Interview with Steven Nguyen
Listen to full episode :
Vendor risk management is a crucial aspect of Governance, Risk, and Compliance (GRC) for organizations of all sizes. Mark Graziano interviews Steven Nguyen, Business Information Security Officer (BISO) for Twilio Data & Applications, who shares his valuable insights as both as a customer and as a vendor throughout the sales and procurement process.
In this episode we unpack:
The real-world issues with antiquated approaches (e.g., monolithic, one-size fits all questionnaires)
The necessity of understanding business context when assessing vendors
How the quality of questions asked to vendors trumps quantity, leading to improved transparency and honesty.
Security contract negotiation best practices and exception considerations
The importance of early engagement (shifting left) of security teams in the sales process.
A mindset shift in viewing GRC programs as service-oriented products, catering to both internal and external customers.
Don't miss this episode packed with valuable insights and relatable stories. Tune in now to equip yourself with practical tools for your journey to GRC mastery!
Connect With Steven
My first message to Steven after reading his blog (I was hired to Segment in August 2021). If you’re a security leader, embrace community engagement and content creation. Resources WILL come to you if your message resonates.
