Addressing the Hidden Risks in Your Vendor and Outsourcing Network

SureStep enables procurement, risk, and compliance teams to onboard, assess, and monitor vendors efficiently with IBM OpenPages Third-Party Risk Management. Our implementation provides end-to-end visibility into third-party risk exposure, enabling continuous oversight across the vendor lifecycle.

  • Centralize vendor onboarding, due diligence, and risk assessments
  • Automate inherent/residual risk scoring and control evaluations
  • Link vendors to contracts, services, incidents, and audit activity

Managing Vendor Risk in an Interconnected World

Modern enterprises depend on an extended ecosystem of suppliers, outsourcers, and technology providers. While this ecosystem enables agility and scale, it also introduces significant risk: data breaches through third parties, operational outages tied to vendor failures, and regulatory scrutiny over outsourcing practices. Without a structured framework, organizations struggle to consistently assess, monitor, and govern their third-party relationships.

Why You Need a GRC System for Third-Party Risk Management

  1. Vendor risks are often assessed inconsistently, leaving blind spots across critical service providers and geographies.
  2. Manual contracting and onboarding processes delay business while creating compliance gaps with outsourcing regulations.
  3. Without centralized monitoring, procurement, legal, and risk teams operate in silos, reducing the ability to proactively identify vendor issues.

SureStep’s Expertise in IBM OpenPages TPRM

SureStep helps clients operationalize IBM OpenPages Third-Party Risk Management by aligning the platform with their procurement and risk strategies. We configure workflows that match your vendor criticality tiers, risk domains, and escalation paths, ensuring third-party oversight is both scalable and defensible. Our specialization in data integration ensures that vendor assessments, contractual obligations, and ongoing monitoring are centralized into a single system of record. With SureStep’s partnership, organizations bridge procurement, legal, and risk teams to manage third-party risk in real time—reducing manual effort and building confidence with regulators and stakeholders.

Driving ROI from Third-Party Risk Management

Investing in TPRM delivers measurable returns beyond compliance. By automating vendor onboarding and assessments, organizations accelerate time-to-contract while maintaining rigor. Continuous monitoring enables faster detection of vendor risks, preventing costly disruptions and reputational damage.

  • Reduced operational overhead through automated assessments and streamlined vendor onboarding.
  • Enhanced resilience and compliance posture by proactively identifying and mitigating vendor risks before they impact business outcomes.

Recent Case Studies from SureStep

Migrating GRC to the Cloud: Modernizing IBM OpenPages for Scalable, Managed Risk Operations
Case Study
Migrating GRC to the Cloud: Modernizing IBM OpenPages for Scalable, Managed Risk Operations
Governing Generative AI
Case Study
Governing Generative AI
Real-Time Critical Data Elements Reporting for Enhanced GRC Insights
Case Study
Real-Time Critical Data Elements Reporting for Enhanced GRC Insights

SureStep Management Team

Meet the SureStep team - a group of experienced professionals who bring together deep expertise in strategy, risk, compliance, data, finance, and operations.

With diverse backgrounds spanning global consulting, technology, and financial services, our team is united by a commitment to delivering tailored, end-to-end support. Together, we ensure that every engagement is guided by insight, precision, and a focus on your success.

Michael Gibbs
President & CEO, SureStep
Canada

Mike is a recognized leader in risk and compliance transformation, serving as CEO of SureStep for more than 14 years. He has built SureStep into a trusted global partner for advisory and technology implementation, supporting organizations with IBM, SAS, ServiceNow, and ESG platforms. His background includes senior roles in analytics, business development, and enterprise software across Canada and North America.

Darryl Ivan
Sales Director, Risk Advisory
Canada

Darryl is a seasoned risk executive with over two decades of leadership across banking, insurance, and technology. He has served as CRO for multiple financial institutions and held senior roles at SAS, EY, and RBC, driving large-scale risk transformation and regulatory programs. Today, he advises clients on implementing cutting-edge risk technology solutions in North America and beyond.

Tony Wilson
Sales Director, APAC
New Zealand

Tony is an accomplished business development and client director specializing in risk, compliance, and enterprise technology solutions. Over his career, he has guided complex IT and risk transformation programs with organizations such as Systems Advisory Services (SAS IT), Practiv, and Datacom. Based in Auckland, he now leads SureStep’s Asia Pacific sales and client growth initiatives.

Anthony Franklin
Solutions Sales Executive
United States

Anthony is a technology and business executive with a track record of building data-driven solutions across industries. He has held leadership roles at Red Hat, Microsoft, and SAS, while also founding and advising companies in sports analytics, financial risk, and sales innovation. His passion lies in bridging advanced analytics with practical business impact.

Rick Vasicek
Solutions Sales Executive
United States

Rick is an accomplished leader in enterprise risk management, specializing in financial services sales, advisory, and compliance solutions. With senior leadership experience at SAS, Moody’s, and Kamakura, he has built global teams and driven growth across EMEA and North America. He is passionate about helping institutions navigate evolving regulatory and market challenges with data-driven solutions.

Robert Wright
Strategic Advisor
Netherlands

Robert serves as Strategic Advisor to the CEO of SureStep, where he focuses on enterprise strategy and client success. Drawing on deep experience in data governance, data management, and software development, he helps organizations translate complex regulatory and operational requirements into actionable strategies and scalable solutions.

Stacie Heffern
Head of Operations
Canada

Stacie brings extensive experience in operations and business process management, with a proven record of driving efficiency, improving client outcomes, and leading high-performing teams. At SureStep, she manages day-to-day operations and supports delivery excellence across risk and compliance programs. Her background spans financial services technology, business analysis, and client service leadership.

Book a meeting with our advisory team today