Paul ValenteSr. Director, Information Security
Paul Valente brings over 20 years of technology experience and more than 10 years of Information Security program design and management. His specialties include Security Architecture, Application Security, Information Security Risk Management and Third-Party Security Risk Management. Paul has 9 years’ experience in Financial Services with the past 4 at Lending Club where he serves as Sr. Director of Information Security. Prior to Lending Club, Paul served as the Information Security Leader at Restoration Hardware, and developed cloud services for the Fortune 500. With 10 years in software, Paul has lead international e-commerce development initiatives in China, India and Thailand. Paul’s GRC experience includes GLBA, FFIEC, SOX, PCI DSS, ISO 2700x and more. Paul believes firmly in using innovation, automation, out-of-the-box thinking and data driven decisions to reinvent security. In 2016 Paul co-founded VISO Trust, the world's first Rationalized Information Security Due Diligence platform.
Your company’s security posture is not strictly determined by your company’s security program. Because today’s information networks are a patchwork of systems and information shared, exchanged, and acquired from vendors, partners, and M&As, no company is an island. Your company’s security posture is a product of the security programs of all the companies in an information ecosystem. Complicating this security environment is the fact that vendor security management processes are all but broken.
Effective, comprehensive due diligence efforts haven’t caught up with the speed of business today. Long-form questionnaires burden vendors and clients alike and often produce incomplete, inaccurate, or irrelevant information on which decision makers are expected to rely. All the while, regulators are requiring more frequent monitoring and deeper reviews of service providers—as well as their service providers. Information security attacks are increasingly sophisticated. Breaches are more frequent. And no matter the risk climate, business needs to accelerate to remain competitive. It’s time for a rationalized approach that leverages core expertise, automation, and machine learning to yield both rapid and accurate information necessary to effectively assess and manage vendor security risk.