| |||||
| |||||
Search Irongeek.com: ![]() ![]()
Help Irongeek.com pay for bandwidth and research equipment: |
An entire business can be put at risk with the simple click of a button. Speed is often considered the priority when an organization realizes a third party can offer value through increased sales, increased throughput or decreased operational expense. However, the failure to properly vet your third party relationships can have serious consequences for your business and your customers.Establishing a mature third party information risk assessment process is neither easy, nor a one-time event. This program uses a combination of effective policies and procedures, IT security control frameworks as part of the vendor risk assessment questionnaire, vendor management platform, automation, risk scoring, and working with business partners to facilitate an understanding of risks. This presentation will cover a more thorough examination into the lifecycle of a 3rd party vendor, with the focus on cyber security. We will also take a look into lessons learned with techniques that didn't quite hit the mark on improving the program. Rose is the program lead for Third Party Management at DICK’S Sporting Goods. Within
this program she is responsible for conducting data, IT security, and compliance risk assessments on
non-merchandise third party vendors, communicating risk with business stakeholders, and establishing a
scoring methodology that accurately determines risk associated with vendors.
Rose has a diverse IT and Security background spanning over twelve years’ in network security and administration, enterprise and
vendor risk management, and security awareness program development and implementation. She
brings over 8 years of experience from her time spent in the Navy as an Information System Technician.
Rose also has her M.S. in Cyber Security and Information Assurance and a B.S. in Advanced Networking.
Her industry experience spans health care, federal government, and retail.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast