Events

Jan 2022

webinar: Top 5 Priorities for Third Party Cyber Risk for 2022

Tuesday, January 25, 2022 | 11:00am-12:00pm ET

Cyberattacks on the supply chain have become a board-level issue for organizations and will continue to plague executives in 2022. The number and sophistication of security breaches is rising; attacks like ransomware cause significant disruptions to the supply chain, putting security at the forefront of business decisions.

In this session, we will discuss cyberattack readiness and how to ensure that business resiliency is in place for timely detection and mitigation of attacks.

Cost: Free / Credits: 1 CPE

Speakers:

Nasser Fattah, Senior Advisor, Shared Assessments

Nasser has 20+ years as a Cybersecurity, Supply Chain, and IT leader. With a focus on customer-first and team-building approaches, Fattah is able to align programs to support company strategies, regulatory requirements, and growth initiatives. He drives cybersecurity, supply chain, and IT as enablers for enterprise-wide transformation initiatives. He partners with executives to identify and select strategic external partners to deliver essential IT and cybersecurity services to the business. Nasser worked with global parent companies and subsidiaries to establish technology standards to maximize investments and operations efficacy to best support business needs and growth. Nasser has a strong, consistent record working successfully with Business and IT executives, regulators, auditors, and risk partners. Nasser also teaches cybersecurity at several colleges and is the chair for North America Shared Assessments – an industry best practices for the supply chain.

Trony Clifton, Cyber Third Party Governance, BNY Mellon

Trony has 30+ years as an IT Audit, cybersecurity, and technology leader. He is responsible for Site Assessments, PCI Compliance, and Cyber SME for Legal at the Bank. Trony is a former professor at NJIT and author of IT Audit and IT Security books.

Feb 2022

webinar: Data Governance For Third Party Risk

Wednesday, February 2, 2022 | 11:00am-12:00pm ET

As regulations, industry standards, and business strategies continue to shift, data governance is becoming more difficult to support, especially with your vendors. Data governance includes setting internal standards and data policies on how data is gathered, stored, processed, and disposed. This session will provide insight from Shared Assessments experts on how to stay on top of data governance processes for third party risk with specific tips for Schrems II, GDPR, and CCPA.

Cost: Free / Credits: 1 CPE

Speakers:

Tom Garrubba, Vice President, Shared Assessments

Tom Garrubba, Vice President, is an internationally recognized subject matter expert, lecturer, writer, and blogger on third-party risk, and is the head instructor for the Certified Third-Party Risk Professional (CTPRP) certification program. He is a contributor to Future of Sourcing, blogged for the Huffington Post’s Business section, and for Government Health IT, ISACA, Risk.net, and numerous eGRC websites.

John Bree, Chief Evangilist & Chief Risk Officer, Supply Wisdom

John Bree is recognized as a global financial industry executive and subject matter expert with a proven track record in developing and managing Vendor & Third Party Sourcing Risk Management, AML/CTF, KYC, and Anti-Fraud programs.

Web Hull, Privacy and Data Protection Officer, Sr Risk and Compliance Analyst, Abacus Insights

Web Hull has a broad and deep knowledge of domestic and international laws, regulations, regulatory guidance, standards, and business practices. Known as an industry leader with deep experience and hands-on, practical expertise who guides companies as they seek solutions to domestic and international Privacy, Data Protection, InfoSec, & Compliance issues.

member forum call: AI, Machine Learning and the Metaverse

Tuesday, February 8, 2022 | 11:00am ET

Panelists will discuss the risks, challenges, and opportunities related to artificial intelligence, machine learning, and the metaverse in third party risk.

Cost: Free / Credits: 1 CPE

Speakers:

Renee Forney, Senior Director, Azure Hardware Systems & Infrastructure Security, Microsoft

Renee Forney is a skilled collaborator who facilitates shared insights and perspectives between business and technology stakeholders that result in successful program and project execution. She is experienced in technology leadership, strategic planning, and cyber security talent acquisition for federal and state agencies as well as the private sector.

Adam Stone, VP Consulting Services and Privacy Officer, Secure Digital Solutions

Adam Stone, MBA, Fellow in Information Privacy (FIP), CIPM, CIPP/US, CISSP, ISSMP, HCISPP has over 30 years of business leadership experience with 20 years overseeing data privacy and security functions for pharmaceutical distribution, healthcare, insurance, financial services, and marketing organizations. As a data privacy and security expert, Adam has significant experience implementing and refining data privacy and security practices and processes and affecting sometimes-disruptive change across large organizations. He is particularly skilled in navigating complex customer-facing initiatives to guide executives towards profit-generating activities that encourage customer loyalty by focusing on trust and confidence.

Charlie Miller, Senior Advisor, Shared Assessments

Charlie Miller is a frequent speaker and a recognized expert in third party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.

webinar: Fireside Chat – Innovations in Third Party Risk Processes

Thursday, February 24, 2022 | 11:00am-12:00pm ET

This session will be the first in a series of Fireside Chats featuring third party risk professionals sharing innovation success stories. Join Randy Sabbagh, Vice President, Global Incident Management & Third Party Resilience Oversight, State Street, who will share his experiences of how he has been able to stay ahead of the curve, what challenges he sees on the horizon for third party risk, and what needs to be done to develop the next generation of risk managers.

Cost: Free / Credits: 1 CPE

Speakers:

Tom Garrubba, Vice President, Shared Assessments

Tom is an internationally recognized subject matter expert, lecturer, writer, and blogger on third-party risk, and is the head instructor for the Certified Third-Party Risk Professional (CTPRP) certification program. He is a contributor to Future of Sourcing, blogged for the Huffington Post’s Business section, and for Government Health IT, ISACA, Risk.net, and numerous eGRC websites.

Randy Sabbagh, VP Global Incident Management, State Street

Randy is Vice-President, Global Incident Management in State Street’s Enterprise Continuity Services where he focuses on response programs as well as supporting the firm’s 3rd Party Resilience program. Prior to returning to State Street, Randy was at Charles Schwab where his roles included Managing Mainframe Database, Systems and Network, Infrastructure Audit as well as roles including lead Engineer on Technology Resilience, developing and implementing 3rd party program resilience as well as Solutions Architect for Public Cloud implementation and data center strategy.

Mar 2022

webinar: Cybersecurity Taxonomy for Continuous Monitoring

Wednesday, March 2, 2022 | 11:00am-12:00pm ET

Please join us as Shared Assessments, BitSight Technologies, Black Kite, Panorays, RiskRecon, SecurityScorecard, and 23Advisory LLC present the Cybersecurity Taxonomy for Continuous Monitoring, which provides the first descriptive list of cyber events and monitoring surfaces aimed to facilitate more precise and transparent communications among Security Ratings Services (SRS), vendors, suppliers, and end-user organizations. Shared Assessments is making version 1.0 available for use by all industries and third party/cyber risk practitioners.

Cost: Free / Credits: 1 CPE

Speakers:

Charlie Miller, Senior Advisor, Shared Assessments

Charlie Miller is a frequent speaker and a recognized expert in third party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.

Demi Ben-Ari, CTO and Co-Founder, Panorays

Demi Ben-Ari is a software engineer, entrepreneur, and international tech speaker. He has over 10 years of experience in building various systems both from the field of near-real-time applications and big data distributed systems. - Google Developer Expert (GDE) - Google Cloud Platform. - Co-Founder of the “Big Things” Big Data community and Google Developer Group Cloud.

Candan Bolukbas, CTO and Co-Founder, Black Kite

Candan Bolukbas is a digital polymath and Certified Ethical Hacker. Candan fully appreciates the growing threat to digital communications and data accumulation which affects all of us. He is co-founder and chief technology officer at Black Kite, a Boston-based “security-as-a-service solutions” company. Besides being an Ethical Hacker, he is a certified secure programmer, certified incident handler, and certified computer hacking forensic investigator.

Mike Jordan, Founder/Principal, 23Advisory LLC

Mike Jordan is a leader in cybersecurity, third party risk, and compliance. He is passionate about bringing people together to make the right decisions for managing risk. To meet business objectives, we have to take risks. While we can’t have one without the other, we can greatly improve our chances of success by bringing the right people, processes, and technology together to effectively understand and respond to risk in a way that best fits the situation. Mike has more than 20 years in security and risk management, his experience includes designing and deploying multiple scalable and sustainable security technologies, programs, strategies, and products.

Evan Tegethoff, VP Consulting Engineering, BitSight Technologies

Evan Tegethoff is an information security professional focused on risk, compliance, technology, and program development. His goal is to promote the continued maturity of our industry into a discipline that holistically considers cyber security, data protection, technology, and business risk as a unified concept.

Mike Wilkes, CISO, Security Scorecard

Mike Wilkes is a senior security executive with broad experience designing, building, and supporting high-availability infrastructures for the financial services, energy, travel, media, and retail sectors.

webinar: Only Human: Everyday Behaviors and Cyber Risk

Wednesday, March 23, 2022 | 11:00am-12:00pm ET

Reports on the increasing frequency of cyber threats have become daily fodder for the news media. High impact cyber attacks are portrayed as being carried out by organized, sophisticated, and deliberate cyber criminals. However, the human factor, everyday behaviors by employees, presents the weakest links in the cyber security chain.

This session will focus on the impact of human factor failures within the third party risk management ecosystem, and how you can ensure appropriate controls are applied to all those who have access to sensitive data both inside and outside of the company.

Cost: Free / Credits: 1 CPE

Speakers:

Ron Bradley, Vice President, Shared Assessments

Ron Bradley has been involved with Shared Assessments in some capacity for over 15 years. With a depth of experience building TPRM programs in financial services (Bank of America) and manufacturing (Reynolds, Trane Technologies), Ron understands how cultures and organizations drive the supply chain and third-party process. As Vice President, Ron strives to use his extensive knowledge of Third-Party Risk Management to help organizations build programs that realize the full potential of the Shared Assessments toolkit.

May 2022

webinar: Third Party Business Continuity and Disaster Recovery Programs

Wednesday, May 25, 2022 | 11:00am-12:00pm ET

Business Continuity is constantly under attack from rising natural disasters, software and hardware failures, escalating and increasing instances of cyberattacks, and all the risks that accompany them. The effects of any one of these events could be devastating. While there is no sure way to avoid certain risks, there are things you can do to protect your business from any potential fallout that may follow.

In this session, we will uncover the business resilience risks that you are inheriting from your third parties and discuss how to create a disaster recovery plan that can address these ever-growing threats.

Cost: Free / Credits: 1 CPE

Speakers:

Colleen Milazzo, Senior Vice President, TPR Software Products, Shared Assessments

Colleen leads the TPRM software team in the development of software products/tools for third party risk assurance. Colleen has over 20 years of experience within the financial services industry and consulting. She has led programs associated with risk management, procurement/contract negotiation, mergers and acquisitions, and business process reengineering. She has regulatory and global experience executing portfolios to meet the corporate strategy.

Jun 2022

webinar: Peeking Over the TPRM Resilience Regulatory Horizon

Wednesday, June 8, 2022 | 11:00am-12:00pm ET

After nearly two years of responding to constant disruption, many organizations are now reevaluating how their TPRM programs comply with surging regulations and adapt and respond to emerging risks. So, what's over the horizon for TPRM and resilience?

In this session, experts will examine regulatory TPRM/Resilience expectations, with a focus on the US, Europe, and the Monetary Authority of Singapore. We'll review DORA (Digital Operational Resilience Act) status, US regulatory response to last summer's request for comments, PRA and MAS activities, and ESG regulatory direction.

Cost: Free / Credits: 1 CPE

Speakers:

Gary Roboff, Senior Advisor, Shared Assessments

Gary Roboff is a Senior Advisor to Shared Assessments where he focuses on payments, risk management, mobile financial services, and information management. Gary has almost four decades of experience in financial services planning and management, including 25 years at JP Morgan Chase where he retired as Senior Vice President of Electronic Commerce. Gary has worked extensively in electronic payments, payments fraud, third party risk management, privacy, and information utilization, as well as business frameworks and standards for electronic commerce applications.

webinar: Managing Your Supply Chain Risk

Wednesday, June 22, 2022 | 11:00am-12:00pm ET

Modern businesses rely on numerous third parties and their supply chains to keep their businesses running. But many lack robust processes to assess and understand how these supply chains can pose additional risks. Understanding these risks to the supply chain enables businesses to take advantage of tried-and-true strategies that mitigate risk.

This session will feature third party risk leaders from the manufacturing industry to discuss trends in supply chain.

Topics to be discussed include:

  • Emerging risks and threats affecting manufacturing companies
  • Techniques for addressing supply chain risks
  • Challenges – global footprint, supply chain complexity, cyber attacks, regulations…
    • Environmental, Social and Governance (ESG) – collaboration opportunities ,etc.
    • Industry 4.0, digital transformation
  • Integrating and leveraging IT/OT processes, technologies and solutions
  • Standardizing due diligence, risk assessments, standards (ISO, ISA 62443, …)
  • Improving efficiencies and reducing costs
  • Addressing organizational silos, process / technology solution integration, risk mitigation, and communication challenges

  • Cost: Free / Credits: 1 CPE

    Speakers:

    Charlie Miller, Senior Advisor, Shared Assessments

    Charlie Miller is a frequent speaker and a recognized expert in third party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.

    Bob Jones, Senior Advisor, Shared Assessments

    Bob Jones is deeply committed to contributing to the well-being of the financial services community. A well-known and sought-after expert in risk management strategy, he has 50 years of experience leading fraud risk management and risk management strategy. When not writing blogs for SharedAssessments, Bob enjoys playing with his 4 grandchildren and 2 granddogs.

    Oct 2022

    webinar: New 2023 Toolkit: Standardized Excellence to Meet Today’s Risk Environment

    Wednesday, October 19, 2022 | 11:00am-12:00pm ET

    Shared Assessments has updated and upgraded the 2023 Third Party Risk Management Toolkit to align with a changing regulatory and threat environment. Content has been adjusted to focus on Cybersecurity, Data Governance, Operational Risk, and Resilience. This session includes full details about updates and upgrades to the SIG, SCA, VRMMM, Data Governance Tools, including content organization and updates to industry and regulatory standards.

    Cost: Free / Credits: 1 CPE

    Speakers:

    Christopher Campbell, Manager of Sales, Shared Assessments

    Christopher has almost 20 years of experience in sales, customer relations, and corporate operations, including key sales and support roles in various industries ranging from health and fitness to construction. At Shared Assessments, he is responsible for member service, market research, program development, prospective member outreach, membership renewals, and is dedicated to helping members optimize their SIG.

    Andy Hout, Vice President, Tool Development & Implementation, Shared Assessments

    Andy has more than 30 years in data communications/information security and is familiar with all types of systems and transport technologies. Using this knowledge, Andy has conducted hundreds of vendor assessments and implemented vendor risk management programs for several large clients.