About the Speaker - Jan Anisimowicz
Experienced senior IT manager with over 20 years of experience in GRC (audit, risk and compliance management), Data warehousing, Business Intelligence, Big Data and data analysis. Broad business and technical perspective in telco, banking, pharma and insurance. A staunch supporter of a pragmatic, lean and cost effective approach to regulatory requirements implementation in the organizations. Active in the space of #FinTech, #InsurTech and #RegTech. Public speaker at international conferences (topics related to IT Security, Risk Management, Compliance, GRC and data privacy).
Involved in the process of analysis and verification of how artificial intelligence could support auditors in the space of IoT, Big Data and dispersed IT environments. Strong supporter of blockchain technology, which in his opinion should be widely used based on Smart Contracts with respect to data privacy principles (Privacy By Design). Active member of international organizations: ISACA (CISM & CRISC certificates), PMI (PMP certificate) and IIA.
Jan graduated Military University of Technology (Msc, Cybernetics), Kozminski University (MBA) and Warsaw School of Economics
Session Description
Vendor Management comprises all of the processes required to manage third-party vendors that deliver services and products to organizations. Significant effort is required from both the institution and the vendor to maximize the benefits received from the service or/and product while simultaneously mitigating associated risks. Having in mind that the scale, scope of services and the complexity of these services increase, the related risks and the importance of effective vendor management should proportionately increase. For example in GDPR, if our data processor will not follow some of the organization compliance requirements and there will be a data breach – the organization will face the risk of paying severe fines (up to 20M Euros).
From the other perspective, based on the different research, 3rd parties seems to be one of the weakest chain in the company security policy. Every day, cyber-related incidents, data breaches occur, involving serious to sometimes critical incidents that may have significant impact the organizations. As a result, organizations have devoted more and more resources to do vendor risk management but still this is mainly manual process. Despite the aforementioned facts, most of the companies knows almost nothing about their vendors but risks mitigation coming from vendors seems to be crucial for majority of organizations.
What can you expect to learn?
• Create vendor risk profiles in his/her organization.
• Create recommended steps to ensure 3rd party compliance.
• Choose the most risky vendors for audit (implemented security controls verification).
• Mitigate risks coming from 3rd parties (including data processors).