3rd Party Risk Management , Governance & Risk Management , Leadership & Executive Communication
Mastering Stakeholder Comms: How to Get Buy-In From the Top
Experts to Host a Deep Dive Into Third-Party Risk Strategies at ISMG Engage ChicagoSecurity leaders need to bridge the gap between security concerns and business outcomes to ensure everyone plays an active role in third-party risk management. But effectively communicating that risk comes down to knowing your audience - from employees to the board - and speaking their language, said Caitlin Gruenberg, director and risk solutions engineer at CyberGRX.
See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities
Gruenberg and Matanda Doss, executive director of cybersecurity and technology controls at JPMorgan Chase & Co., will host a Deep Dive session on how to master the message of TPRM success on Tuesday, June 13, at ISMG's Engage Chicago event. For example, the board and C-suite want to know cost and reputation implications. Security teams need to understand the connection between security and business continuity, and employees need something tangible to relate to, she said.
"Having stakeholder buy-in is really the foundation of success for any third-party risk management program," Gruenberg said. "In any enterprise, you have different business units operating under different functionalities, using different tools, but for third-party risk management, this is an enterprise issue. The buy-in has to come from the top."
In this video preview of the upcoming ISMG Engage session in Chicago, Gruenberg discussed:
- Understanding the metrics needed to communicate TPRM risks and potential costs;
- How to relate to various stakeholders including the board, C-level, security professionals and frontline employees;
- The value of data analytics in measuring third-party risks.
Gruenberg is a third-party risk professional with over a decade of privacy and cybersecurity experience in government, retail and financial industries. She is a Certified Information Privacy Professional and a Certified Data Privacy Solutions Engineer.
Register for ISMG Engage