- 12:00-12:10 Chapter Business
- 12:10-2:00 Speaker: Raising the Bar on Third Party Risk Management
- Raise functional level
- Become fluid - as being flexible is too rigid!
- Become a "Value Add" partner
Speakers: Tom Garrubba & Dan Desko
Tom Garrubba, Director of TPRM Professional Services, Echelon Risk and Cyber
Tom Garrubba, Director of TPRM Professional Services at Echelon Risk and Cyber, is an internationally recognized thought leader, lecturer, commentator and blogger on business, cyber and privacy risk. With his more than 20 years’ experience in cyber, privacy, audit and compliance, and consulting, he’s provided thought leadership to organizations of all sizes and for countless industry outlets including Forbes, Bloomberg, The Washington Times, SC Magazine, Corporate Compliance Insights, Risk.net, CIO Magazine, Government Health IT, Future of Outsourcing Magazine, and ISACA. He’s authored the chapter on Third Party Risk for the Risk.net book “Cyber Risk” and has been featured on numerous podcasts including Business Security Weekly and the Virtual CISO Podcast. He is also an instructor for the Shared Assessments’ Certified Third Party Risk Professional (CTPRP) and Assessor (CTPRA) programs.
Previously, Tom was a Vice President at Shared Assessments where he was both a SME and their CISO. He was also a Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party/vendor risk program. He is a member of the Forbes Technology Council and the InfraGard – Pittsburgh chapter. He also serves on the Board of Directors for the Pennsylvania-based non-profit, Pathways and serves as a 1st Lieutenant in the US Civil Air Patrol. He has earned both his BS and MS and Robert Morris University and holds the following certifications - Certified Information Systems Auditor (CISA), Certified in Risk & Information Systems Controls (CRISC), Certified Information Privacy Technologist (CIPT), Certified Third-Party Risk Professional (CTPRP), and the Certified Third-Party Risk Assessor (CTPRA).
Dan Desko, CEO & Managing Partner Echelon
Dan is the CEO & Managing Partner at Echelon. He has nearly 20 years of experience within information technology, audit, risk and cybersecurity. Prior to Dan’s career in audit and cyber security, he worked in the technology departments of a Fortune 150 manufacturer and a Fortune 50 healthcare insurance provider. Prior to joining Echelon, Dan was a partner at a top 60 public accounting firm in the United States, where he led and built an IT Risk Advisory and cybersecurity practice from 4 employees to 40. Dan has a long track record building capable teams and establishing and offering new and innovative lines of professional services to meet the unique needs of his clients.
Dan has experience providing internal audit co/outsourcing and security consulting services across various industries. Services he has provided include Sarbanes-Oxley 404 control design and testing, SSAE 18 (SOC 1), (SOC 2 & 3 including SOC 2+) control design/testing/report development, vendor risk management consulting (SIG, AUP and VRMMM), general computer control development and testing, IT risk assessment/analysis, information security program development, network security assessments, internal and external network penetration assessments, information systems general control reviews, information security and privacy assessments (GLBA, HIPAA, ISO 27001, FFIEC cyber security, CMMC, GDPR and NIST), PCI-DSS compliance services, data analysis, business continuity and disaster recovery plan development and testing.