We are very happy to announce that Senior Information Security Consultant, Mike Boutwell will speak at #RISK Digital, this month., this month.

Mike Boutwell, Senior Information Security Consultant

Livestreaming on 13 February 2024, #RISK Digital examines the changing risk landscape in a content rich, knowledge sharing environment. The one-day event sees over thirty expert speakers provide insight and guidance on how organisations can mitigate risk, reduce compliance breaches and improve business performance in the digital age. 

An esteemed expert in information security and risk management, Mike Boutwell’s career spans over 15 years in security and 10 years in risk management. Mike’s journey in this field has seen him make significant contributions to leading companies such as Cisco, AT&T, IBM, Kyndryl, First Data, and Euroclear.

Mike Boutwell will be at #RISK Digital to discuss the potential impact of AI on Third-Party Risk Management (TPRM) strategies.

Below, Mike answers questions on his professional journey and introduces the key issues of his #RISK Digital session.

  • Harmonising Progress and Security: Exploring the Confluence of AI and Third-Party Risk Management Tuesday, 13th February 2024, 13:00 – 13:30pm GMT




Could you briefly outline your career pathway so far?

I started off as a security engineer working for Deutsche Telekom and later worked in a more senior engineering role in First Data. I then went on to be a lead security architect for three separate accounts at AT&T, working with IBM and overseeing the accounts of Dow Chemical, Citizens Financial Group, and WPP Plc.

I started a boutique consulting firm where I currently work. Here I advise clients on cyber risk of all kinds. I work mainly with financial institutions and provide oversight onto their governance processes, conduct risk assessments, business impact assessments, and propose security and control requirements. Most recently, I conducted an AI based risk assessment for a financial services firm with 5,000 employees.

I am certified in CISA, CGEIT, CISSP, ISO 27001 Senior Lead Implementer and Auditor. In addition to being a Certified Trainer, I am also a Certified Non-Executive Director. I assist in training and skill development in my security areas, but focus mainly on ISO 27001.

How are evolving technologies such as AI adding complexity to the data protection and privacy risks within Third Party Risk Management (TPRM)?

AI has a very different risk profile and very specific control and regulatory requirements. Given that it is still a software deployment, many software vendors can simply integrate AI features into an already existing product.

This means that if an organisation owns that product, simply turning on that feature might be done by the click of a button or it may be turned on by default. Some teams may not know or care about the impact this has and thus do not go through risk, legal, and other necessary reviews by the relevant stakeholders.

In addition, vendors have made some claims which are hard to believe, but also impossible to prove or disprove. For example, environment segregation.

In what ways are TPRM strategies changing so that organisations can stay innovative while optimising privacy and security?

  • Enhancing security awareness training and keeping it up to date to include AI and other next-gen technologies.
  • Integrate AI vendors and a centre of excellence with representation from internal AI experts, legal, risk, etc. into a governance process to assure regulations and other requirements are assessed and met.
  • Be sure to train teams not to fully rely on AI, but to use it to assist them in their work, while scrutinizing the information it outputs.

Don’t miss Mike Boutwell discussing these issues in depth at #RISK Digital in the session:

Harmonising Progress and Security: Exploring the Confluence of AI and Third-Party Risk Management

Third-Party Risk Management (TPRM) intersects with the transformative realm of Artificial Intelligence (AI). Our panel of experts will unravel the complexities involved in seamlessly integrating AI technologies while safeguarding against potential risks from external partnerships.

From evaluating vendors utilising AI, to crafting effective risk mitigation strategies, our discussion will provide invaluable insights, practical advice and real-world anecdotes to assist organisations in navigating the delicate balance between innovation and security. Join us for a compelling conversation that delves into the shifting dynamics of TPRM amid the rising influence of artificial intelligence.

Also on the panel…

  • Caro Robson, Digital Legal, Director of Regulatory Strategy for the information regulator (Panel Host)
  • Jan Stappers, Regulatory Solutions Director, NAVEX 


Harmonising Progress and Security: Exploring the Confluence of AI and Third-Party Risk Management

Time: 13:00 – 13:30pm GMT

Date: Tuesday 13 February 2024

The session sits within a packed agenda of insight and guidance at #RISK Digital taking place 13 February.

Discover more at #RISK Digital

#RISK Digital will examine the changing risk landscape in a content rich, knowledge sharing environment. Attendees will be able to learn and better understand how to mitigate risk, reduce compliance breaches, and improve business performance.

Risk is now everyone’s business. Enterprise chiefs need to be tech-savvy, understanding how GRC technology fits into strategy and how to solve regulatory challenges.



Click here to register for free for #RISK Digital