As the saying goes, you can outsource most anything, but you can’t outsource responsibility. Companies remain on the hook for ensuring their vendors are up to task when it comes to cybersecurity, privacy compliance and continuity of operations. This checklist can help determine the maturity of your vendor risk management program.
✔ We understand the vendor’s role relative to our business risk.
Knowing if a vendor is reliable requires knowing how they are being relied upon. It is worth considering how a particular vendor’s security failure might impact the confidentiality, integrity or availability of your employee records, customer data and business secrets, and whether their failure could put a halt to your operations altogether.
✔ We understand the vendor’s security relative to our requirements.
Just because a vendor is well known, does not mean their standard offering meets your company’s legal, regulatory, contractual and business security needs. Companies often take advantage of a cross-functional team of information security, legal, compliance, procurement, privacy and risk experts when making important vendor decisions.
✔ We ask the right questions and understand the response.
Vendor questionnaires are all the rage, but they are resource intensive for both parties. If your company uses them, do it right by assigning appropriate personnel to assess the answers, recognize gaps and potential remediation measures, follow your organization’s risk acceptance procedures and document decisions. Alternatively, consider accepting independent third-party audits and certifications, supplemented only as necessary for unique requirements.
✔ Our contracts are rock solid.
The Federal Trade Commission put it succinctly: “Insist that appropriate security standards are part of your contracts.” But, what are appropriate standards? Among other things, strong contracts take into account a company’s legal and regulatory environment, and often have provisions relating to specific security controls, compliance with industry standards, third-party certifications, data rights and privacy requirements, audit rights, insurance coverage, incident notification (and cooperation and information sharing if there is an incident), responses to legally compelled disclosure, data localization requirements, choice of law, restrictions on subcontracting, data destruction, SLAs and indemnification […] Read more »
ROLE DESCRIPTION
We are looking for a Membership Manager to join the company and take on one of the most opportunistic roles the industry has to offer. This is a role that allows for you to create and develop relationships with leading solution providers in the enterprise technology space. Through extensive research and conversation you will learn the goals and priorities of IT & IT Security Executives and collaborate with companies that have the solutions they are looking for. This role requires professionalism, drive, desire to learn, enthusiasm, energy and positivity.
Role Requirements:
Role Responsibilities:
Apex offers our team:
Entry level salary with competitive Commission & Bonus opportunities
Apex offers the ability to make a strong impact on our products and growing portfolio.
Three months of hands on training and commitment to teach you the industry and develop invaluable sales and relationship skills.
Opportunity to grow into leadership role and build a team
Extra vacation day for your birthday when it falls on a weekday
All major American holidays off
10 paid vacation days after training period
5 paid sick days
Apply Now >>