3rd Party Risk Management , Governance & Risk Management , IT Risk Management

A CISO Offers Third-Party Risk Management Tips

InstaRem's Jagdeep Singh on Essential Steps to Take
A CISO Offers Third-Party Risk Management Tips
Jagdeep Singh, CISO at InstaRem

An essential component of a vendor risk management program is to understand how an organization's risk posture changes when a new vendor is added - especially if they have subcontractors, says Jagdeep Singh, CISO at InstaRem, a Singapore-based fintech company.

"When we talk about service-level agreements ... it is important to avoid subcontracting to the extent possible," Singh says in an interview with Information Security Media Group.

"Also, it is important to [spell out] the responsibility we share with third-party vendors. It is high time we have NDAs [non-disclosure agreements] with them."

In this interview (see audio link below photo), Singh also discusses:

  • Making sure vendors are held accountable for security;
  • How to manage fourth- and fifth-party risks;
  • Critical aspects of a vendor governance program.

Singh, CISO at InstaRem, which offers money transfers, previously served in the same role at Rakuten India. He has experience in security operations center design and implementation; security roadmap/strategy; incident management; security governance; risk and compliance; security maturity assessments; CISO advisory services; security processes advisory services; business continuity and insider threat programs.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.