Aravo’s Bryn Sedlacek met with the CEO of the Third-Party Risk Association, Julie Gaiaschi, over LinkedIn Live to discuss women in third-party risk management, her background and experience, and the importance of inclusivity within the field. In this interview we learn more about the resources TPRA has to offer, the challenges women in TPRM face, and what TPRA is working towards for the future.
Julie Gaiaschi: I’m Julie Gaiaschi, CEO and Co-Founder of the Third-Party Risk Association. I’m responsible for the strategic vision and mission of TPRA, and we’re a not-for-profit organization that works to further the profession of third-party risk through knowledge sharing and networking.
Julie: I didn’t start out in technology. I was an international business major, so I concentrated in marketing and Spanish, and had a minor in economics, which has nothing to do with technology, but I always dabbled in it. Even in high school, I was president of the computer club, I just never saw technology as a career path. While in college, I was asked by FedEx to be an intern in their internal audit department. I had no idea what an internal audit was, but quickly learned. The auditing we were doing wasn’t finance, so we were operations and technology and I found it very interesting. I could continuously learn and meet people and I really loved it. So, I transitioned full-time to them after graduating college.
After I spent about a year with FedEx, I moved and worked for a large healthcare organization as an IT Auditor. Because I didn’t have that IT background, my leader at the time created this amazing development plan for me where we laid out different audits that we already needed to do based on the full tech stack at our organization. He brought in consultants to do these audits, and as part of the contracts they trained me on what to look for, and that’s how I learned the full security and technology industry. Also, at that time I was really fostering relationships with the IT team, security, the operations team, with all these other roles within technology. At that time, because I had grown all those relationships, I was asked to develop a third-party security team there. So, they hired me as a leader of a small team of three, that grew into eight, and we developed the third-party security program for that organization.
During that time, I benchmarked with a lot of people, and I thought that if we have these same questions and are going through these same process pain points, others do too. I met my former partner of the TPRA at a conference and we started a round table. The first meeting had 15 companies; the fourth meeting had over a hundred. We really wanted to make this something and turn this into a nonprofit, community-driven organization, and that’s what we did in 2019. I transitioned to full-time in February 2022 to TPRA, and that’s how I came to third-party risk management.
Bryn: One of the things I love about third-party risk management, and I think a lot of people appreciate about this field, is that it’s this great mix of problem solving and relationship building. There are always new things to think about, new problems to solve, and people to work with.
Just a quick background on me, I also started in the international relations area. I studied political science and Islamic studies, got my graduate degree in international security, focused on the Middle East. I lived in the region for a bit and was in Lebanon, where my family is from. Then, when I moved back to the U.S. I got into anti-bribery and anti-corruption work, which was absolutely fascinating to me. I was able to help companies build their compliance programs, due diligence, that sort of stuff. It felt like an area where I could really grow into and was excited about. I too moved to technology after that, when I came over to Aravo about six and a half years ago.
Julie: There’s not a whole lot of statistics around women in third-party risk management, but there are statistics around governance, risk and compliance, and technology. GRC World Forms in 2021 noted that only about 15% to 20% of GRC professionals are women. Gartner in 2019 noted about 25% of every 100 security and risk management executives are women. And in 2023, the World Economic Forum noted only 15% of CEOs of Fortune 500 companies are women. So, we still have some work to do.
I think the great thing is even though some of those gaps are more in technology and in leadership roles, we don’t see as many gaps in third-party risk management. I think this is because tech started out with more men, naturally. Whereas third-party risk management is kind of diverse since it is fairly new. Not new for banks, but new for other organizations. Gradually, people have come together to work on third-party risk management, so it naturally includes more women. Now, is it fully 50-50? No. Is there work to do? Of course, especially with people coming from tech or trying to get into tech and with leadership. That’s where we are really focusing more on some of those challenges. I myself have experienced challenges in tech being a woman as well, with people not taking me as seriously or telling me I’m too young to be a leader, and hearing “no” all the time. But “no” fuels me. I would not be where I am today if people just told me “yes” all the time.
I knew as soon as we started this organization that women in third-party risk management is something we wanted to help celebrate, uplift, support, and work towards. So, our group has started a Women in Third-Party Risk Management Program. We started a year and a half ago and announced it at our 2022 conference. We have grown from zero people to 250 individuals within the program, and they are so passionate. They love sharing their stories and have really helping create this program into what it is today.
We also have five work groups: educate, lead, mentor, support, and pay. These focus on areas where we think there could be enhancements. With education, that work group focuses on trying to come up with content or find content that already exist, like TED talks, books, or white papers, things that would educate others on women and diversity in the workplace. The lead work group focuses on spotlighting women leaders on our website to share their journey, how they got to leadership, some of the challenges they faced, and the characteristics they feel like good leaders should exhibit. This is to help inspire others and show people that you are not alone. In fact, women in third-party risk management groups are not just for women, they’re for women and allies. It’s for everyone and you don’t have to be a member to join, anyone can join.
We also have a mentor group with 60 individuals who are now in that program. And in our support group we work to uplift women and share the wins of all of us. Sometimes women aren’t the best at celebrating themselves, so what we’re doing within our own organization is trying to celebrate each other.
Then, the last group is pay. That group is highlighting organizations that are hiring women, that have diversity initiatives in place, and are making sure they’re promoting women within the organization. We share those jobs on our website. We recently created a salary survey as well. We want to learn more about not only what women are getting paid, but what people are paying third-party risk management professionals. You can find that survey on TPRA’s LinkedIn page.
Bryn: I think the mentorship component is huge. You’re looking at what gaps exist and looking to close those. I think the other thing that’s great too is providing a spotlight onto brilliant leaders in TPRA and focusing on these women who have their own stories and have so much to offer from an expertise perspective on moving the field forward, understanding what’s next, and being another platform for those voices. We are going to link to all these resources, so check out the groups that Julie has mentioned.
Julie: I hope that as a community, not just as women, we really recognize the importance of working together. You don’t have to do anything alone. I want the community to understand that we’re all in the same boat, we’re all doing this together, and we’re all just humans. Sharing love in general can really help uplift any community.
This interview has been edited for length and clarity.
As the third-party risk management industry grows and evolves, TPRA continues its commitment to fostering a supportive and encouraging environment within the field for women and allies.
Share with Your Friends:
