Webinar

< Back to all webinars
Industry Leaders

About Our Experts

Colin Whittaker

Founder & Director at Informed Risk Decisions Ltd
Colin is a leading payments security expert with extensive experience shaping global risk strategy. A former PCI SSC Board of Advisors member, he drove major security and compliance initiatives at APACS and Visa Europe. Now an independent consultant, he advises diverse organizations and frequently speaks and publishes on cybersecurity and information risk.

Ed Thomas

Senior Vice President at ProcessUnity
Ed is a seasoned Third-Party Risk Management expert. With deep industry knowledge and practical insights, he helps organizations build efficient, effective risk programs. His guidance empowers businesses to maximize the value of TPRM and strengthen resilience against evolving cyber threats.

Charlie Jones

Director of Product Management at ReversingLabs
Charlie is a recognized expert in software supply chain security, digital trust, and cyber risk. With a decade of consulting experience at PwC, he has shaped cybersecurity, TPRM, and audit programs for major financial institutions. A CSO 30 Award honoree, he actively contributes to global security standards.

Nicholas Geyer

Sr. Product Marketing Manager for Third-Party Management at OneTrust
Nicholas is the Sr. Product Marketing Manager for Third-Party Management at OneTrust. He leads go-to-market strategy and product positioning for TPRM solutions, helping organizations understand evolving vendor risks and adopt data-driven, scalable approaches to building secure third-party ecosystems through modern technology.

Modern TPRM: Strategies for Securely Onboarding Vendor Software

Dec 4 / IT GRC Forum
Enterprises face growing cyber threats from the software supply chain, where attackers exploit malware-laced updates and insecure open-source dependencies. Vendor applications, once trusted, are now a prime target for breaches. A recent Gartner survey on Third Party Risk Management revealed that 83% of cybersecurity professionals discover hidden risks in vendor software only after deployment—underscoring the urgent need for proactive defense.

Traditional approaches to vendor risk management are no longer enough. Organizations must adopt modern strategies to safeguard business operations while maintaining agility. Effective third-party security requires identifying vulnerabilities before purchase, collaborating with vendors to remediate issues, and implementing layered protections to reduce exposure. Continuous monitoring throughout the vendor lifecycle ensures risks are detected early and mitigated quickly.

In this session, expert panelists will discuss why third-party software is inherently risky, practical steps to evaluate vendor applications, proven methods to strengthen vendor partnerships, and best practices for ongoing risk management in today’s evolving cyber landscape.