. They don't need to know anything about tech; they can simply dictate the process, and AI generates the necessary code and infrastructure for it. This allows the company to remain flexible and able to quickly adapt to change.Insights AI is another capability that collects and analyzes data, making it far more accessible and efficient in managing up-to-the-minute risks and developments. This technology also uses design AI, allowing for plain language inputs to immediately create actionable, detailed reports.Recall AI allows companies to guarantee rapid and consistent responses from suppliers and customers by recalling past interactions to create surveys, forms, workflows, and processes. This removes the back-and-forth burden on all parties while still retaining the human touch.Smaller and midsize companies should prioritize their risk management processes and consider automated solutions like Certa. These companies can benefit from the efficiency and effectiveness of an automated platform, regardless of their industry or size.KEY QUOTE“I think there is a very strong drive here for companies and stakeholders, not just to do the right thing… but doing the good thing as well.” - Natalie DruckmanResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law GroupNatalie Druckman on LinkedInCertaEmail Natalie: nat@certa.ai

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Erik Decker, CISO, Intermountain Health. In this episode: Why are we all struggling trying to manage third-party risk? Why do the hated questionnaires seem like compliance checkbox efforts? Does anyone believe it reduces risk? What's the right approach and how do you strike the right balance? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

In this informative podcast, learn 4 key recommendations to implement in your third-party risk management programs to mitigate and manage vendor risk this upcoming year.

In this podcast, we'll reflect back on what's been happening in the world of third-party risk this year. We've included five takeaways, from AI to the fall of Silicon Valley Bank. Listen now!

Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/At RSA | https://www.rsaconference.com/experts/laura-robinson____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

- You recently wrote a book titled Zero Trust and Third Party Risk. Can you tell us a bit about the book, why you wrote it and how you see the convergence of ZT and TPRM?- There's been a lot of discussion lately around Software Supply Chain Security, but also Cybersecurity Supply Chain Risk Management, or C-SCRM. Do you see the former being part of the latter, and what challenges do you think organizations face trying to tackle both?- TPRM often involves manual subjective lengthy questionnaires that we are all painfully familiar with. How effective do you think these are and do you think we are going to see a future based on machine-readable attestations and more automated assessments to augment some of the traditional manual questionnaire type activities?- Most organizations struggle to implement fundamental security practices and processes within their own organization, let alone thoroughly ensuring all of their 3rd and nth tier suppliers are, is this a gordian knot type situation?- What are your thoughts on first party self-attestations vs 3rd party assessments? Each has its pros and cons and challenges. - The name Zero Trust is a bit of a misnomer, as we know it means no implicit trust, and it also seems a little counter-intuitive in our increasingly inter-connected ecosystem and society. How do you see the push for Zero Trust playing out when we look at the broader supply chain ecosystem?

In 1904, a fire broke out on a steamboat full of families enjoying a ride along New York City's East River. The panicked passengers quickly discovered they had an even bigger problem on their hands - the ship's life preservers. The safety equipment turned an emergency into a catastrophe. When you run a business, you build relationships with other businesses. They become your vendors and suppliers. But what happens when these third parties make decisions that put your customers and your business at risk?We talk with Edward T. O'Donnell, author of Ship Ablaze: The Tragedy of the Steamboat General Slocum, and Matt Moog, General Manager of Third Party Risk Management at OneTrust, to find out how an untrustworthy vendor can sink your brand and your business.

Partnering with a large well-known vendor can prove to be beneficial. However, in some instances larger vendors can be more difficult to effectively manage. Learn the essential tips and best practices to mitigate vendor risk with your large vendors.

Welcome to a new show about trust. It takes hard work to build and a moment to break. And if that happens, you might never get it back.We've got five surprising stories that will help you understand why trust matters, from a tragic steamboat fire that claimed more than 1,000 lives to the space shuttle Challenger disaster, and a medical research project that harmed instead of healed.   These stories will help you understand your blind spots, from privacy and consent, to data discovery, to workplace culture – and show you how to create an organization built around trust.

In June, nearly two years after issuing their proposal for third-party risk management (TPRM), the U.S. banking regulators – the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation – finalized their guidance. In this podcast, Brian Kostek from Protiviti interviews Kathryn Hardman from Veritex Bank and Helen Smith from First Citizens Bank about the implications of the updated interagency guidance for their institutions and how institutions can reconcile the revisions in their existing TPRM programs. Brian is a Managing Director with Protiviti and leader of the firm's third-party risk management practice. Kathryn is Senior Vice President with Texas-based Veritex Bank and is the Director of Third-Party and Model Risk Governance. Helen is the Head of Third-Party Risk Management at First Citizens Bank. Contact Brian at brian.kostek@protiviti.com. Contact Kathryn at linkedin.com/in/kathryn-hardman-096a99b. Contact Helen at linkedin.com/in/helensmith2021.

Regulatory examiners have distinct expectations when it comes to the boards involvement in third-party risk management. Listen to learn the board's place in regulatory exams, and how you can lend a helping hand.

The Mirai botnet afflicts Tomcat. CardioComm services are downed by cyberattack. Uptycs calls infostealers “organization killers" as related security incidents double in a year. Legacy third-party risk management practices meet with dissatisfaction. Cyber skill gaps reported in the UK's workforce. Our guest is George Prichici of OPSWAT with a look at a Microsoft Teams vulnerability. Our new Threat Vector segment features a conversation with David Moulton and Michael Sikorski on the potential threats from LLMs and AI. And SiegedSec hits NATO sites. On this first segment of Threat Vector, Michael "Siko" Sikorski, CTO & VP of Engineering for Unit 42, joins host David Moulton to discuss LLMs & AI and the impacts to expect on social engineering, phishing, and more. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/142 Threat Vector links. Palo Alto Networks Unit 42 Selected reading. Tomcat Under Attack: Exploring Mirai Malware and Beyond (Aquasec) CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services (TechCrunch)  Detecting the Silent Threat: 'Stealers are Organization Killers' (Uptycs) Cyber security skills in the UK labour market 2023 (DSIT) NATO investigates alleged data theft by SiegedSec hackers (BleepingComputer) NATO investigating apparent breach of unclassified information sharing platform (CyberScoop)  SiegedSec Compromise NATO (Cyberint)

John Byrne and Terry Pesce discuss the recent Interagency Guidance on Third-Party Relationships: Risk Management. They look at the implications of the guidance and what banks should do to assess their current risk management process for interactions with third parties.

US bank regulators have issued interagency guidance on third-party risk management. The new pronouncement combines and updates past guidance issued by the individual agencies. John and Elliot discuss key parts of the guidance and some implications for banks and their vendors.

In this Their Story podcast episode, Michael Parisi and Sean Martin dig into the challenges and implications of compliance, cybersecurity, and the risk of commoditization in the industry. The conversation focuses on the importance of maintaining a strong security posture, the role of stakeholders, and the need for education among non-technical individuals, such as CFOs and board members, to prevent a race to the bottom in cybersecurity.Parisi's main concern is that compliance has become an outcome rather than a mission, and that cybersecurity could follow a similar path if we're not careful. With an increasing number of organizations turning to managed security service providers (MSSPs), the risk of commoditization looms large. Parisi and Martin also discuss the challenges posed by the "fog of more" in the cybersecurity landscape, with an overwhelming number of security solutions available and a potential race to the bottom in pricing.The conversation shifts to the role of stakeholders in preventing this downward spiral. Parisi argues that stakeholders have the power to save the industry, but only if they care enough and are adequately educated about the importance of cybersecurity. He believes that educating boards and business owners is crucial to creating more stakeholders with a genuine stake in the game.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Michael Parisi, Head of Client Acquisition at Schellman [@Schellman]On Linkedin | https://www.linkedin.com/in/michael-parisi-4009b2261/ResourcesLearn more about Schellman and their offering: https://itspm.ag/schellman9a6vFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

This time, Jason talks to Robert Barney, the Founder and Managing Director of FloQuote. In the episode, Robert and Jason discuss the struggles of integrating technology into the construction sector, the challenges with the quoting-for-business process, and how important it is for contractors to have the “difficult conversations early”.