Atul Vashistha:
Hi everyone. Welcome to an episode of CRO Wisdom. I’m delighted today to have an industry expert, a dear friend, Matt Moog. Matt is the general manager of Third-Party Risk Management at OneTrust. Matt, welcome.
Matt Moog:
I appreciate that, Atul.
Atul Vashistha:
So Matt, I know the audience always loves to hear about how somebody gets to a role in risk so maybe take us back to maybe how you started. How did it even come about?
Matt Moog:
I mean, I have an interesting amount of coincidences that happened kind of across the entirety of my progression towards where I am today. Going all the way back to when I was in college, I interviewed in my junior year for a position at Anderson Consulting in 2001. You can imagine. For those of you who remembered Enron, and you can imagine the chaos that ensued, and I didn’t get that summer internship because the company kind of fell apart. But I walked out of another interview my senior year and as I walked out of the interview, I walked past the colleague that had interviewed me for the Anderson role and they said, “Matt, we don’t have you on our docket.” I said, “Well, do you mind interviewing me later on?” And they said, “Well, we don’t have any slots open, but we’ll call you towards the end of the day and see if we can squeeze you in.” And I was actually at lacrosse practice, and I got the call, and I came down and interviewed in a t-shirt, shorts, and flip-flops in the interview room and ended up progressing toward my career at EY.
I continued to progress at EY and do different things, and I always found it very fascinating to truly understand the business, before risk, because risk is always put in the context of the business, right? And I just found it fascinating to just understand capital markets, understand retail banking, understand insurance. How do they make money? How do the transactions flow?
And then, as I continued to progress at EY and do different things, and I always found it very fascinating to truly understand the business, before risk, because risk is always put in the context of the business, right? And I just found it fascinating to just understand capital markets, understand retail banking, understand insurance. How do they make money? How do the transactions flow? And I remember taking a fair amount of time and my client at that time was Lehman Brothers and we know what happened there. I promise I don’t leave a trail of chaos, but the failure of Lehman Brothers kind of forced me to re-decide, do I want to still continue to do IT audit or are there other things that I wanted to look at? So, I looked at data management, I looked at risk and compliance, and I had an opportunity to do some business on third-party risk, which I knew nothing about, by the way, about six years into my career.
I actually just kind of took a swing at it and they said, “Well, we’re looking for a senior manager.” I was a manager at the time, and I said, “Listen, I don’t know anything about this, but I’ll guarantee you that I will find out everything possible about this.” And that was kind of the beginning of me starting to understand what third-party risk was. And what I really enjoyed about it was it was enterprise risk outside the walls of the enterprise. That’s kind of how I can describe it, is just There were things around the mortgage crash that led to the CFPB and other regulatory requirements, so the mortgage industry became incredibly fascinating. Understanding how it related to things like insider trading or other risk factors that maybe just extended out to brokers. Or it’s really any type of activity in financial services.
Initially, it started to be a cyber thing and then it was a resiliency thing, and then it was a compliance thing, and then it was an ESG thing, and then it’s a cloud thing, and the concepts with inside third-party risk just kept expanding and I just found it fascinating. I was the person who was always willing to take time to just read about the next thing and then have people on my team question me. I didn’t always know the answers, but I certainly grew and was able to continue to learn and evolve. I certainly don’t know the answers today, I think we’re still evolving, but it’s just been a pleasure to work in this kind of space. I think risk management is always a gray area activity and you just have to challenge yourself to be comfortable being uncomfortable in an environment like this.
Atul Vashistha:
So Matt, tell us a little bit about the from ENY to OneTrust and how your life is different today, or how would you describe the difference in those roles.
I think the opportunity to build something that maybe doesn’t even exist within the environment, and we talk about that a lot with Supply Wisdom data and kind of challenging how people are looking at how they do their job day-to-day out.
Matt Moog:
So, EY, we come with the brand, and you come with the team. Everything around me is set, the systems, the support networks. Any access to any client was easy so you get used to being in a big firm for two decades and then you leave that firm. The pleasurable thing is that at OneTrust the culture is very similar so that’s kind of the reason I came over as well. I think the opportunity to build something that maybe doesn’t even exist within the environment, and we talk about that a lot with Supply Wisdom data and kind of challenging how people are looking at how they do their job day-to-day out. So, as I came over from EY, which was very relationship heavy. I mean, every single client that I had, I had a personal relationship with, and I knew them kind of inside and out, their business. We had really good footprints with most of those clients.
And then I come over into a velocity software business where you got 2,400 clients and I really built deep relationships with 30 to 50 of them on a regular basis. It’s a different flow, it’s a different cadence of the relationship, and I think my bringing the focus on the client and really … We’re OneTrust, we do trust as a business. I think trust is a commodity. I think trust is earned; it can be easily lost. And being able to do the right thing, make yourself available, have the right discussions, be okay with the uncomfortable discussion, solving problems, those are kind of in my DNA from the previous two decades. Bringing that over I think has really helped a lot of people understand that it’s not just selling a license, it’s really developing a longer-term relationship for the business.
