Dave is Director of Information Security Governance Risk and Compliance at Iron Mountain and oversees the Global Customer Assurance Program, hosting audits by customers in many heavily regulated verticals. In addition to his role in supporting third party risk assessments he also manages the Security Policy, IT Risk, and GRC Application functions. Dave has a background as a technical security engineer and moved into third party risk almost a decade ago as customer requirements for third party due diligence and security contractual terms became increasingly common.