Back to All Events

San Diego Event: Third-Party Risk Panel Discussion

  • Amazon 10300 Campus Point Drive Ste. 200 San Diego, CA, 92121 (map)

Topic: Third-Party Risk Panel Discussion

Description: Third-party risk remains a core governance challenge for most organizations. Regulations including HIPAA-HITECH, the EU's GDPR, GLBA, among others require organizations to appropriately evaluate the risk of service providers and other third-parties.

Unfortunately, current third-party risk management practices rarely scale and require new approaches. Our panelists bring a broad, multi-disciplinary/multi-industry perspective on how to re-think third-party risk. Some of the questions that will be addressed during this moderated discussion include:

  1. Value of standardized questionnaires and on-boarding process for third parties

  2. Value of independent audits and assessments - e.g., SSAE18, SOC 2, PCI DSS, ISO, etc. and their role in third-party risk management

  3. Onsite Risk Assessments - how to effectively plan and execute

  4. Ongoing monitoring - tools and processes

  5. Contracting with third parties

  6. Termination of relationships and data decommissioning


Jonas Hagman, Information Security Director at Visa
Jonas Hagman is an Information Security compliance professional with extensive IT risk and controls experience from Visa and KPMG. He has led the Cybersecurity Third Party Technology Risk team at Visa for the past 5 years responsible for information security assessments of vendors, partners and joint ventures both remotely and onsite. Prior to this role he has functioned in various compliance and IT Risk roles at Visa including PCI DSS Readiness and Advisory, SOX and Internal Audit.

Cyrus Bulsara, Chief Information Security Officer at Scripps Health
Cyrus has 15 years experience in information security operations and risk management. He began his career in KPMG’s IT risk advisory services practice with a strong focus on security GRC, pivoting to security operations in private industry over time. He enjoys the opportunity to leverage the breadth of his experience in his current role as CISO of Scripps Health. He is the executive accountable for all aspects of Scripps’ security posture, including GRC, SOC, vulnerability management, Red/Blue Team, engineering/architecture, and data governance.

Kory Klein, Director in Global IT Audit, Risk and Control Department at Sony Corporation
Kory is an information technology audit and security professional with over 15 years of consulting and industry experience with KPMG and Sony Corporation.  He is experienced with assessing and auditing all aspects of information/cyber security, including third-parties.  More recently, he is researching and experimenting with non-traditional approaches to assessing information/cyber security risk and compliance.

Moderator: Matt Stamper, MPIA, MS, CISA, CISM, CIPP/US, ITIL

Matt is the president of the San Diego ISACA chapter and a member of the San Diego CISO Roundtable. Matt Stamper is also the co-sector chief for the communications sector for the San Diego chapter of InfraGard. Matt is a CISO at EVOTEK and a former research director with Gartner where his research covered incident response, breach and attack simulation, security program design, the cybersecurity skills challenge, and IT risk management. Matt is the co-author of the CISO Desk Reference Guide (Volumes 1 & 2).