Organisations are continuing to outsource at pace and engaging third parties for critical business process or technology, including the use of cloud. Sending data or business processes outside the company walls creates a security risk: visibility can be poor, and control is ultimately decreased. On top of this, resources in the security group are stretched thin by an ever-increasing and complex workload, coupled with a shortage of skilled cybersecurity and information security resources.
While businesses invest heavily in securing their own environment, an incident or a breach at a third party puts your data and reputation at risk. Organisations are awake to the need for robust vendor management programs to cover the enterprise, but the information security team has a critical role to play in managing the risks associated with outsourcing processes or technology. Building a robust program to get comfort that your security risks are being managed is fundamental for sound information security and IT risk management.
Ian is a Director with PwC in the Cyber Security & Forensics group. He specialises in Governance Risk and Compliance (GRC) and Third Party Risk Management, and has helped organisations of all sizes and complexity during his career to-date, including a number of the world’s leading financial institutions and technology companies. Based in Dublin, he previously spent a number of years with PwC in Canada.