Developing a Risk-Based Approach to Managing Third-Party Service Providers

This is a recording of SecureTheVillage’s webinar on October 16th, 2020, hosted by Stan Stahl, PHD.

Description: Financial institutions and businesses of all sizes are now heavily reliant on outsourcing and third-party vendors to offer world-class services at competitive prices. At the same time, the increased use of third-party services has dramatically altered the cybersecurity landscape and given rise to heightened scrutiny by regulators and the passage of privacy laws to protect consumers. Against this backdrop, it is now essential for banks and other businesses to implement a vendor management program based on the identification and evaluation of third-party risks. Using a risk-based approach, it is possible for banks and other businesses to easily implement a sound, cost-effective vendor management program that is tailored to the budget and risk profile of the business.

What You’ll Learn:

  1. How to evaluate existing vendors and prioritize management oversight based on the risk profile of each vendor
  2. How to assess the adequacy of existing risk mitigation controls and determine if controls need to be strengthened
  3. How to avoid complexity and unnecessary costs in assessing vendor risk
  4. How to tailor a vendor management program based on assessed risk and the needs of the business
  5. How to define reasonable requirements for managing third-parties throughout the vendor life cycle

Speaker: John Coleman, is Senior Associate with AuditOne LLC, a firm that provides audit and consulting services to U.S.-based financial institutions. He also provides independent consulting services through his own practice. John has over 30 years of experience as CIO, CISO, IT Director, and Audit Manager for financial services companies in the Los Angeles area. He graduated from The Ohio State University and earned designations as a Certified Information Security Manager (CISM) and Certified Internal Auditor (CIA). John also serves on the board of directors of SecureTheVillage and Crystal Stairs, Inc., both nonprofit organizations in Los Angeles, and is passionately committed to promoting cybersecurity awareness and is active as an organizer and speaker for industry events.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge