As the digital health movement continues to shift data to third-party platforms, security and risk teams have been overwhelmed by the tsunami of requests for vendor security risk assessments.
Constraints on human capital and time have never been tighter. Leading organizations are looking for ways to focus their teams on true risk management activities rather than perpetually collecting and formatting risk data.
Information security and risk leaders have turned to services, technology and automation to help keep pace with this unprecedented demand for third-party security assessments. However, the volume and variety of solutions hitting the market has some heads spinning trying to make sense of it all.
In this episode of The CyberPHIx, we speak with Siobhan Hunter, Vice President of Strategic Solutions for CORL Technologies. CORL provides tech-enabled managed services for third-party vendor security risk management for healthcare entities. Highlights of the discussion include:
- Pros and cons of solutions available on the market including GRC platforms, cyber risk scoring, survey automation, third-party risk exchanges, and tech-enabled managed services
- Characteristics of third-party risk program maturity ranging from low-maturity to industry-leading programs
- How to strike the right balance of people, process, and technology to extract value and reduce cost for vendor security programs
- Lessons learned from leading third-party security risk programs inside and outside of healthcare
Siobhan Hunter is the Vice President of Strategic Solutions for CORL Technologies. CORL provides tech-enabled managed services for third-party vendor security risk management for healthcare entities.
Prior to CORL, Siobhan served as the Director of IT Governance, Risk, and Compliance for Blue Cross and Blue Shield of North Carolina where she spearheaded groundbreaking GRC and vendor security risk management programs. Siobhan has also held a range of supply chain executive leadership roles with leading organizations including Blackberry and Celestica Corporation.
At CORL, she is responsible for directing strategic relationships with clients, vendors, and business partners, including cyber risk scoring, GRC and TPRM platforms. She is an acclaimed innovator and is the recipient of the 2019 CSO Award for Third-Party Risk Management, which recognizes initiatives that demonstrate outstanding business value, innovation and thought leadership.