Third-Party Risk Management from the Trenches w/ Blake, McKenna and Kristi

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/6e/41/d8/6e41d8e8-60a1-2cfa-dbe0-4fe8872a8f1d/mza_11900190343883545400.jpg/600x600bb.jpg

GRC Engineer

Ayoub Fandi

19 episodes

2 weeks ago

The podcast for practitioners applying systems thinking and engineering principles to GRC. We speak with GRC leaders, security engineers and practitioners transforming legacy GRC through automation, orchestration, and architectural thinking. Learn how to design scalable systems, build better workflows and solve coordination challenges. GRC Engineering works everywhere: from spreadsheets to enterprise platforms, AI startups to Fortune 500s. It also works for you! Hosted by Ayoub Fandi, founder of GRC Engineer, co-author of the GRC Engineering manifesto and leading GRC Engineering at GitLab.

Technology

RSS

All content for GRC Engineer is the property of Ayoub Fandi and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/39449802/39449802-1747765392964-d7e97fb968ff9.jpg

Third-Party Risk Management from the Trenches w/ Blake, McKenna and Kristi | Experts Panel

GRC Engineer

1 hour 7 minutes 2 seconds

7 months ago

Third-Party Risk Management from the Trenches w/ Blake, McKenna and Kristi | Experts Panel

In this premiere episode of the GRC Engineering Podcast Experts Panel, host Ayoub Fandi brings together three seasoned Third-Party Risk Management (TPRM) practitioners to discuss the real-world challenges and innovations in vendor security assessment.Our expert panelists:McKenna Yeakey (Netflix) - TPRM professional with previous experience at Splunk and SamsaraKristi Hoffmaster - TPRM practitioner with experience at OktaBlake Hoge (Airbnb) - TPRM professional with previous experiences at Instacart and SalesforceThey dive deep into the practical realities of TPRM, exploring:How to optimise questionnaires for different vendor risk tiersStrategies for balancing speed and thoroughness in assessmentsThe evolving value of SOC 2 and other third-party attestationsTrust Centres: genuine security resources or marketing tools?Security scoring platforms: their benefits and limitationsHow SaaS security tools can enhance TPRM programsReal-world stories from thousands of vendor assessmentsWhether you're a security professional, TPRM practitioner, or interested in understanding how companies evaluate their vendors, this episode provides valuable insights into how leading companies like Netflix and Airbnb approach third-party risk.Subscribe to the GRC Engineering Podcast for more expert discussions on governance, risk, and compliance engineering.00:00 - Introduction to the Experts Panel03:20 - Questionnaire optimisation approaches11:00 - Risk-based vendor tiering strategies18:00 - Balancing speed and thoroughness in assessments26:45 - Netflix's way of integrating TPRM30:05 - Declining value of certification and attestations37:30 - Trust Centres: helpful or just marketing?44:30 - Security scoring platforms: useful signals or noise?49:40 - Kristi pulls a reverse UNO card and asks Ayoub about TPRM disruptions52:45 - SaaS Security tools for TPRM programs58:25 - Interesting vendor assessment stories01:05:00 - Closing thoughts on TPRM's value#TPRM #VendorSecurity #RiskManagement #GRCEngineering #SupplyChainSecurity