Trust, but Verify: The Evolution of Vendor Risk Management in Financial Institutions
In recent months, cyber security in Banking and Financial Services has come under intense scrutiny from state and federal regulators, as well as government officials, due to the recent string of high profile security breaches and the subsequent publicity in the media. From the OCC to the Senate Floor, a common issue running through these discussions is Vendor Risk Management (VRM) and whether banks are taking proper steps to manage their information supply chain.
While this topic has long been an area of concern for Financial Institutions, regulators are now looking for banks to do more and provide a higher level of assurance about the security practices of their vendors. But how? With regulators continuously raising the bar, one thing is clear: the vendor reviews of the past will no longer be sufficient in today’s environment.
In this presentation featuring Yusuf Hussain, VP, Vendor Technology Risk at Goldman Sachs and Stephen Boyer, CTO and Cofounder of BitSight Technologies, we will first explore the evolving regulatory landscape regarding Vendor Risk Management, and the practices organizations are adopting to meet these more stringent demands. We will then explain why continuous monitoring of vendor security performance is both critical and achievable, through the use of data-driven, evidence based security ratings, and how this approach has leveled the playing field in vendor management. This session will also include a case study from Goldman Sachs, detailing their own industry-leading practices in VRM and how the use of security performance ratings is allowing them to harden their extended enterprise, transforming the way they select and interact with vendors and suppliers.
Yusuf Hussain, VP, Vendor Technology Risk at Goldman Sachs
Wednesday May 20, 2:15 ET