10 Vendor / Third-Party Risk Management
Risk Cypher will support the development of a Vendor Risk / Third-Party Risk Management program as needed and directed by the
Risk Cypher will maintain the availability of resources for the performance of the following activities:
● Operationalization and automation of Third-Party Risk KRIs into the target GRC platform
● Development and enhancement of the current Vendor Risk / Third-Party Risk Management and development of future state program elements (Procedures, controls, templates, methodology)
● Identification, communication, and planning of Vendor Risk / Third-Party Risk assessments across Organization
● Integration of the Vendor Risk / Third-Party Risk Management program elements into the larger GRC and TRM programs (IT Risk and Control Management, Issues Management, 2LOD Oversight, and Monitoring)
In support of the objectives described above, Risk Cypher will also have responsibility for the following deliverables:
● Development of a Vendor Risk / Third-Party Risk Management Standard
● Identify new Vendor Risk / Third-Party Risk Management requirements and target state metric goals for key process owners