Summary
Risk Management requires the execution of a sustainable, practical and effective framework that encompasses people, process, technology and business environment. Today, the complexity and demand for online capabilities via a variety of platforms and services demand companies consider operational risks including cyber, information risk, physical, legal, regulatory, financial, reputation, resiliency and more into all aspects of today's business products and services.
Marc S Sokol can help your organization build an operational risk, cyber risk, and/or information security program derived from industry standards that can empower your company to manage these risks in a proven, business aligned and successful manner. These cabailbiites can ensure your organization meets its regulatory obligations while also enabling the company to minimize risk, maximize operational effiency, while also enabling it to pursue new business opportunities in a thoughtful and effective manner.
REFERENCES
Read comments and feedback regarding Marc's approach to risk management, security, and governance...
"Marc is truly a leader in his field. He spearheaded the development of a Third Party Risk Framework that not only incorporates security risk but all types of risk imposed by the use of 3rd parties. He has done the same by developing a proposed industry standard for an Operational Risk framework. His thought leadership has led to sharing and further developing these frameworks with industry colleagues so that we as an Life Insurance Industry can drive the architectural design of effective ERM in these important operational risk areas. I highly recommend Marc as a collaborator, thought leader, and strategist of risk."
Vicki Yamasaki, Chief Risk Officer
OneAmerica Financial
Chair, ACLI Industry Enterprise Risk Committee
MANAGEMENT OF CYBER AND OPERATIONAL RISK CAN BE A BUSINESS ENABLER!
Companies today are faced with a very challenging environment in which cyber, operational, information, and business risks must be managed effectively. The consequences it may face in not doing so can cost millions, damage the company's brand and reputation, lost market share, regulatory intervention and fines, impact employee safety, diminish resiliency and availability to service clients/customers, and most importantly can result in a significant loss of client/customer confidence and trust.
Furthermore, if a company only operates by industry norms, it will get by definition average results that don’t enable competitive advantage or prepare it for strategic and emerging risks and opportunities. Far too many of these companies have adopted the "norm" or legacy approach toward security and operational risk, and as a result continue to see massive security incidents, privacy breaches, and operational losses even though they may have inested millions of dollars in the latest security technology.
However, companies can prosper in today’s challenging environment. By employing a practical yet effective and comprehensive security and risk management program that supplies four lines of defense (operations, risk governance, audit/verification, and board oversight) and is well aligned with the company's overall enterprise risk management program, executive management can obtain the sustaninable optics necessary to effectively align risk taking (residual risk) within defined risk appetite while also demonstrating optimal enterprise stewardship in maintaining client trust, protecting the company from the myriad of threats faced both today AND tomorrow, meeting its regulatory obligations, and exploring new opportunities in a more comprehensive and effective manner.
Please click on the Contact tab to contact Marc for more information.