In recent years, financial institutions
have seen a significant amount of new guidance on third party
risk management and new terms coined such as Fourth Party
Management.
FFIEC Cybersecurity Assessments Tool
(CAT) encourages financial institutions to expand questioning
around third party risk management practices and suggests more
rigorous oversight. The FFIEC coined the term “External
Dependencies” in CAT guidance.
This expands requirements beyond vendors
to include any third-party relationship, including customers.
Regulators also suggest that the FFIEC CAT can be leveraged
against Third Parties; not just financial institutions.
In addition to the FFIEC, the OCC has
issued additional guidance for examiners when reviewing third
party management programs. We will explore best practices for
Vendor Management, Third Party Risk Management, Fourth Party
Management and Customer Risk Management.
Covered Topics:
- Overview of industry breaches
- New regulatory expectations
- Risk Management practices for selecting new
products/services
- Risk Management of existing relationships
- Third Party and Fourth Party Management concepts
- SOC 2 Reports and how to get value
- Integration of customers into management program
- Lessons learned from failed management programs
Who Should Attend?
Information Security Officer, IT Manager, Risk
Officer, Internal Auditor, CFO, and Executives looking to
understand the risk around Third Party Management.
Instructor
Jon Waldman is a co-founder and Senior Information
Security Consultant for SBS CyberSecurity, LLC, a premier
cybersecurity consulting and audit firm dedicated to making a positive
impact on the banking and financial services industry.
He maintains his CISA and CRISC certifications and received his
Bachelor of Science in Computer Information Systems and his Master of
Science in Information Assurance with an emphasis in Banking and
Finance Security from Dakota State University.
Over the last ten years Jon has helped hundreds of financial
institutions across the country create and implement comprehensive,
valuable, and manageable Information Security Programs. He also
conducts webinars and certification programs for the SBS Institute.
|