operational risk

Guest: John Sapp , VP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]

On Linkedin | https://www.linkedin.com/in/johnbsappjr/

On Twitter | https://www.twitter.com/czarofcyber

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of Redefining Cybersecurity, hosted by Sean Martin, listeners are invited to explore the complex landscape of cyber risk governance. John Sapp, a seasoned professional in risk management, emphasizes the importance of defining cyber risk from the perspective of various executives. The CIO, CFO, COO, and general counsel each own different aspects of risk within an organization, and understanding their perspectives is key to effective risk management.

The conversation takes an intriguing turn as John introduces the concept of approaching cyber risk governance as a product. This involves understanding the desired outcomes, defining the requirements, and creating personas for different stakeholders. The aim is to develop a common pane of glass, a unified perspective through which each persona can access near real-time information to make informed decisions.

John also underscores the importance of presenting information to various stakeholders, including the board and cyber insurance carriers, in a way that demonstrates the strength of the organization's cyber risk program. This approach has tangible benefits, such as a reduction in cyber insurance premiums based on the strength of the cyber risk program.

The episode concludes with a discussion on the importance of collective decision-making in managing cyber risk. John emphasizes that it's not about presenting some information and giving somebody responsibility to make a decision, but rather about presenting information in different ways to all the different personas to spur a conversation so that the team can determine the best path forward.

This episode is a must-listen for anyone interested in understanding how to approach cyber risk governance in a way that is both effective and efficient. It provides valuable insights into how to manage risk in an ever-evolving digital world.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: John Sapp , VP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]

On Linkedin | https://www.linkedin.com/in/johnbsappjr/

On Twitter | https://www.twitter.com/czarofcyber

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of Redefining Cybersecurity, hosted by Sean Martin, listeners are invited to explore the complex landscape of cyber risk governance. John Sapp, a seasoned professional in risk management, emphasizes the importance of defining cyber risk from the perspective of various executives. The CIO, CFO, COO, and general counsel each own different aspects of risk within an organization, and understanding their perspectives is key to effective risk management.

The conversation takes an intriguing turn as John introduces the concept of approaching cyber risk governance as a product. This involves understanding the desired outcomes, defining the requirements, and creating personas for different stakeholders. The aim is to develop a common pane of glass, a unified perspective through which each persona can access near real-time information to make informed decisions.

John also underscores the importance of presenting information to various stakeholders, including the board and cyber insurance carriers, in a way that demonstrates the strength of the organization's cyber risk program. This approach has tangible benefits, such as a reduction in cyber insurance premiums based on the strength of the cyber risk program.

The episode concludes with a discussion on the importance of collective decision-making in managing cyber risk. John emphasizes that it's not about presenting some information and giving somebody responsibility to make a decision, but rather about presenting information in different ways to all the different personas to spur a conversation so that the team can determine the best path forward.

This episode is a must-listen for anyone interested in understanding how to approach cyber risk governance in a way that is both effective and efficient. It provides valuable insights into how to manage risk in an ever-evolving digital world.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guy Warren, CEO, ITRS

The financial services sector is witnessing a ‘great wealth transfer’ as funds and assets move down the generations to millennials and Gen Z, bringing heightened expectations.  The two groups have higher expectations for customer service and are tech-savvy. Banks and financial institutions need to have ‘bullet-proof’ operating systems in place, according to Guy Warren, CEO of performance monitoring solutions provider ITRS. He tells Robin Amlôt of IBS Intelligence that the role of technology in meeting these generations’ expectations when it comes to wealth management will be key.

This episode features Mike Anderson leading a roundtable discussion with Ilona Simpson, Chief Information Officer EMEA at Netskope and David Fairman, Chief Information & Chief Security Officer APAC at Netskope.

In this episode, Ilona and David share their predictions and resolutions for cybersecurity in 2023. You’ll hear predictions about the industrial metaverse, confidential computing, quantified risk reduction plans, and convergence of priorities for security teams.

-----------------

“If you think about cybersecurity, we are just a subset of a broader operational risk. Operational risk actually has a much better approach or a little bit more maturity in being able to quantify operational risk in the organization. CISOs need to be able to stand toe-to-toe and be able to have a discussion at parity in regards to risk buydown for this subset of operational risk. And that's really where we are. I think as an industry, as a practice, as a profession, we need to get much smarter at figuring out how do we make this a much more quantitative conversation.” – David Fairman

-----------------

Episode Timestamps:

*(02:47) - Prediction & Resolution: The Industrial Metaverse

*(12:23) - Prediction & Resolution: Confidential Computing 

*(17:54) - Prediction & Resolution: Quantified Risk Reduction Plans

*(25:27) - Prediction & Resolution: Convergence of Priorities as a Result of Transformation

*(30:38) - Mike’s Prediction: Vendor Consolidation

-----------------

Links:

Connect with Ilona on LinkedIn

Connect with David on LinkedIn

Connect with Mike Anderson LinkedIn

www.netskope.com

Business today is a complex web of third-party relationships, and risks of disruption from these third parties are increasing in frequency and severity.
 
Problem: Most enterprises follow a siloed approach with assessments of a few risks

•  Data collected at a point in time is quickly stale – fails to present a current view of risk
•  Usually limited to financial and cyber (often lagging indicators of trouble) – fails to present a comprehensive view of risk
•  Siloed approach – fails to provide an enterprise-wide view of risk

All of which leaves organizations unable to prevent third-party and supply chain disruptions.

Solution: Real-time full-spectrum third-party risk intelligence

• Real-time intelligence provides an early warning – to enable effective proactive risk mitigation actions
• Full-spectrum coverage brings any leading indicators to your attention – to enable focus on most today’s most critical risks

In this CRO Wisdom discussion, risk leaders Atul Vashistha, CEO, Supply Wisdom, and Debra Zoppy-Hendershott, Head of TPRM & Op Risk Business Resiliency, Guardian Life and Mike Rasmussen, GRC Pundit & Analyst, GRC 20/20 Research talk about the integration of continuous, full-spectrum risk intelligence into existing third-party risk/GRC architecture  can deliver the continuous 360° situational awareness enterprise resilience requires today.

 This episode of CRO Wisdom features Linda Tuck Chapman, CEO, Third Party Risk Institute. In this episode hosted by Atul Vashistha, Chairman, Supply Wisdom, Linda speaks about her career trajectory from procurement to third party risk at Scotia Bank and how the function was all about compliance and regulatory reporting in the 2000s. 

Linda discusses her entrepreneurial journey and raising awareness about the importance of third party risk in the board at banks. She talks about her two books on the subject and why one of them is written for auditors. Listen to her on why she believes the Covid pandemic has fundamentally changed the landscape for third party risk and its role in resilience and why continuous monitoring needs solutions that can prevent risk teams from being bombarded with negative news alerts. 

This episode of CRO Wisdom features Paul Milkman, CISO, Operational and Technology Risk Leader, CIT.  In this episode hosted by Atul Vashistha, Chairman, Supply Wisdom, Paul speaks about how he landed into risk from his time at Xerox in the 90s and later in Fannie Mae. 

Paul discusses the importance of operational risk and why it is particularly relevant when every financial institution works with technology and operational partners who handle data and money. He shares his thinking around what is important in third-party risk isn't  very different from the risk within the enterprise and why there is more to risk than just cyber risk and ransomware.

This episode of CRO Wisdom features Yakut Akman, Risk Leader. Yakut Akman was Chief Third Party Management Officer at Citi till 2019, following long stints at Deutsche Bank and Citi across the world. In this episode hosted by John Bree, Chief Evangelist & Chief Risk Officer, Supply Wisdom, Yakut talks about her long career in internal audit and risk management.  

Yakut discusses the importance of a risk culture within organizations and why it's essential for risk management to not be reactive. She shares her views on best practices for incorporating continuous monitoring and why the business must be part of the solution for risk.

This episode of CRO Wisdom features Victor Meyer, COO, Supply Wisdom. In this episode hosted by John Bree, Chief Risk Officer and Chief Evangelist, Supply Wisdom, Victor talks about his long career in the Navy as a SEAL and how he naturally transitioned into Non-Financial Risk from there. 

Victor talks about his extensive risk experience at Deutsche Bank and the risk component in recent issues such as the Archegos fallout. Victor points out why third-party non-financial risk is the new cybersecurity risk and why risk practitioners must apply the same rigor to monitoring third parties in their supply chains as they would to internal governance and controls. He makes a case for monitoring risk across a wide risk aperture to ensure resilience.

This episode of CRO Wisdom features Renee Forney, Senior Director, Azure Hardware Systems & Infrastructure Security, Microsoft. In this episode hosted by Atul Vashistha, Chairman, Supply Wisdom, Renee talks about her career trajectory from programming and network administration to her current leadership role in cybersecurity and risk management. 

Renee discusses why a multi-layered approach to risk management that goes beyond one-time risk assessments is essential to effectively build resilience. She shares the importance of continuous monitoring and OSINT to enterprise risk programs and her own lessons incorporating experts from government and military services to build effective risk programs. Don't miss her insight into why ethics in the workforce is one of the least understood areas of risk, especially in a world where engineers wield enormous influence. 

Get in Touch

Have questions or comments? You can email us at experts at promontory dot com, or follow us on LinkedIn and Twitter (@PromontoryFG).

Like this podcast? Be sure to rate us on Apple Podcasts.

Episode Credits

Many thanks to everyone at Promontory and IBM who contributed to this episode. 

• Producer: Gloria Shin
• Guest Host: Josh Romano
• Subject-matter Experts/Guests: Miles Ravitz and Stephen Mills
• Script Writers: Miles Ravitz and Stephen Mills
• Script Editor: Sophie Hanrahan
• Audio Engineer: Dan Tannor
• Audio Editor: Rob Grable
• Audio Team Production Manager: Marisela Riveros
• “The Point” Logo Design: Susan Meyer

At the heart of effective risk management is the ability to manage tail events, and the COVID-19 pandemic is raising some quite profound questions for risk practitioners in the life insurance industry. On this episode of Critical Point, Milliman consultants Anthony Dardis, Ariel Weiss, and Chloe Lau discuss enterprise risk management and emerging issues that life insurers may need to confront in the face of the global pandemic, including stress testing and operational risk.
You can read the episode transcript on our website.

Welcome to SpheraNow, the official podcast of Sphera Solutions.

In this series, Sphera’s experts in the areas of Environmental Performance, Operational Risk and Product Stewardship will offer thought-provoking and insightful discussions on key Integrated Risk Management topics that have major implications for large and small companies around the world.

SpheraNow is designed to give environmental leaders, risk managers, health and safety professionals, quality managers and corporate stakeholders the information they need to help keep their workforces safe, their products sustainable and their operations productive.

These episodes will address the most relevant topics affecting all major industries, including Oil & Gas, Chemicals, Life Sciences and many more.

You can find the latest episode on iTunes, Google Play and Stitcher. If you have an idea for a topic you’d like us to address, please visit sphera.com and click the Contact Us button. We hope you enjoy the SpheraNow podcast series. Let’s get started; we have a lot to talk about.