Specializing in third party risk management. Yay or nay for the future?

like
Posting as :
works at
You are currently posting as works at

It's certainly a highly relevant topic. But honestly I think it would be boring AF after the first couple of months. Same old vendor assessments day in day out. Hard to then broaden back out as well.

like

Yay

like

Most likely this will be an evergreen field at least for some time, with organizations leveraging more and more third parties. However many organizations are moving towards using a lot of real-time security risk score providers, so it kind of reduces the scope for ongoing detailed assessments a lot. In summary, good chances of progress overall, but lookout for the drivers of disruption/ change!

likehelpful

Yes, but mainly with new technologies for continuous monitoring, automation and vulnerability tracking like security scorecard, bit sight and tools like that

like

Third party risk is the future, it's the highest risk

like

EM1s comment is still valid, it depends on the size of the org. You may be the only TPRM employees managing dozens of vendors. Or you could be one of many employees managing thousands of vendors for a global organization. Either way work for years.

like

1000 % yes.

like

Question is what is your end goal? If it’s ciso will focusing on tprm going to help you? I think it’s where you are in terms of yoe and then seeing how you need to position yourself for the future.

like

TPRM helps but experience of wider risk management (get), strategy and a good view of technology. None of the cisos I know ran a soc directly. Just make sure you don’t become a specialist that then limits your ability to go broader as you progress.

like

TPR is something you must know if you are in the risk area however you cannot build a long term career on this skill alone unless you have a JD. I know a few in the industry who only do TPR and they struggle to find another role outside of their current organization.

like

I think I should have given a little more context. This is for a move to the industry and not in consulting/services. TIA

Focused in Vendor Mgmt (eg from sourcing, contract, etc) or purely assessment point of view?

Related Posts

Looking for PwC ,Apple, Google referral for project manager position or Data Analytics role?

*Judge after instructing several attorneys suit and tie are required even for zoom hearings*

“Wow is there a shortage of ties going on or what”

funnylike

Hi guys, referral available for following profiles @Cognizant. DM me for referral

Post Photo

Best blazer/suit jacket brands for men? For when we can eventually travel outside of the home office.

like

Any MMORPG fan?

like

“Has nothing to do with numbers”…. Proceeds to mention the same number twice and adding an extra 10,000

Post Photo
likefunny

Does anyone know about viatris/mylan banglore. How good are they are pay and how is wlb

like

Hi ! How are you doing ? My name‘s Chris and I work in the compliance department at Deutsche Hypothekenbank in Hannover, Germany. I‘m looking for professionals who are passionate about capital markets

like

I have accepted an offer for bangalore location .. what is the chance of getting the base location changed to Mumbai .. during interview they specifically said it is for bangalore location only and I agreed to it.
Would it be okay to discuss this before joining.

like

What to buy what to buy. Everything on fire sale

like

Interviewing in the Cloud Economics org at Amazon. Can anyone shed lights on what type of questions to expect during the HM level interview? This would be my first time speaking to the HM after the headhunter call.

DWAC. Be on the lookout with all the Spotify/Joe Rohan drama. If Spotify drops Joe, it will be the new liberal media outlet and a setup for DWAC to launch as a conservative media platform. I’m in it for a quick flip personally. GL.

likefunny

I can refer you in Natwest . DM if you like .

First year here, what to expect food/drinks for firm holiday party?

like

Seems like I can never get good redemption rates with Bonvoy points and after a year haven’t been able to use much. Saw that you can sell 100k points on eBay for about $700 after fees...worth it?

helpful

I cleared all my rounds for 2.2 level and shared all my documents on the link HR shared. It's been two weeks and the offer letter is not generated. The HR keeps telling me to wait until Friday and then postpones to next week. Can anyone help me understand this?

like
like

Anyone else in “I’ll do my job description and nothing more” mode? I’ve gone above and beyond for my company for a while, and all I got was my quarterly bonuses and remote work taken away without explanation. Owner says he wants more “team building” from his florida mansion (we’re in the northeast). Half the company remote, half the company in the office with 0 explanation why. You want us cracking new accounts? Banging out 100 calls a day? PAY US ACCORDINGLY. Don’t piss on us and call it rain

like

Here’s to hoping the start of the new Serena Lincoln navigator ad is the end of the Mathew mcconaughey Lincoln Navigator ads

likefunny

Additional Posts in Cyber Security Bowl

What is the expectation for new manager salary within IAM? Currently at 90k west

Has anyone here made the “homegrown” climb to big4 cyber partner?

like

Anyone else following the the recent resurgence of Anonymous and other protest-related threat intel? The speed at which the threat actor(s) were able to compromise the Minneapolis PD database then dump the creds online only proves how unprepared our state and local governments are regarding information security.

like

Is there anyone here that does cybersec for industrial control systems? Without an engineering background, how can I master this area? I have 12 years in cyber security but in financial services.

like

If you got the interview through a headhunter and you get the job, how does the headhunter get paid? Do they get a cut of what they are offering me(meaning is it built into my offer)?

like

I recently had a 3rd interview with the manager for a HITRUST consultant position. HR followed up & said “I am the top candidate” but they aren’t hiring an associate level until either February, March, or April…

I am struggling to find associate consulting positions in Chicago. I am actively looking via LinkedIn & company websites multiple times per week. If you know of an open associate position could you DM me? I have the security+ if that helps.

Thanks!!

like

Anyone here have any insights on Mandiant? Work, compensation, culture? Red team or threat intelligence stronger there?

like

Using ChatGPT to study for tests! Hilarious - if I get a question wrong, see what ChatGPT says and it often agrees with me 😂😂

likefunny

How is Deloitte security consulting compared to accenture? Tempted for a move. They have so many more benefits like more pto days and allowances.

like
like

Does anyone have a log in for mdsec.net vulnerability labs? Trying to practice using them but looks like they are no longer giving them out...

Any malware reverse engineers looking for opportunities (with hi-profile Finance industry org), i was contacted by a recruiter -- doesn't fit my profile but happy to pass along the name.

I’m torn between opportunities. A threat intel analyst role vs. a cyber strategy / advisory role (more executive-level engagements like maturity assessments, wargaming). I understand how different these are, just interested to hear other takes of pros/cons for each including career trajectory and industry trends. TIA!

like

Curious. Is anyone here from Microsoft? Would like to talk to you.

likefunny

Anyone with clearance and wants referral to Deloitte, DM me. Salaries starting 160k+

like

People in IAM space what kind of positions are there for us in the industry and when do you think is the best time to switch to industry job?

Any recommended study material for CIPP and/or CIPM (still debating the two)?

Going for a Junior Sec Engg Position at Deutche Borse Group Based in Czech Republic: Finalised a range 65-75K CZK for about 1YOE (in current), based on market research.

Any opinions on the range?

like

How can I transition from cyber strategy, GRC to incident response? There seems to be numerous opportunities in incident response currently while look interesting. Thanks in advance!

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Send download link to your phone

OR

Scan your QR code to download
Fishbowl app on your mobile

By continuing you agree to Terms of Use and Privacy Policy.

Messaging rates may apply

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal