Webcast - Accountability in the Ecosystem: Third-Party Risk Management

During the pandemic, organizations that are reliant on vendors to perform valuable key functions or supply essential goods are seeing uncertainty and volatility. The “trust-but-verify” model becomes more complex as third parties become unavailable or are out of business. Considering these challenges, how do organizations effectively manage their third-party ecosystem? Is your organization equipped to answer tough questions about exposing sensitive data to third parties? Has your organization quantified the overall risk that is associated with third-party access to ‘crown jewel’ data assets and systems?

This webinar will discuss practical ways to tackle these complex and daunting challenges. We will show how organizations big and small have used fundamentals and innovation to triage and prioritize their third-party partners based on risk, and step through several real-life examples demonstrating industry-leading practices.

Following this webinar, you’ll have the necessary tools and knowledge to:

• Justify executive support in tackling third-party risk at your organization in spite of COVID-related budget constraints
• Apply industry-leading methodologies and practices to your organization based on right-fit and the new post-pandemic economic reality
• Employ ongoing monitoring practices into your third-party risk program

1 CPE credit available for live attendees only.

No prerequisites required. Level: basic. Field of study: Information Technology. Instruction delivery method: Group Internet Based. Elements of Engagement: Polling Questions.

Protiviti is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org. For more information regarding administrative policies, complaints and refunds please contact the Protiviti CPE Administrator at [email protected].

Access On-Demand Recording

Speakers:

Paul Kooney

Managing Director, IT Security & Privacy Management

Protiviti

 

Paul Kooney is a Managing Director in Protiviti’s Security and Privacy practice, with extensive knowledge and experience in developing information security programs, performing compliance assessments, developing vendor risk management programs, and providing information security assessment services. Paul leads the Third Party Risk Management (TPRM) solution offering within the Security and Privacy practice. In his over twenty five years of experience, Paul has managed and delivered security services for organizations in the financial, healthcare, manufacturing, retail, entertainment, and transportation industries to assess information security needs and implement solutions. In addition to his lead role in the annual Shared Assessments - Protiviti Vendor Risk Management Benchmark Study, Paul serves on the Shared Assessments Steering Committee, contributes to many Shared Assessments working groups for the development of tools and thought leadership, and has been a long time Shared Assessments proponent.

 

Brian Kostek

Managing Director, Risk & Compliance

Protiviti

 

Brian is a Managing Director with Protiviti and is part of the Regulatory Risk team located in Tampa, Florida. Brian leads the Third Party Risk Management (TPRM) solution offering within the Risk and Compliance solution in the United States, and coordinates with Protiviti’s Business Performance Improvement and Technology Consulting Practices for our cross-solution TPRM offering. Brian’s experience and expertise focuses on regulatory risk and compliance, third party vendor risk, and operational risk. Prior to joining Protiviti, Brian had worked as an Associate National Bank Examiner with the Office of the Comptroller of the Currency from 2006 - 2010.

 

Andrew D’Angelo

Senior Manager, Security & Privacy

Protiviti

 

Andrew D’Angelo is a Senior Manager in Protiviti’s New York Data Security and Privacy practice, and a quantitative information security risk professional. He has deep experience leading the design, implementation, oversight and maturity assessment of multiple information security third-party risk management programs. Andrew’s industry experience is broad, including financial services, healthcare, technology and quasi-government organizations.

Andrew holds the Certified Third-Party Risk Professional credential and is a regular participant in multiple Shared Assessments working groups. He has deep experience in operationalizing third-party risk best practices.

Julia Thompson

Manager

Protiviti

 

Julia Thompson is a Manager in Protiviti’s Security and Privacy practice located in Dallas, with extensive experience in third party risk management, primarily within the financial services and healthcare industries. She has expertise leading the design, implementation and operation of third party risk management programs and security strategy implementations. Julia holds the Certified Third-Party Risk Professional certification, the OneTrust Vendor Management Expert certification, and participates in Shared Assessments working groups.