© 2019 Third Party Risk Association

Board of Directors

Carol Smith-Medina, Allianz Life

In 2014 Carol was asked to develop a Third Party Risk Management program for Allianz Life. Her current role in the Ethics & Compliance Department is responsible for maintaining, developing and overseeing key TPRM program activities and enhancement initiatives. Carol joined Allianz in 1999 and spent 5 years merging and managing licensing and contracting teams. In 2004 she moved to Compliance where she managed a variety of programs; in 2007 she was asked to develop an Agent Oversight program, the program was industry leading and viewed by regulators as a best practice. In 2014 Carol accepted a 3 month international assignment at Allianz Reinsurance in Munich, Germany where she was asked to perform a compliance gap analysis. Due to her previous international experience, in 2017 she accepted a 3 month position at Allianz in Vientiane, Laos to help them close open compliance issues. In addition to her involvement in many industry associations Carol holds a designation as a Certified Third Party Risk professional (CTPRP) and is a Certified Fraud Examiner (CFE).

Frank Losito, Cree

Frank Losito brings with him more than 20 years of experience in the areas of cybersecurity, risk governance, and data privacy. As the IT Risk and Compliance Leader for Cree/Wolfspeed, a global semiconductor manufacturing company, he is responsible for technology and third-party risk management, ensuring that the business and its suppliers comply with relevant data protection laws, policies and regulations. Prior to that, he was the Senior Director of Risk and Compliance at Prevalent, where he built and led the Customer Success and Third-Party Risk Analyst Teams, and aligned business practices with GDPR, HIPAA, PCI-DSS, and NYDFS regulations. While there, Frank also worked closely with the H-ISAC to create and grow CYBERFIT, the first shared network of assessments for the healthcare industry, and led the execution of several thousand vendor assessments in the legal, financial, manufacturing, and higher education sectors.  Frank has authored numerous assessment surveys to aid in the identification of data protection gaps and to help companies adhere to standard frameworks such as NIST and ISO. He has held various leadership roles at publicly traded finance, media and technology companies including Nelnet and Thomson Reuters, and has performed consulting work for over 100 organizations to help them build and manage their cybersecurity and risk management programs. Frank holds a B.S. in Business Administration and Computer Information System from Rider University, is a Certified Information Systems Security Professional (CISSP), and holds multiple other cybersecurity and risk management certifications.

Gerald Smith, Asurion

Gerald has been building and leading international vendor risk and privacy programs in the financial, automotive and tech sectors for over a decade. He currently leads the Vendor Risk Management program at Asurion, an $8 billion company with 16,000+ employees globally. Gerald received his bachelor’s in Economics from the University of North Carolina and his law degree from Chapman University. He is an IAPP Fellow of Information Privacy.

Gina Baker, Intermountain Health

Gina Baker has worked in the healthcare field for over 20 years in various clinical and IT positions. She has three college degrees. Two bachelors in Exercise and Sport Science and Nursing and one masters in Nursing Informatics. Her various IT roles have included project management, analyst, contract manager and team lead of the third party assessment program. Projects have been local to a single facility, the entire Intermountain Healthcare corporation or nationwide involving other healthcare participants. She has presented nationally on health information exchange and third party assessment programs. She also is a photographer and a life coach with experience in web design, email marketing and social media.

Joe Hughes, GE

Joe is currently a Sr. Manager of Risk & Compliance at General Electric (GE). He is the Third Party Security Leader, leading the Third Party Security and Risk function for GE. Over the last 17 years, Joe has focused on internal controls, cyber security, and risk management with the last 6 years focusing specifically on third party risk. At GE, he leads a team that is responsible for evaluating the information security and privacy risk for all high risk third parties used by GE, including all the sub-businesses (Aviation, Healthcare, Power, etc.). This leads to the team evaluating 2000+ third parties per year. Prior to GE, Joe spent almost 10 years at Deloitte, and a few years at a small consulting firm called SecureIT.