Dear ISACA Auckland Chapter Members,
The ISACA Auckland Chapter is pleased to announce our next lunchtime virtual event, to be held on the lunchtime from 12:00 PM to 1:00 PM NZST on Monday, 24th March 2025.
Topic:
Fire Side Chat on Risk Management and Third-Party Risk Management
On 24 March 2025, Jock and Chirsto will discuss crucial areas that, while not always in the spotlight, are the backbone of responsible and sustainable operations: Risk Management and Third-Party Risk Management.
Risk Management: A Foundation of Resilience
Risk Management is all about identifying, assessing, and mitigating risks that could affect an organisation's ability to meet its objectives. Risks come in many forms—financial, operational, regulatory, technological, and environmental, just to name a few. Managing these effectively requires a blend of foresight, discipline, and often, courage.
In today’s world, risk is not something to avoid but something to manage. Organizations that excel at risk management are those that understand risk as an opportunity for resilience and growth. It’s about developing a culture where risk awareness is woven into every decision, allowing for not just the protection of assets but also a nimble response to change. In a rapidly evolving landscape, good risk management turns volatility into an opportunity to build strength.
Third-Party Risk Management (TPRM)
Companies increasingly rely on third parties for critical services—be it cloud providers, suppliers, vendors, or partners—the scope of risk extends beyond the walls of any one organisation. This is where Third-Party Risk Management, or TPRM, comes into play. TPRM is a specialised approach to understanding and controlling the risks posed by these external relationships.
In today’s interconnected economy, managing third-party risk means vetting partners not only for their products and services but also for their compliance with regulations, data security practices, and even their own risk management protocols. With third-party risks in mind, companies can better prevent supply chain disruptions, protect sensitive data, and avoid reputational harm. Operations can be outsourced, responsibilities and risks cannot.
During the fireside chat, Jock and Chirsto will review recent global vendor failures, ways vendors negatively affect their clients, the vendor risk types, the components of a TRPM program, and common TPRM program failures.
Speaker:
Christo Ovcharov - President at ISACA New England Chapter
Christo Ovcharov is Director with McKeanMorris where he helps clients improve IT capabilities, security, controls and compliance. Prior to McKeanMorris, he worked at and supported large investment banks, insurance, healthcare, financial services, manufacturing, high-tech, software and retail companies in Boston, New York, Europe and across North and South America. He started his career with Deloitte helping companies implement ERP systems, and with Solvay where he built the IT infrastructure and the team that introduced SAP to four Solvay companies in Bulgaria.
Christo joined ISACA in 2009, obtained his CISA in 2010, and volunteered to serve as Membership and Marketing Director in 2012, EVP in 2017, AVP in 2018 and as President of ISACA New England in 2025.
Jock and Christo met in 2014 and have since worked together on multiple projects supporting the local professional community.
Jockel Carter - Tyler Technologies - Lead Information Security Risk & Compliance Analyst
After a long career in IT Infrastructure, Jock moved into Security and GRC roles starting in 2011. Jock joined ISACA in 2010. Jock is the Lead Information Security Risk & Compliance Analyst. Jock focuses on developing the Tyler Cyber Risk Management program to mature cybersecurity for Tyler Technologies. Jock has been a member of Tyler since coming in with the Sage Data Security acquisition as a Senior Cybersecurity Advisor. Founding President of ISC2 Maine Chapter, Board Member of Secure Maine. Former Board member of InfraGard Maine Chapter.
Bachelor of Science Business, Master of Science Information Technology, CISSP, CIPP/US, PCIP, CISM, CISA,CRISC, CCSP, CDPSE.
Moderator:
Rishad Paul Smartt - Head of Risk & Compliance at the New Zealand Automobile Association, Professional Development Committee Chair & Board Member at ISACA Auckland Chapter
Rishad is the Head of Risk & Compliance at the New Zealand Automobile Association, with over 17 years of experience in risk management and compliance. Previously, he held senior roles at ASB Bank and Westpac New Zealand Limited, leading teams and developing strategies for risk and compliance.
In his current role, Rishad coordinates and presents reports to AA New Zealand's Board Audit & Risk Committee, providing insights and recommendations for sustainable risk and compliance solutions. Committed to coaching and team development, he empowers individuals to achieve their career aspirations and perform at their best.
Additionally, Rishad serves as a Professional Development Committee Chair and a Board Member and APMG Accredited Trainer at ISACA Auckland, delivering training for the Certified Information Systems Auditor (CISA) and Certified Data Privacy Solutions Engineer (CDPSE) certifications.
Venue : Online
Agenda as follows:
Please register through ISACA Auckland Chapter Website by:
A link to the webinar will be shared with all registered attendees. Online constituents can join the event from 10:00 onwards.
Regards,
Abby Zhang
Vice President
ISACA Auckland