The Risk Rundown Podcast

We’re excited to announce the release of The Risk Rundown, our new podcast. Listen in on conversations with risk practitioners about their career journeys through the world of third-party risk management (TPRM). Learn how other risk programs view evolving risks and emerging technologies. You can access The Risk Rundown via our website or wherever you get your podcasts. Interested in joining in the conversation? Click below.

Participate In Podcast
Apple podcast
Spotify podcast

Episode Four: AI, Supply Chains, and the CEO Perspective: Future-Proofing Your Organization

The Risk Rundown
The Risk Rundown
Episode Four: AI, Supply Chains, and the CEO Perspective: Future-Proofing Your Organization
Loading
/

In this special “CEO Corner” episode, Elizabeth Dunsmoor, TPRM Principal at Shared Assessments, sits down with Mark Orsi, CEO of Global Resilience Federation, to explore the evolving landscape of operational resilience and third-party risk management from the perspective of the C-suite. They discuss the shift from cybersecurity to resilience, the importance of understanding supply chain vulnerabilities, and how AI impacts the industry. Mark emphasizes the need for leaders to focus on operational resilience, collective defense, and preparing for geopolitical risks. They also touch on the significance of continuous monitoring, collaboration, and exercising crisis scenarios to strengthen organizational resilience.

Speakers:
  • Elizabeth Dunsmoor
    TPRM Principal, Shared Assessments
    Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.
    View full bio
  • Mark Orsi
    CEO, Global Resilience Federation
    Business and technology leader with a comprehensive risk and cybersecurity management background and exemplary analytical abilities. Demonstrated leadership in Fortune 100 companies such as JPMorgan Chase, Microsoft, Goldman Sachs, and Verizon. Proven track record in reducing risks, troubleshooting sophisticated business and technical problems, and protecting the confidentiality, integrity, and availability of sensitive data.
    View full bio

Episode Three: Navigating Global Challenges: The Intersection of Resilience and Third-Party Risk

The Risk Rundown
The Risk Rundown
Episode Three: Navigating Global Challenges: The Intersection of Resilience and Third-Party Risk
Loading
/

In this episode of The Risk Rundown with Shared Assessments, Elizabeth Dunsmoor is joined by Shriparna Ghosh, Director at EY and expert in Third-Party Risk and Resilience Management. Together, they explore the evolving landscape of third-party risk management (TPRM), emphasizing the critical importance of resilience in today’s interconnected world. Sri shares her insights on building robust TPRM frameworks that can withstand the challenges of modern cybersecurity threats. The discussion dives into key areas such as the impact of global regulations on third-party risk, the role of resilience planning, and strategies for vendor assessment. Listeners will gain practical tips for enhancing their third-party risk programs, including how to integrate resilience measures and effectively align with regulatory requirements. Tune in to learn how organizations can future-proof their TPRM programs by embracing resilience as a core component.

Speakers:
  • Elizabeth Dunsmoor
    TPRM Principal, Shared Assessments
    Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.
    View full bio
  • Shriparna Ghosh
    Director of Third-Party Risk and Resilience Management, EY
    Shriparna is a Director at EY focussing on Third-Party Risk & Cyber Resilience Management. Shriparna has 13+ years of experience advising clients on large scale Third-Party Risk programmes to find efficient ways of managing supplier risk & resilience landscape. Over the years, she has supported many firms in laying strong foundations of smart governance and program execution for supplier Risk Management.
    View full bio

Episode Two: Unpacking the Layers of Third-Party Risk: From Vendor Lists to ISO Certifications

The Risk Rundown
The Risk Rundown
Episode Two: Unpacking the Layers of Third-Party Risk: From Vendor Lists to ISO Certifications
Loading
/

In this episode of "The Risk Rundown with Shared Assessments," we delve into the complexities of third-party risk management (TPRM) and its critical role in today's cybersecurity landscape. Our expert guests discuss the evolution of TPRM, sparked by high-profile incidents like SolarWinds and Log4j, and the steps involved in building a robust TPRM program. From developing comprehensive questionnaires to understanding the appropriate use of certifications like SOC 2 and ISO, we explore the challenges and best practices for effective risk assessment. The conversation highlights the importance of a holistic approach, incorporating various organizational perspectives, and the benefits of automation in streamlining processes. Additionally, we address the impact of regulatory considerations on TPRM and the need for continuous monitoring and adaptation. Join us for valuable insights and practical advice to strengthen your organization's TPRM strategy and enhance its overall security posture.

Speakers:
  • Elizabeth Dunsmoor
    TPRM Principal, Shared Assessments
    Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.
    View full bio
  • Amyn Sarif
    Sr. Security Manger/ Advisor – Strategy and Risk Management,
    Amyn Sarif is well experienced, knowledgeable and skilled in area of third party risk management (TPRM). In his former role as the Business Information Security Officer (BISO) for M&A, Amyn specialized in elevating the security standards of newly acquired health organizations to align with corporate security programs. He was instrumental in supporting the developing a comprehensive Third Party Risk Management Program and adept at responding to TPRM questionnaires. His extensive work included overseeing SOC2 completions and framework assessments for his entire M&A portfolio. In his current role as a Senior Risk Manager/Adviser, Amyn addresses a broad spectrum of information risk-related issues. He has established himself as a subject matter expert in TPRM, guiding organizations in program development and vendor management. Additionally, he offers critical insights into aligning TPRM with government regulations for cybersecurity and privacy programs.
    View full bio

Episode One: It Isn’t Easy Being Green

The Risk Rundown
The Risk Rundown
Episode One: It Isn’t Easy Being Green
Loading
/

Our host, Elizabeth Dunsmoor, sits down with Becky Brown and Serena John to discuss their personal journeys into Third-Party Risk Management (TPRM). They share their initial experiences, reflecting on the mix of confusion and excitement that marked their early days in the field. You'll gain invaluable insights into the pivotal role of soft skills and prior experiences in mastering the complexities of risk management.

Speakers:
  • Elizabeth Dunsmoor
    TPRM Principal, Shared Assessments
    Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.
    View full bio
  • Becky Brown
    Program Manager for Third Party Risk Management, SEI Investments Company
  • Serena John
    Information Security GRC Analyst,