TRENDING:

3rd Party Risk Management , Governance & Risk Management , IT Risk Management

A CISO Offers Third-Party Risk Management Tips

InstaRem's Jagdeep Singh on Essential Steps to Take Suparna Goswami (gsuparna) • June 14, 2019     10 Minutes   
A CISO Offers Third-Party Risk Management Tips
Jagdeep Singh, CISO at InstaRem

An essential component of a vendor risk management program is to understand how an organization's risk posture changes when a new vendor is added - especially if they have subcontractors, says Jagdeep Singh, CISO at InstaRem, a Singapore-based fintech company.

"When we talk about service-level agreements ... it is important to avoid subcontracting to the extent possible," Singh says in an interview with Information Security Media Group.

"Also, it is important to [spell out] the responsibility we share with third-party vendors. It is high time we have NDAs [non-disclosure agreements] with them."

In this interview (see audio link below photo), Singh also discusses:

  • Making sure vendors are held accountable for security;
  • How to manage fourth- and fifth-party risks;
  • Critical aspects of a vendor governance program.

Singh, CISO at InstaRem, which offers money transfers, previously served in the same role at Rakuten India. He has experience in security operations center design and implementation; security roadmap/strategy; incident management; security governance; risk and compliance; security maturity assessments; CISO advisory services; security processes advisory services; business continuity and insider threat programs.

Previous
Analysis: The Cybersecurity Risks Major Corporations Face
Next
Identity as a Game-Changing Breach Defense



Around the Network

Securing the SaaS Layer
Securing the SaaS Layer
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.