Third-Party Risk Management (TPRM) Program Enhancement
TPRM
VENDOR RISK
GRC
AUTOMATION
SECURITY RATINGS
COMPLIANCE
JAN 20, 2023
Revamped the existing Third-Party Risk Management (TPRM) program to address evolving cyber threats and regulatory requirements.
Developed risk-tiered vendor assessment questionnaires and standardized the due diligence process based on vendor criticality and data access.
Implemented continuous monitoring using security rating services (e.g., SecurityScorecard) and integrated findings into the GRC platform.
Automated vendor onboarding and assessment workflows, reducing manual effort by 50% and improving the consistency of risk evaluations.
Key Outcomes
- Reduced overall third-party risk exposure by 25%.
- Improved vendor assessment completion time by 40%.
- Increased visibility into fourth-party risks through enhanced monitoring.
- Streamlined vendor onboarding and offboarding processes.
Technologies Used
LogicGate
MetricStream
SecurityScorecard
BitSight
Python
RiskRecon