Tom Garrubba

Tom Garrubba (CISA, CRISC, CIPT, CTPRP) dedicates his time to developing and leading risk management, vendor risk, privacy, security issues and core programs. He also serves as Program Director for the Shared Assessments Program where he is responsible for the growth and management of key initiatives for The Program. Tom is also an active trainer in the Shared Assessment’s Certified Third Party Risk Professional (CTPRP) Certification Program and is a blogger for the Huffington Post’s Business section on risk as well as published articles on various industry websites including Government Health IT and ISACA. Before joining The Santa Fe Group team, Tom was the Senior Privacy Manager at CVS Health where he established the policies and work procedures that govern the company’s vendor assessment program. His key responsibilities included designing the risk methodology for assessing vendors and the methodology for re-performing vendor assessments. He also supervised all assessments for existing and potential third party service providers that in any way used or accessed proprietary PII, PHI, card holder (PCI) and proprietary data. Because of his history as a respected subject matter expert on third party risk, Tom was selected to help establish CVS Health as a member of The Program’s Steering Committee.