THOMAS GARRUBBA
Bridgeville,PA
Summary
I am an internationally recognized thought leader, lecturer, commentator and blogger on business, cyber and privacy risk with more than 25 years’ experience in cyber, privacy, enterprise risk governance and compliance, audit, and consulting. I have had published thought leadership pieces and have been solicited for comment in various business and security journals including Forbes.com, Bloomberg, The Washington Examiner, Yahoo Finance, SC Magazine, Computer Weekly, CIO Magazine, The Huffington Post, Corporate Compliance Insights, Future of Outsourcing Magazine, Government Health IT, ISACA, Risk.net, and numerous other trade publications. I was the author for the chapter on “Third Party Risk Management” for the Risk.net book “Cyber Risk”, and have been a featured guest on numerous business and security podcasts, and I host the weekly LinkedIn thought leadership video series “TPRM Tidbits”.
Overview
27
27
years of professional experience
5
5
Certification
Work History
Director of Third Party Risk Management (TPRM) Services
Echelon Risk + Cyber, LLC
2022.06 - 2024.01
- I assisted clients in strategy, optimization, and stabilization of their third party vendor risk assessment programs
- Some of the items I assisted with them included: Identified and roadmaped their vendor risk maturity, Identified their inherent/exposure risk and the residual risk following third party risk assessments, Close out open/contingent items post-assessment, Liaise with audit and regulators as to a client’s existing TPRM state, Educate clients formally (via the CTPRP and CTPRA certifications) and consult them on their unique challenges
- I was responsible for managing the entire client engagement throughout its lifecycle including budgeting and staffing.
Vice President, Co-Chief Information Security Officer (CISO), Educator, Subject Matter Expert
The Santa Fe Group/The Shared Assessments Program
2014.09 - 2022.06
- The Shared Assessments Program is a member-driven organization focused on standardization of third party and supply chain risk practices
- My responsibilities include: Providing Strategic Guidance and Thought Leadership, Provider of Thought Leadership, Instructor for our Certification Programs, Provide Consultation to Companies, Established and managed our Member Relations Outreach (MRO) Program.
Senior Privacy Manager
CVS Health
- 2014.09
- I volunteered to develop, implement and manage their “Vendor Assessment Program”
- This program was recognized by outside agencies as a world-class third party risk management program.
Global IT Audit Manager
HJ Heinz Company (Kraft/Heinz)
2005.12 - 2007.04
- I provided the management role in supporting Executive and IT Senior Management, the Audit Committee, and external auditors in the technology assurance of mission critical information systems and components for the global enterprise.
Assistant Vice-President, Project Leader
Mellon Financial Corporation (BNY Mellon)
2004.08 - 2005.12
- Lead or participated in numerous reviews including mainframe, infrastructure, midrange system, database, business contingency and disaster recovery planning (BC/DR), capacity planning, and segregation of duties.
Senior Technology Auditor III
Ernst & Young LLP
2003.03 - 2004.08
- Consulted with executive and senior management levels in identifying and assessing controls for compliance to Sarbanes-Oxley Act
- Lead staff in the assessment of controls to client IT processes including strategy, application, operating system, database, and IT general controls assessments in both internal and external staffing functions.
IT Staff Auditor
PWC, LLP
1998.04 - 1999.03
- Conducted IT general controls and application reviews.
IT Staff Auditor/Senior Auditor
PNC Bank
1996.09 - 1998.04
- Conducted IT general and application controls reviews.
Education
MS, Information Systems Management -
Robert Morris University
01.2003
BSBA, Finance -
Robert Morris University
01.1994
Skills
- Risk Management
- Staff Management & Development
- Project Management
- Business Development
- Operations Management
- Creativity and Innovation
- Charismatic Leader
- Crisis Management
- Verbal and Written Communication
- Contract and Vendor Management
- Supply Chain Management
- Partnerships and Alliances
Professional Organizations
- Information Systems Audit and Control Association (ISACA), 1996
- International Association of Privacy Professionals (IAPP), 2011
- The Shared Assessments Program, 2011
- Civil Air Patrol – US Airforce Auxiliary, 2018
- InfraGard (Public/Private Partnership with the FBI), 2016
- Financial Services Sector Coordinating Council (FSSCC), 2015
- Forbes Technology Council, 2020
- The Open Compliance and Ethics Group (OCEG), 2021
Certification
CISA (Certified Information Systems Auditor), 2001
CRISC (Certified in Risk and Information Systems Control), 2011
CIPT (Certified Information Privacy Technologist), 2011
CTPRP (Certified Third-Party Risk Professional), 2015
CTPRA (Certified Third-Party Risk Assessor), 2020
Timeline
Director of Third Party Risk Management (TPRM) Services
Echelon Risk + Cyber, LLC
2022.06 - 2024.01
Vice President, Co-Chief Information Security Officer (CISO), Educator, Subject Matter Expert
The Santa Fe Group/The Shared Assessments Program
2014.09 - 2022.06
Global IT Audit Manager
HJ Heinz Company (Kraft/Heinz)
2005.12 - 2007.04
Assistant Vice-President, Project Leader
Mellon Financial Corporation (BNY Mellon)
2004.08 - 2005.12
Senior Technology Auditor III
Ernst & Young LLP
2003.03 - 2004.08
IT Staff Auditor
PWC, LLP
1998.04 - 1999.03
IT Staff Auditor/Senior Auditor
PNC Bank
1996.09 - 1998.04
Senior Privacy Manager
CVS Health
- 2014.09
MS, Information Systems Management -
Robert Morris University
BSBA, Finance -
Robert Morris University
· Information Systems Audit and Control Association (ISACA) – Member; 1996
o CISA (Certified Information Systems Auditor), 2001
o CRISC (Certified in Risk and Information Systems Control), 2011
· International Association of Privacy Professionals (IAPP) – Member; 2011
o CIPT (Certified Information Privacy Technologist), 2011
· The Shared Assessments Program – Member; 2011
o CTPRP (Certified Third-Party Risk Professional), 2015
o CTPRA (Certified Third-Party Risk Assessor), 2020
· Civil Air Patrol – US Air Force Auxiliary – Member; 2018
o 1LT; Finance Officer of Squadron 603 (Pittsburgh)
· InfraGard (Public/Private Partnership with the FBI) – Member; 2016
· Financial Services Sector Coordinating Council (FSSCC) – Member; 2015
· Forbes Technology Council – Member; 2020
· The Open Compliance and Ethics Group (OCEG) – Member; 2021
Similar Profiles
ZACH CAMBREZACH CAMBRE
Senior Cybersecurity Consultant at Echelon Cyber + RiskSenior Cybersecurity Consultant at Echelon Cyber + Risk
Parker BrownParker Brown
North America Sales Development Lead at KYND Cyber RiskNorth America Sales Development Lead at KYND Cyber Risk
Christopher ReedChristopher Reed
Sr. Security Engagement Manager at TATA CONSULTANCY SERVICES (C&SI – Risk and Cyber Strategy)Sr. Security Engagement Manager at TATA CONSULTANCY SERVICES (C&SI – Risk and Cyber Strategy)