Board of Directors

Vincent Scales, Verizon

Vincent Scales is an enterprise program manager with 15 years of experience building, delivering and operating IT and shared services programs in F500 environments, both from the perspective of the outsourcer as well as the service provider. Currently, Vincent is a leader in Verizon’s TPRM organization, leading a portfolio of third party risk management activities and serving as product owner and development leader for Verizon’s TPRM platform. He holds a Bachelor’s in Business Administration from Northern Arizona University and a Master’s in Business Administration from Arizona State University. Vincent resides in Phoenix, AZ along with his girlfriend and their two labradoodles.


Frank Losito, Cree (Chairman)

Frank Losito brings with him more than 20 years of experience in the areas of cybersecurity, risk governance, and data privacy. As the IT Risk and Compliance Leader for Cree/Wolfspeed, a global semiconductor manufacturing company, he is responsible for technology and third-party risk management, ensuring that the business and its suppliers comply with relevant data protection laws, policies and regulations. Prior to that, he was the Senior Director of Risk and Compliance at Prevalent, where he built and led the Customer Success and Third-Party Risk Analyst Teams, and aligned business practices with GDPR, HIPAA, PCI-DSS, and NYDFS regulations. While there, Frank also worked closely with the H-ISAC to create and grow CYBERFIT, the first shared network of assessments for the healthcare industry, and led the execution of several thousand vendor assessments in the legal, financial, manufacturing, and higher education sectors.  Frank has authored numerous assessment surveys to aid in the identification of data protection gaps and to help companies adhere to standard frameworks such as NIST and ISO. He has held various leadership roles at publicly traded finance, media and technology companies including Nelnet and Thomson Reuters, and has performed consulting work for over 100 organizations to help them build and manage their cybersecurity and risk management programs. Frank holds a B.S. in Business Administration and Computer Information System from Rider University, is a Certified Information Systems Security Professional (CISSP), and holds multiple other cybersecurity and risk management certifications.

Gerald Smith.jpeg

Gerald Smith, Cuebiq

Gerald has been building and leading global privacy and vendor risk management programs in the financial, automotive and tech sectors for over a decade. He received his bachelor’s in Economics from the University of North Carolina and his law degree from Chapman University. He is an IAPP Fellow of Information Privacy.

_MG_8981-Edit-Edit (2).jpg

Gina Baker, Intermountain Health

Gina Baker has worked in the healthcare field for over 20 years in various clinical and IT positions. She has three college degrees. Two bachelors in Exercise and Sport Science and Nursing and one masters in Nursing Informatics. Her various IT roles have included project management, analyst, contract manager and team lead of the third party assessment program. Projects have been local to a single facility, the entire Intermountain Healthcare corporation or nationwide involving other healthcare participants. She has presented nationally on health information exchange and third party assessment programs. She also is a photographer and a life coach with experience in web design, email marketing and social media.


Joe Hughes, GE

Joe is currently a Sr. Manager of Risk & Compliance at General Electric (GE). He is the Third Party Security Leader, leading the Third Party Security and Risk function for GE. Over the last 17 years, Joe has focused on internal controls, cyber security, and risk management with the last 6 years focusing specifically on third party risk. At GE, he leads a team that is responsible for evaluating the information security and privacy risk for all high risk third parties used by GE, including all the sub-businesses (Aviation, Healthcare, Power, etc.). This leads to the team evaluating 2000+ third parties per year. Prior to GE, Joe spent almost 10 years at Deloitte, and a few years at a small consulting firm called SecureIT.