Nearly every business depends on external parties, vendors, supplies, or partners to deliver a product or service to the customer. For large companies and certain industries, the number of third party relationships can grow into the thousands. Each third party requires access to different types and levels of information to meet the business’ needs. As the volume and complexity of these business relationships grow, so too does the expectation that management will appropriately manage the evolving risks. Simply managing third party service levels alone may miss the risk of legal, operational, financial, regulatory, and information security disasters.
The resulting challenge is to understand the risks that result from these third party relationships, and to be prepared to manage that risk throughout the life cycle of the relationship with the third party.
This presentation will provide an overview of the business risks associated with third party business relationships, take a deep dive into the Information Security elements, and provide both key questions and best practices to consider for your business.
- Overview of major third party risks to the business.
- Detailed review of Information Security risks for third party management.
- Key questions and best practices for managing third party risk.
About Jesse Masloski
Jesse has over 13 years of experience delivering solutions across industries in IT security, strategy, risk, governance, and process improvement. He is currently responsible for the IT Consulting practice of Protiviti in the Minneapolis market, and previously worked with PwC Minneapolis and Janus Capital Group in Denver. Recent Fortune 500 client projects have included deployment of IT risk management frameworks based in COBIT and ISO27000, design and deployment of new vendor risk management departments, and rebuilding an IT audit department to better focus on delivering strategic value, tangible ROI, and guiding the IT control environment to best in class maturity. Jesse graduated from U of Notre Dame, has his MBA from U of Denver, and is a CISSP, CRISC, and CRMA.