Biography
Oksana is a highly credentialed cybersecurity professional, specializing in compliance and risk management. Her expertise spans leading frameworks such as NIST, SOC 2, ISO 27001, and other, enabling organizations to meet complex compliance requirements and build trust with prospects and customers. A leader in Vendor Risk Management, Oksana successfully developed and implemented a robust Third-Party Risk Management (TPRM) program for the Bank of Canada, ensuring vendor risks were effectively assessed and mitigated. Her in-depth understanding of vendor security frameworks and contractual safeguards has empowered organizations to secure their vendor ecosystems while maintaining regulatory compliance. With her ability to integrate best practices, streamline compliance processes, and develop actionable strategies, Oksana is a trusted advisor for organizations seeking to enhance their security posture and meet compliance objectives.
Leadership Characteristics
Execution-Driven Leadership (Strengths: Achiever, Responsibility, Discipline): I am highly reliable, goal-oriented, and committed to delivering results. Relationship & Trust-Building Leadership (Strengths: Relator, Trust, Connectedness): As a trusted advisor, I build strong relationships with clients and stakeholders, ensuring compliance is not just a requirement but a value-driven process that fosters trust. This is key in vendor risk management, where collaboration and clear communication are critical. Problem-Solving & Risk Mitigation Leadership (Strengths: Restorative, Responsibility, Deliberative): My focus on risk assessment and mitigation aligns with leaders who analyze risks thoroughly, make careful decisions, and take ownership of challenges. I thrive in environments where critical thinking and sound judgment are essential.
Leadership Challenges
Getting business buy-in when a vendor’s security posture is weak is a constant challenge because security is rarely the top priority for stakeholders. The business wants the vendor now, procurement is focused on cost, and executives don’t see an immediate risk—until something goes wrong. The pushback is: “Do we really need to delay this over a security concern?” The key is to shift the conversation from abstract risks to real business impact—breach costs, regulatory fines (GDPR), and lost deals with security-conscious customers. A vendor without basic security controls isn't just a compliance issue; it’s a liability waiting to happen. Instead of a hard “no,” I push for risk-based onboarding—tying security improvements to timelines and contracts. Legal and compliance can help enforce this, and external pressure from clients expecting strong security can be a game-changer. At the end of the day, it’s about making security a business decision, not just a checkbox.
Key Take-a-ways
If there’s one thing I’d tell others in the industry about Third-Party Risk Management (TPRM), it’s that vendor security isn’t just a compliance exercise—it’s a business enabler. Too often, organizations treat TPRM as a checkbox process, but the reality is that a weak vendor can take down your entire business. The best part of TPRM for me is the "negotiation and influence"—turning security from an afterthought into a non-negotiable business priority. Whether it’s getting executives to see the real risk, pushing vendors to meet higher standards, or leveraging security as a competitive edge, TPRM is where cybersecurity meets strategy.
Fun Fact
I was born in a place where there was only winter. I studied in a place where there was only summer. And I landed in a place with 4 beautiful seasons. Canada is home.