A CISO Offers Third-Party Risk Management TipsInstaRem's Jagdeep Singh on Essential Steps to Take
An essential component of a vendor risk management program is to understand how an organization's risk posture changes when a new vendor is added - especially if they have subcontractors, says Jagdeep Singh, CISO at InstaRem, a Singapore-based fintech company.
"When we talk about service-level agreements ... it is important to avoid subcontracting to the extent possible," Singh says in an interview with Information Security Media Group.
"Also, it is important to [spell out] the responsibility we share with third-party vendors. It is high time we have NDAs [non-disclosure agreements] with them."
In this interview (see audio link below photo), Singh also discusses:
- Making sure vendors are held accountable for security;
- How to manage fourth- and fifth-party risks;
- Critical aspects of a vendor governance program.
Singh, CISO at InstaRem, which offers money transfers, previously served in the same role at Rakuten India. He has experience in security operations center design and implementation; security roadmap/strategy; incident management; security governance; risk and compliance; security maturity assessments; CISO advisory services; security processes advisory services; business continuity and insider threat programs.