In this insightful episode, Lucas Hathaway, CRO @ Rivial Security takes listeners through the essential steps of maturing a third-party risk management program, with a special focus on cybersecurity reviews and vendor due diligence. Discover why regulators like the NCUA and FDIC are zeroing in on third-party risks and learn proven strategies for onboarding, classifying, and assessing vendors. Lucas Hathaway, CRO @ Rivial Security shares valuable stories from the field (including lessons learned from recent breaches), explains how to utilize questionnaires and SOC reports effectively, and offers practical tips for ongoing monitoring, incident response, and complementary user entity control (CUEC) testing. With actionable frameworks, relatable anecdotes, and free resources, this episode is a must-listen for financial institutions, security leaders, and anyone navigating the complexities of third-party vendor management.
