Episode Two: Unpacking the Layers of Third-Party Risk: From Vendor Lists to ISO Certifications
In this episode of "The Risk Rundown with Shared Assessments," we delve into the complexities of third-party risk management (TPRM) and its critical role in today's cybersecurity landscape. Our expert guests discuss the evolution of TPRM, sparked by high-profile incidents like SolarWinds and Log4j, and the steps involved in building a robust TPRM program. From developing comprehensive questionnaires to understanding the appropriate use of certifications like SOC 2 and ISO, we explore the challenges and best practices for effective risk assessment. The conversation highlights the importance of a holistic approach, incorporating various organizational perspectives, and the benefits of automation in streamlining processes. Additionally, we address the impact of regulatory considerations on TPRM and the need for continuous monitoring and adaptation. Join us for valuable insights and practical advice to strengthen your organization's TPRM strategy and enhance its overall security posture.
-
Elizabeth DunsmoorTPRM Principal, Shared AssessmentsElizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.View full bio -
Amyn SarifSr. Security Manger/ Advisor – Strategy and Risk Management,Amyn Sarif is well experienced, knowledgeable and skilled in area of third party risk management (TPRM). In his former role as the Business Information Security Officer (BISO) for M&A, Amyn specialized in elevating the security standards of newly acquired health organizations to align with corporate security programs. He was instrumental in supporting the developing a comprehensive Third Party Risk Management Program and adept at responding to TPRM questionnaires. His extensive work included overseeing SOC2 completions and framework assessments for his entire M&A portfolio. In his current role as a Senior Risk Manager/Adviser, Amyn addresses a broad spectrum of information risk-related issues. He has established himself as a subject matter expert in TPRM, guiding organizations in program development and vendor management. Additionally, he offers critical insights into aligning TPRM with government regulations for cybersecurity and privacy programs.View full bio
