top of page

Tom Garrubba

Director | Echelon Risk + Cyber

Tom Garrubba is an internationally recognized thought leader, lecturer, commentator and blogger on business, cyber, and privacy risk. With his more than 20 years’ experience in cyber, privacy, audit, compliance, and consulting, he’s provided thought leadership to organizations of all sizes and for countless industry outlets including Forbes, The Washington Times, Bloomberg, SC Magazine, Corporate Compliance Insights,, CIO Magazine, Government Health IT, Future of Outsourcing Magazine, and ISACA. He’s authored the chapter on Third Party Risk for the book “Cyber Risk” and has been featured on numerous podcasts including Business Security Weekly and the Virtual CISO Podcast. He is host of “TPRM Tidbits”, a weekly LinkedIn podcast focusing on current TPRM topics, and is in an instructor for such third party risk management certifications as the CTPRP and the CTPRA.

Previously, Tom was a subject matter expert and VP/CISO at Shared Assessments. He was also a Senior Privacy Manager at a CVS Health, a US-based Healthcare company where he implemented and managed their world-class third party risk program. He was a member of the Forbes Technology Council and InfraGard’s – Pittsburgh chapter. He currently serves on the Board of Directors for the Pennsylvania-based non-profit, Pathways and serves as a 1st Lieutenant in the US Civil Air Patrol. He has earned both his BS and MS and Robert Morris University and holds the following certifications - Certified Information Systems Auditor (CISA), Certified in Risk & Information Systems Controls (CRISC), Certified Information Privacy Technologist (CIPT), Certified Third-Party Risk Professional (CTPRP), and the Certified Third-Party Risk Assessor (CTPRA).

Getting a 360 Degree View of Vendor Risk

Day 3 | Track 2 | 10 - 10:50 AM

The scope of involvement for the third party risk management profession is rapidly expanding beyond assessments and cyber analysis, and most TPRM programs are not equipped and prepared to adapt to these changes. As organizations expand the scope of risk coverage, TPRM professionals must be prepared to rise to the challenge and know how to acquire and analyze various forms of data. In this session, we will discuss the importance of “risk intelligence” and discuss strategies to assess the various risk landscapes in order to provide holistic risk intelligence to their stakeholders.

bottom of page