Day One | October 14
Here is the latest edition of the agenda. As we approach the event, we will be adding speakers and sessions to enhance your experience. To stay informed, please register your interest
(Open to first 30 attendees)
Key topics
- The realities TPRM programs are dealing with now, including regulatory expectations, operational disruption, vendor AI adoption, and growing dependency on a small set of critical providers
- How these forces are beginning to change due diligence, ongoing monitoring, resilience planning, and what “good” governance looks like in practice
- What this means for the profession over the next few years, including emerging skill sets, closer collaboration with other risk and business functions, and new ways of showing value to leadership
This panel brings together practitioners to share how they are preparing for, managing, and learning from third-party cyber incidents and operational disruptions. Panelists will discuss real coordination challenges across vendors, legal, security, communications, and executive leadership, and how they are improving visibility into fourth-party dependencies and AI related threats.
Key topics
- Ways to integrate critical third-party dependencies into resilience planning, testing, and impact analysis
- Practical approaches for coordinating incident response across vendors, legal, security, communications, and executives
- Techniques for improving visibility and decision-making around fourth-party dependencies and AI-related threats
![]() | Kayla Davis,VP, Enterprise Vendor Management Officer,Keesler Federal Credit Union |
![]() | Hannah Moore,Third Party Risk Senior Regional Lead-Americas,Wise |
Key topics
- Practical examples of operational risk outputs that directly informed vendor or control decisions
- Ways to adjust governance, reporting, and communication so operational risk information is easier to use
- Initial changes teams have made to move beyond a compliance orientation without rebuilding their entire program
![]() | Tiona Smith,Director,Ally |
Key topics
- How recent cyber events have exposed limits in traditional third-party assurance
- Additional techniques and data sources that give a more current view of vendor cyber posture
- Examples of updated due diligence practices that improved efficiency,confidence and resilience
![]() | Ryan Patrick,EVP, TPRM Customer Solutions,HITRUST |
Key topics
- How to assess vendor cyber resilience beyond simple questionnaire responses, including concentration and fourth-party dependencies
- Ways to connect security monitoring, incident management, and TPRM workflows so responses to disruptive events are faster and more coordinated
- Approaches for explaining third-party cyber exposure and major outage scenarios in business terms that operational risk, resilience teams, and senior leaders can act on
![]() | Evan Tegethoff,VP Solution Engineering,Bitsight |
Key topics
- How AI-driven services create layered “risk behind the vendor” that affects cyber, operational resilience, data protection, compliance, and strategy
- Why traditional due diligence, contracts, and monitoring are struggling to keep pace with opaque and fast-changing AI supply chains
- Big-picture ideas for how organizations can rethink TPRM, governance, and collaboration so they are better prepared for AI-enabled ecosystems across all business areas
![]() | Jonathan Bald,SVP Global Sales Lead,Black Kite |
Key topics
- Streamlining assessment content around key risk drivers
- Presenting outcomes to support prioritisation and resource allocation
- Improving assessment quality without increasing effort
- Extended networking lunch
- Meetings with peers, speakers and sponsors
- Networking lounge and exhibition area
- Limited to 30 attendees per table
- Advance sign-up required
- Interactive peer-to-peer discussion format
![]() | Lisa Young,CEO,Young-Risk-LLC; previously Netflix |
![]() | Keith Frantz,Director, Enterprise Risk Manager,Prosper Marketplace |
![]() | Facilitator: Nick Patel,Advisor, TPRM,Independent |
![]() | Tim Harvey,Procurement Director,CompSource Mutual Insurance Company |
Key topics
- How to think about both the immediate and long-tail costs of third-party failures, including operational, financial, customer, and regulatory impacts
- Ways to quantify financial exposure and other impacts in a way that drives action, investment, and prioritization from leadership
- Practical actions organizations are taking to reduce the likelihood and long-term impact of third-party failures, from better playbooks and testing to clearer governance and resilience expectations
![]() | Katherine Avery,Founder,Chimayo Consulting LCC |
Details coming soon
![]() | Paul Valente,Co-Founder & Chief Customer, Officer,VISO TRUST |
Key topics
- New and emerging risk areas being incorporated into modern due diligence programmes
- Embedding cyber, AI,resilience and privacy expectations into existing processes
- Phasing enhancements without overwhelming teams or suppliers
![]() | Kaci Johnson,Director, Risk Management,Nelnet |
Key topics
- How to identify and reduce duplicated effort across due diligence and monitoring activities
- Ways to streamline and automate information collection while maintaining confidence in results
- Practical approaches for using monitoring data to inform actions without creating noise for teams or vendors
![]() | Matthew Ridenhour,Senior Manager, Compliance Operations,UKG |
Key topics
- Concrete AI use cases already in play in TPRM and the value they delivered
- Common pitfalls and limitations teams haveencountered with early AI efforts
- Simple criteria for deciding which AI ideas are worth piloting or scaling
![]() | Lindsey Taulton,Operational Risk Analyst,Cornerstone Capital Bank |
Key topics
- How to recognize the signals that a “survival mode” program has outgrown its original design
- Practical lessons from two transformations on building durable structure, buy-in, and operating discipline
- Ways to reframe a program around long-term value and resilience rather than short-term compliance
![]() | Tracey Peters,Director, Vendor Program Management,TIAA |
Details coming soon..
![]() | Tony Giannio,Senior Director, GRC Engineering,BNSF Railway |
Key topics
- How digital operating models alter traditional assumptions about third-party risk
- Adjustments to scoping, assessment, and oversight that better fit digital services
- Ideas for aligning TPRM activities with broader digital and technology strategies
![]() | Corey Hlavack,Senior Director, Information Security,enVistaas |
Key topics
- Moving from activity metrics to outcome-focused measures
- Metrics that support stronger executive conversations
- Refining reporting to focus on what matters most
![]() | Olga Baldwin,Lead of Third Party Risk Management,StoneX Group |



















