• Back to CeFPro
  • View all events
[email protected] | US: +1 888 677 7007 | UK: +44 (0)207 600 3543
Vendor & Third Party Risk USA: The Cross-Industry Conference
  • Overview
  • Agenda
  • Speakers
  • Event Insights
  • TPRA & CeFPro Partnership
  • Sponsors
  • ATTEND
  • Search
  • Menu Menu
Day One | October 14 Day Two | October 15

Day One | October 14

Here is the latest edition of the agenda. As we approach the event, we will be adding speakers and sessions to enhance your experience. To stay informed, please register your interest

RECEIVE EVENT UPDATES
DOWNLOAD THE BROCHURE
7:30
Registration & Breakfast
7:45
Closed Door Briefing
(Open to first 30 attendees)
8:35
Transition for Closed Door Briefing Attendees
8:45
Conference Kick-Off
9:00
State of the TPRM Industry
Third-party risk management is under more pressure than ever, with teams navigating expanding regulatory frameworks, geopolitical instability, and vendor ecosystems that increasingly depend on AI and complex digital supply chains. Today’s programs are being asked to cover more risk domains, respond faster to disruption, and provide clearer assurance to leadership and regulators, often without a matching increase in resources. This keynote takes a candid look at the current state of the TPRM profession and the early signals of where it is headed next, so teams can plan for what is coming rather than just reacting.
View session details...

Key topics

  • The realities TPRM programs are dealing with now, including regulatory expectations, operational disruption, vendor AI adoption, and growing dependency on a small set of critical providers
  • How these forces are beginning to change due diligence, ongoing monitoring, resilience planning, and what “good” governance looks like in practice
  • What this means for the profession over the next few years, including emerging skill sets, closer collaboration with other risk and business functions, and new ways of showing value to leadership
9:35
Speaker Transition
9:40
Operational Resilience in the Age of Third-Party Dependency
Operational resilience is under real pressure as organizations depend on larger, more complex third-party ecosystems. Traditional due diligence and compliance activity is no longer enough when boards and regulators expect the ability to anticipate, withstand, respond to, and recover from disruption.
This panel brings together practitioners to share how they are preparing for, managing, and learning from third-party cyber incidents and operational disruptions. Panelists will discuss real coordination challenges across vendors, legal, security, communications, and executive leadership, and how they are improving visibility into fourth-party dependencies and AI related threats.
View session details...

Key topics

  • Ways to integrate critical third-party dependencies into resilience planning, testing, and impact analysis
  • Practical approaches for coordinating incident response across vendors, legal, security, communications, and executives
  • Techniques for improving visibility and decision-making around fourth-party dependencies and AI-related threats

Kayla Davis,VP, Enterprise Vendor Management Officer,Keesler Federal Credit Union

Hannah Moore,Third Party Risk Senior Regional Lead-Americas,Wise

10:25
Coffee Break / Table Refresh / Wall Transition
Operational Risk & Resilience
Magnolia 1–2
Innovation & Automation
Magnolia 3–4
Regulation & Standards
Magnolia 5–6
10:55
Beyond Compliance: Modern Operational Risk in TPRM
Operational risk work in many TPRM programs is still shaped by exam expectations, even as business leaders look for clearer insight into where to focus attention and investment.
View session details...

Key topics

  •  Practical examples of operational risk outputs that directly informed vendor or control decisions
  • Ways to adjust governance, reporting, and communication so operational risk information is easier to use
  • Initial changes teams have made to move beyond a compliance orientation without rebuilding their entire program

Tiona Smith,Director,Ally

10:55
Rethinking Vendor Due Diligence: When Cyber Threats Outpace Traditional Assurance
Cyber threats, including ransomware and AI-enabled attacks, are evolving faster than many traditional control frameworks and testing cycles.
View session details...

Key topics

  • How recent cyber events have exposed limits in traditional third-party assurance
  • Additional techniques and data sources that give a more current view of vendor cyber posture
  • Examples of updated due diligence practices that improved efficiency,confidence and resilience

Ryan Patrick,EVP, TPRM Customer Solutions,HITRUST

10:55
The Program You Built to Survive Is Not the Program You Need to Thrive: Lessons from Two Transformations Across Financial Services and Insurance
11:40
Room Transitioning
11:40
11:45
Third-Party Cyber Resilience in a Connected World
As organizations depend on a tightly interconnected web of cloud, SaaS, and infrastructure providers, third-party cyber resilience has become a core operational risk and resilience concern, not just a security issue. It now requires understanding how cyber incidents, concentration risk, and fourth-party dependencies can trigger real business disruption. This session focuses on how teams are building more resilient operating environments by assessing third-party cyber exposure in a practical, outcomes-focused way and connecting it to continuity, incident response, and recovery planning.
View session details...

Key topics

  • How to assess vendor cyber resilience beyond simple questionnaire responses, including concentration and fourth-party dependencies
  • Ways to connect security monitoring, incident management, and TPRM workflows so responses to disruptive events are faster and more coordinated
  • Approaches for explaining third-party cyber exposure and major outage scenarios in business terms that operational risk, resilience teams, and senior leaders can act on

Evan Tegethoff,VP Solution Engineering,Bitsight

11:45
The AI Supply Chain Crisis: Why Third-Party Risk is No Longer About Vendors Alone
AI is reshaping third-party risk in ways that impact every part of the organization, from technology and operations to legal, compliance, and the board. In AI ecosystems, a single vendor relationship can expose you to an entire hidden chain of technologies, models, data sources, subcontractors, APIs, and autonomous decision-making systems that extend far beyond traditional supplier lists. Join us to learn how that shift challenges long-standing assumptions about third-party risk, governance, resilience, and accountability, and what it means for leaders across all functions.
View session details...

Key topics

  • How AI-driven services create layered “risk behind the vendor” that affects cyber, operational resilience, data protection, compliance, and strategy
  • Why traditional due diligence, contracts, and monitoring are struggling to keep pace with opaque and fast-changing AI supply chains
  • Big-picture ideas for how organizations can rethink TPRM, governance, and collaboration so they are better prepared for AI-enabled ecosystems across all business areas

Jonathan Bald,SVP Global Sales Lead,Black Kite

11:45
Risk Assessments That Deliver Meaningful Insights
Risk assessments can consume significant effort without changing decisions if they are not designed effectively.
View session details...

Key topics

  • Streamlining assessment content around key risk drivers
  • Presenting outcomes to support prioritisation and resource allocation
  • Improving assessment quality without increasing effort
12:35-1:20
LUNCH NETWORKING & OPTIONAL ROUNDTABLE DISCUSSIONS
All attendees have access to:
  • Extended networking lunch
  • Meetings with peers, speakers and sponsors
  • Networking lounge and exhibition area
Roundtables are optional, limited to 30 attendees per table, and require advance registration. Attendees not participating in a roundtable may continue networking until sessions resume
1:20-2:05
Optional Roundtable Discussions
All attendees have access to:
  • Limited to 30 attendees per table
  • Advance sign-up required
  • Interactive peer-to-peer discussion format
Roundtables are optional, limited to 30 attendees per table, and require advance registration. Attendees not participating in a roundtable may continue networking until sessions resume
ROUNDTABLE
Finding Balance Between Depth and Speed in TPRM Assessments

Lisa Young,CEO,Young-Risk-LLC; previously Netflix

ROUNDTABLE
When Operations Break: Preparing for Third-Party Disruption

Keith Frantz,Director, Enterprise Risk Manager,Prosper Marketplace

ROUNDTABLE
Contractual Fitness: Navigating Risk in Third-Party Agreements
ROUNDTABLE
How to Identify, Prioritize and Govern Critical Vendor Risk by Mapping Interdependencies and Aligning Oversight to Executive Decision-Making

Facilitator: Nick Patel,Advisor, TPRM,Independent

ROUNDTABLE
ROUNDTABLE
From Compliance to Collaboration – Building a TPRM Program That Creates Value and Drives Accountability

Tim Harvey,Procurement Director,CompSource Mutual Insurance Company

2:05
Transition Between Rooms
2:05
2:10
The Real Cost of Third-Party Operational Failure
When a critical vendor fails, the damage is not limited to a bad day or a single outage. The immediate impact can show up in downtime, customer disruption, and emergency workarounds, while long-tail effects can linger for years in the form of financial losses, regulatory findings, and erosion of customer and internal trust. This session looks at the full cost of third-party operational failure and uses real examples to highlight what stronger resilience planning, governance, and oversight might have changed.
View session details...

Key topics

  • How to think about both the immediate and long-tail costs of third-party failures, including operational, financial, customer, and regulatory impacts
  • Ways to quantify financial exposure and other impacts in a way that drives action, investment, and prioritization from leadership
  • Practical actions organizations are taking to reduce the likelihood and long-term impact of third-party failures, from better playbooks and testing to clearer governance and resilience expectations

Katherine Avery,Founder,Chimayo Consulting LCC

2:10
From Intake to Monitoring: Automating TPRM Life Cycle
Details coming soon…
View session details...

Details coming soon

Paul Valente,Co-Founder & Chief Customer, Officer,VISO TRUST

2:10
Rethinking Third-Party Due Diligence for Modern Risk
Due diligence now has to cover more ground to reflect evolving regulatory expectations and emerging risks, while still remaining efficient and vendor friendly. This session explores how teams are layering in topics such as cyber resilience, artificial intelligence use, data protection, and operational disruption in a targeted way. It focuses on practical updates that can be rolled out in stages so programs can evolve without overwhelming internal teams or third parties.
View session details...

Key topics

  • New and emerging risk areas being incorporated into modern due diligence programmes
  • Embedding cyber, AI,resilience and privacy expectations into existing processes
  • Phasing enhancements without overwhelming teams or suppliers

Kaci Johnson,Director, Risk Management,Nelnet

3:00
Afternoon Refreshment Break and Networking
3:00
3:30
Due Diligence Fatigue & Continuous Monitoring – Finding Efficiency and Effectiveness in the TPRM Process
Repeated, high-effort due diligence cycles and a growing volume of monitoring data are putting pressure on both internal teams and vendors. This session looks at how programs are rethinking due diligence and the use of monitoring information so they can simplify, automate, and innovate without overwhelming participants or sacrificing quality and trust. It focuses on practical ways to reduce duplication, use monitoring data more intelligently, and keep oversight both sustainable and credible.
View session details...

Key topics

  • How to identify and reduce duplicated effort across due diligence and monitoring activities
  • Ways to streamline and automate information collection while maintaining confidence in results
  • Practical approaches for using monitoring data to inform actions without creating noise for teams or vendors

Matthew Ridenhour,Senior Manager, Compliance Operations,UKG

3:30
AI in TPRM: Hype, Reality & Practical Use Cases
There is plenty of enthusiasm for AI, but not all use cases are delivering real value in third-party risk management. This session focuses on where AI is actually helping TPRM work today, where it has fallen short, and how programs are deciding what to try next. The goal is a grounded view of AI in practice rather than a technology pitch.
View session details...

Key topics

  • Concrete AI use cases already in play in TPRM and the value they delivered
  • Common pitfalls and limitations teams haveencountered with early AI efforts
  • Simple criteria for deciding which AI ideas are worth piloting or scaling

Lindsey Taulton,Operational Risk Analyst,Cornerstone Capital Bank

3:30
The Program You Built to Survive Is Not the Program You Need to Thrive: Lessons from Two Transformations Across Financial Services and Insurance
Many programs are born out of necessity—stood up quickly to meet a regulatory deadline, respond to an incident, or satisfy an immediate business demand. But the scrappy program that helped you survive is rarely the one that positions you to thrive. This session draws on lessons from two real-world transformations across financial services and insurance sectors, where leaders had to evolve programs from reactive and fragmented to strategic and sustainable. It explores what changes when you shift from checking boxes to driving value, the friction that surfaces along the way, and the practical decisions that separate programs that scale from those that stall.
View session details...

Key topics

  • How to recognize the signals that a “survival mode” program has outgrown its original design
  • Practical lessons from two transformations on building durable structure, buy-in, and operating discipline
  • Ways to reframe a program around long-term value and resilience rather than short-term compliance

Tracey Peters,Director, Vendor Program Management,TIAA

4:20
Transition Between Rooms
4:20
4:25
Where Business Resiliency & TPRM Merge
When disruption affects a critical third party or supply chain partner, organizations must move quickly from uncertainty to coordinated action. This roundtable will explore practical approaches to strengthening third party incident response and resilience, including governance alignment, stakeholder coordination, response testing, and lessons learned processes. Participants will share real world experiences and gain actionable ideas for building resilient, repeatable response strategies that improve preparedness and support long term operational resilience.
View session details...

Details coming soon..

Tony Giannio,Senior Director, GRC Engineering,BNSF Railway

4:25
Reimagining Third-Party Risk for the Digital Era
Digital business models and technology stacks are changing how organizations engage with external providers. This session we’ll examine how TPRM practices are adapting to environments built on software as a service, platforms, interfaces, and data sharing. It highlights adjustments that make traditional processes more suitable for digital services and faster delivery models.
View session details...

Key topics

  • How digital operating models alter traditional assumptions about third-party risk
  • Adjustments to scoping, assessment, and oversight that better fit digital services
  • Ideas for aligning TPRM activities with broader digital and technology strategies

Corey Hlavack,Senior Director, Information Security,enVistaas

4:25
TPRM Metrics That Matter
Boards and executives increasingly expect evidence that TPRM programmes are effective and aligned to risk appetite.
View session details...

Key topics

  • Moving from activity metrics to outcome-focused measures
  • Metrics that support stronger executive conversations
  • Refining reporting to focus on what matters most

Olga Baldwin,Lead of Third Party Risk Management,StoneX Group

5:15
Transition To Exhibitor Hall/Bridge Suite
5:20-6:20
Networking Cocktail Reception
Day One | October 14 Day Two | October 15

About

  • CeFPro Home
  • Full events calendar
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Upcoming events

  • Our Flagship Event: Risk Americas
  • View the full events calendar

Contact Us

Contact Us
[email protected]
+1 888 677 7007
+44 (0)207 600 3543

Scroll to top