Day Two | October 15
Here is the latest edition of the agenda. As we approach the event, we will be adding speakers and sessions to enhance your experience. To stay informed, please register your interest
(Open to first 30 attendees)
Key topics
- How to design or update a criticality and tiering model that matches current realities
- Ways to connect criticality to assessment depth, monitoring, and testing requirements
- Examples of how revising tiers shifted program focus toward higher-risk relationships
![]() | Fusako Menna,Director, Operational Risk and TPRM,Daiwa Capital Markets |
In this session, we introduce Hyper TPRM — a modern approach to third-party risk management built for scale. Hyper TPRM moves beyond questionnaire-driven processes by combining data-first intelligence, workflow, community-powered exchange models, and AI acceleration, with human confirmation where it matters most.
Join us to learn how organizations are evolving their TPRM programs to:
Key topics
- Prioritize vendors using dynamic, explainable risk insights
- Leverage shared, validated assessment data to reduce friction for vendors and internal teams
- Apply AI to accelerate assessments, validate evidence, and expand portfolio coverage
- Shift from point-in-time reviews to continuous, risk-based monitoring
If you’re looking to modernize your TPRM program without compromising rigor, this session will show how Hyper TPRM enables faster decisions, broader coverage, and greater confidence across the entire third-party lifecycle.
![]() | Ed Thomas Jr,Senior Vice President,ProcessUnity |
Key topics
- How to identify where third-party services intersect with critical infrastructure
- Additional resilience testing, documentation, and oversight that are used in these contexts
- Examples of coordination with regulators or sector bodies on critical third-party resilience
Key topics
- Typical sources of downstream risk behind primary third-party services
- Tactics for gaining useful visibility through contracts, questionnaires, and data sources
- Ways to determine where deeper fourth-party analysis is warranted
![]() | Tracey Forney,Sr. Compliance Manager,Aerstone |
This session looks at where automation has been effective in managing assessment workload and where human review remains essential. It provides examples of assessment designs that use automation for efficiency while preserving clear ownership of key risk decisions.
Key topics
- Parts of the assessment process that are well suited for automation
- Guardrails and checkpoints that keep governance and accountability clear
- Example workflows showing how automation changed both speed and overall quality
Key topics
- Examples of resilience metrics linked to readiness and performance
- Ways to keep resilience reporting focused while providing sufficient detail
- Approaches for tailoring resilience metrics for senior leaders and operational teams
![]() | Laura Arnott,Director,Vigilant LLC |
Key topics
- How to identify and map cloud related dependencies across a vendor portfolio
- Questions and evidence to request around resilience, failover, and incident management
- Ways to frame cloud concentration risk and potential mitigations for internal stakeholders
![]() | Mark Carroll,Founder – Graduate ERM Program,Boston University |
Key topics
- Where automated decision-making commonly appears in vendor offerings
- Types of risk that arise when automated decisions are not transparent or well controlled
- Practical evaluation and oversight steps for automated decision engines
![]() | Jude Ejiobi,Cybersecurity GRC Manager,J.B Poindexter & CO |
Key topics
- How to recognize when different regimes create conflicting expectations for a vendor or service
- Factors used to decide which requirement effectively takes precedence in practice
- Ways to document and communicate these choices so they are defensible and repeatable
Key topics
- Techniques for summarizing complex risk information in a clear and concise way
- Ways to frame options and recommendations so leadership can decide more quickly
- Examples of how improved framing led to different decisions on vendors, controls, or investments
![]() | Franceso De Lucia Dattolo,Cybersecurity Program Manager, Governance & Risk | Third Party Cyber Security,Schlumberger |
![]() | Narahari (Hari) Roa,Global Supply Risk and Resilience Director,Schlumberger (SLB) |
Key topics
- Concrete AI use cases already in play in TPRM, what they delivered, and where automation alone was sufficient
- Common pitfalls tied to data quality, messy processes, and unclear ownership, and how human-in-the-loop controls help keep outcomes reliable
- Simple criteria practitioners can use to decide which AI ideas are worth piloting or scaling, and how to set realistic expectations with stakeholders
![]() | Jonathan Bald,SVP Global Sales Lead,Black Kite |
![]() | Ragav Ramesh,Executive Director,J.P Morgan Chase |
![]() | Matthew Ridenhour,Senior Manager, Compliance Operations,UKG |
![]() | Kaci Johnson,Director, Risk Managemet,Nelnet |
Key topics
- Key governance elements regulators and standards bodies expect to see in mature TPRM programs
- How to define and document roles, decision rights, and escalation paths so governance works in day-to-day operations
- Practical steps for shoring up TPRM governance, even in developing programs, to reduce compliance risk and close gaps between policy and practice
![]() | Tamara Culler,Independent,formerly of OCC |
- Extended networking lunch
- Meetings with peers, speakers and sponsors
- Networking lounge and exhibition area
- Limited to 30 attendees per table
- Advance sign-up required
- Interactive peer-to-peer discussion format
![]() | Ryan Patrick,EVP, TPRM Customer Solutions,HITRUST |
![]() | Ryan Hesser, VP TPRM & Legal Counsel,VyStar Credit Union |
Key topics
- Identify hidden third-, fourth-, and nth-party dependencies within agentic AI ecosystems.
- Recognize emerging operational and concentration risks that traditional TPRM processes may overlook.
- Explore practical approaches to strengthen resilience and governance across AI-enabled third-party environments.
- Understand how evolving regulatory expectations are shaping oversight of AI-supported services.
![]() | Naresh Raheja,Former OCC, Senior Risk Specialist,Independent |
Key topics
- Using automation and workflow tools to reduce manual effort
- Integrating TPRM with cybersecurity, privacy, procurement and resilience platforms
- Moving from spreadsheets and email toward digital, data-driven processes
![]() | Ryan Langshaw,Risk Program Lead,Lead |
Details coming soon…
![]() | Mariano Rivera,Technology and Business Transformation Leader,Enterprise initiatives across large retail and financial service organization |
![]() | Elizabeth Blosh-Myers,VP/Director Third Party Risk Management,Thread Bank |
![]() | Ryan Hesser, VP TPRM & Legal Counsel,VyStar Credit Union |
![]() | Kristen Thomas,Director,ComplyIQ, Former JP Morgan Chase |
![]() | Tim Harvey,Procurement Director,CompSource Mutual Insurance Company |
Key topics
- How AI and automation will redefine third-party ecosystems
- The rise of systemic and cross-industry risk exposure
- Preparing for risks that cannot yet be fully quantified
- What organisations need to build now to remain resilient in the future





















