Webinar

< Back to all webinars
Industry Leaders

About Our Experts

Colin Whittaker

 Founder & Director at Informed Risk Decisions Ltd
Colin is a leading PCI industry expert with decades of experience shaping global payment security. After retiring from the military, he led security at APACS, served on the PCI SSC Board of Advisors, and influenced major compliance initiatives at Visa Europe. He now provides cybersecurity risk consulting and speaks internationally on security.

Joe Toley

Project Director, R&D Development at Prevalent
Joe specializes in operationalizing and maturing third-party risk management programs. With a background in IT and data security, he translates organizational requirements into actionable plans, leveraging risk management technology to improve program effectiveness, streamline processes, and strengthen overall third-party risk strategies.

Steve Tobias

Lead Client Success Advisor at RiskRecon 
Steve has over two decades of experience in cybersecurity, helping organizations mature their third-party risk and cyber risk programs. His background includes governance, frameworks, and risk management roles, particularly in healthcare. He holds respected industry certifications and works closely with organizations to improve vendor security and overall risk posture.

Paul Asadoorian

Principal Security Evangelist at Eclypsium & founder of Security Weekly
Paul is Principal Security Evangelist at Eclypsium and founder of Security Weekly. With deep experience in penetration testing, vulnerability management, Python development, and security product evaluation, he brings hands-on expertise from roles supporting universities, enterprises, and security vendors. His work continues to influence modern vulnerability and firmware security practices.

Vincent Dour

Senior Manager, Implementation Services at LogicGate
Vincent brings extensive experience in risk and compliance, helping organizations assess, manage, and remediate risks while enhancing controls. He leverages his expertise to design GRC and third-party risk management processes based on industry trends and best practices, enabling organizations to streamline risk operations and improve governance outcomes.

A Deep-Dive into TPRM & NIST Framework Integration

Apr 20 / IT GRC Forum

The NIST Cybersecurity Framework (CSF) remains one of the most widely adopted standards for strengthening cybersecurity and guiding risk management decisions across private and public sector organizations. As supply chain threats grow more sophisticated, understanding how the CSF applies to Third-Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM) is more critical than ever. However, navigating its 5 functions, 23 categories, and 108 subcategories can be overwhelming for teams seeking to identify the controls most relevant to third-party security.


This webinar breaks down the specific NIST CSF controls that support effective third-party information security management and shows how to align your TPRM processes with these requirements. You’ll learn how to prioritize and assess external partners through a structured cyber supply chain risk assessment process, implement continuous monitoring practices to evaluate control effectiveness, and identify gaps that require remediation. We’ll also explore how to measure progress using NIST’s four-tier maturity model to help strengthen resilience across your extended ecosystem.