On Demand Events

Missed a recent webinar or Member Forum Call? Catch our previous virtual sessions here. We now offer CPEs from most of our on-demand offerings. To earn CPEs, please submit your information and codes in the form linked below. Note: our on-demand recordings work best when viewed in the Chrome browser.

All On-demand Events

October Member Forum Call: Best Practices of Governance in Third Party Risk Management Programs

Strong program governance helps foster efficient use of resources, greater transparency, and an environment of trust. This webinar will highlight best practices in governance of Third Party Risk Management (TPRM). During this webinar, we will discuss governance goals and objectives, reporting on key indicators, and program evaluation. This member forum call will be open to nonmembers.
Speakers:
  • Bob Jones
    Senior Advisor, Shared Assessments
    Bob is deeply committed to contributing to the well-being of the financial services community. A well-known and sought-after expert in risk management strategy, he has 50 years of experience leading fraud risk management and risk management strategy. In addition to bringing unique experience as a consultant, educator and expert witness to Shared Assessments, he also serves as the principal of RW Jones Associates, LLC and is Adjunct Professor Emeritus of Economic crime at Utica College, where he taught in the school’s M.B.A. in Economic Crime and Fraud Management program. His articles have appeared in the RMA Journal and the Journal of Economic Crime Management.
    View full bio
  • Rhonda Cook
    Senior Advisor, Shared Assessments
    Rhonda K.R. Cook is retired Chief Risk Officer for SEI Investments in Oaks, PA. She also served 4 years as Chair of the Investment Company Institute’s (ICI’s) Chief Risk Officer Committee. Over the course of her 25 years at SEI, Rhonda worked in a variety of client service, solution development, and risk management roles. She led projects in SEI’s Hong Kong and London offices, and she spent three years in New Delhi as SEI’s first Unit Leader, India. Rhonda has an M.B.A. from Northeastern University with a dual concentration in International Management and Innovation Entrepreneurship. Prior to joining SEI Investments, Rhonda graduated from the United States Military Academy at West Point; she served nine years as a Military Intelligence Officer in the U.S. Army, including multiple duty assignments in Europe, the Middle East, and Asia.
    View full bio
  • Joe Prochaska Jr.
    Board Member, Synovus Financial Corporation
    Joseph (“Joe”) J. Prochaska Jr is an experienced board member and strategic financial executive with over 30 years helping some of the world’s largest insurance related companies improve profits, navigate transformation activities including mergers and acquisitions and enhance financial systems. Joe has an extensive background in accounting, financial reporting, financial systems, and risk evaluation. He also brings deep information technology experience including enterprise-wide financial and operating systems and cyber security. Joe is designated as a Qualified Financial Expert under Sarbanes-Oxley and serves as an independent director and Qualified Risk Expert on the Synovus Financial Corp. Board.
    View full bio
  • Falicia Foster-Cruz
    CISA, CRVPM, CTPRP | MANAGER – THIRD PARTY RISK MANAGEMENT, Iron Mountain
    Based in the US with over 15 years of experience in risk and compliance, Falicia manages Iron Mountain's global third party risk management program and leads a team of 7 analysts from around the world. Falicia has a background in Retail, Hospitality, Finance, Health Services, Compliance and Government, has a bachelors in business administration as well as the CISA, CTPRP, and CRVPM certifications. Falicia tends to describe herself as a "Jane of all Trades" which comes in handy with the wide field of focus of Third Party Risk.
    View full bio
Register to Watch

Interagency Guidance: One Year Later

The Federal Reserve Board (the Board), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) collectively introduced the Interagency Guidance on Third-Party Relationships: Risk Management. In June 2023, the guidance officially became effective – now, you are expected to comply! This session takes a closer look at what we've learned over the past year and provides a walkthrough of the NEW Shared Assessment Interagency Guidance Gap Analysis tool.
Speakers:
  • Jennifer Hancock
    Senior Advisor, Shared Assessments
    Jennifer Hancock is a third-party risk management professional with more than 20 years of experience in third-party risk management. As owner of Hancock Consulting LLC, a consultancy she founded to provide specialized advisory services, Ms. Hancock has been able to help organizations develop effective third-party risk management strategies and improve their overall resilience. Her expertise has been sought after by a wide range of clients across industries, and she is dedicated to helping organizations of all sizes manage their third-party risks effectively. As a thought leader in the field of third-party risk management, Ms. Hancock has been a featured speaker at numerous industry events and conferences. She is both a Certified Third-Party Risk Professional and a Certified Third-Party Risk Assessor (CTPRA).
    View full bio
  • Chris Johnson
    Senior Advisor, Shared Assessments
    Chris is a Senior Advisor to Shared Assessments where he focuses on healthcare, financial services, and emerging technologies. He has more than 25 years of experience helping clients effectively manage risk while exhibiting a passionate and dynamic leadership style. Prior to joining Shared Assessments, Chris led third party risk management and information technology initiatives at Bristol Myers Squibb, Bank of America, Merrill Lynch, KPMG, and Marriott International.
    View full bio
Register to Watch

Navigating the Complexities of Continuous Monitoring for Third-Party Risk

In today's interconnected business landscape, continuous monitoring has emerged as a critical strategy to ensure ongoing compliance, mitigate risks, and protect your organization. This webinar will provide an overview of continuous monitoring and best practices for implementation. In this webinar we will:

  • • Discuss the definition of continuous monitoring and its role in third-party risk management
  • • We will outline effective strategies for selecting, implementing, and maintaining a continuous monitoring program• We will examine real-world case studies of organizations that have successfully leveraged continuous monitoring to mitigate risks.

Join us for this informative webinar and gain valuable insights into how to effectively manage third-party risk through continuous monitoring.

Speakers:
  • Elizabeth Dunsmoor
    TPRM Principal, Shared Assessments
    Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.
    View full bio
  • Chris Johnson
    Senior Advisor, Shared Assessments
    Chris is a Senior Advisor to Shared Assessments where he focuses on healthcare, financial services, and emerging technologies. He has more than 25 years of experience helping clients effectively manage risk while exhibiting a passionate and dynamic leadership style. Prior to joining Shared Assessments, Chris led third party risk management and information technology initiatives at Bristol Myers Squibb, Bank of America, Merrill Lynch, KPMG, and Marriott International.
    View full bio
Register to Watch

Insurance Committee – September 2024

The Shared Assessments Insurance Committee discussed various topics, including the upcoming UK Summit on September 25, the 2025 US Summit in Fort Lauderdale, and the importance of AI in third-party risk management. They recapped data privacy, cybersecurity, liability, and generalized risks associated with autonomous vehicles (AVs). During open discussion on TPRM Insights, they highlighted the need for a risk appetite framework, the roles country risk and operational risk management play. The committee also explored the challenges of assessing vendors during proof-of-concept (POC) phases, suggesting early involvement and data minimization strategies. They noted the increasing number of third-party assessments, with some organizations performing over 500 annually, and the importance of continuous monitoring and cyber threat intelligence tools.

Financial Services Committee – September 2024

Jen Hancock highlighted the importance of the IAG guidance for navigating third-party risk and regulatory requirements. Chris Johnson introduced the Shared Assessments IAG gap analysis tool, which maps IAG to rescinded FRB, FDIC, and OCC guidance, helping identify new requirements and potential gaps. During the Open Mic for Members Participants noted the need to explore alternative methods of assurance / due diligence when direct assessments are not possible. The committee explored offshore delivery center controls. Feedback from organizations was they are implementing a combination of physical and technological controls for offshore delivery centers, rather than relying solely on physical security measures like "clean rooms” and a trend towards bringing more critical functions in-house or to captive centers to maintain tighter control over sensitive data and processes, rather than relying on third-party offshore providers. Lastly, participants highlighted the challenges of maintaining control environments and talent acquisition/retention for offshore locations, especially with the shift to more remote and hybrid work models during the pandemic.

September Member Forum Call – Contracting for Resiliency: Navigating AI, Regulatory Changes and Modern Practices

Join us for an engaging fireside chat as we delve into the evolving landscape of contracting. This webinar will explore the intersection of artificial intelligence (AI), business resiliency, and the latest regulatory changes. Our experts will discuss strategies for building business resiliency through robust contracting practices and adapting to recent regulatory shifts. Additionally, we’ll address the critical terms and conditions you should consider for vendors who are or will incorporate AI into their services. Don’t miss this opportunity to gain a deeper understanding of the future of contracting and how to leverage these advancements for your organization’s success.
Speakers:
  • Jennifer Hancock
    Senior Advisor, Shared Assessments
    Jennifer Hancock is a third-party risk management professional with more than 20 years of experience in third-party risk management. As owner of Hancock Consulting LLC, a consultancy she founded to provide specialized advisory services, Ms. Hancock has been able to help organizations develop effective third-party risk management strategies and improve their overall resilience. Her expertise has been sought after by a wide range of clients across industries, and she is dedicated to helping organizations of all sizes manage their third-party risks effectively. As a thought leader in the field of third-party risk management, Ms. Hancock has been a featured speaker at numerous industry events and conferences. She is both a Certified Third-Party Risk Professional and Certified Third-Party Risk Assessor (CTPRA).
    View full bio
  • Matt Johnson
    Partner, Bortstein Legal Group
    Matt Johnson is an accomplished technology, outsourcing, and commercial transactions attorney who is recognized for providing comprehensive strategic, legal, and commercial advice to his clients. Over the course of his career, Matt has drafted and negotiated services agreements, technology licenses, and procurement contracts ranging in value from thousands of dollars to five billion dollars. He has also worked with clients to develop complete sourcing strategies for their information technology operations and business processes, to prepare related RFPs, and to evaluate potential suppliers’ bids. His clients have included financial institutions, pharmaceutical companies, and technology companies; many of the transactions on which he has worked have involved the client’s global operations. Matt’s in-house and operations executive experiences give him a deeper understanding of practical and operational aspects of legal transactions, enhancing the value he offers his clients. Matt takes a broad approach to his work, drawing on his understanding of the business context of a transaction, to provide actionable legal and commercial advice to help clients of every size meet their objectives. Prior to joining BLG, Matt worked as in-house counsel at one of the nation’s largest home health and hospice companies and practiced law with two of the top outsourcing practice groups in the U.S. Before becoming a lawyer, Matt was an operations executive in the assisted living industry. He is a graduate of the College of William and Mary and George Washington University Law School.
    View full bio
Become a Member to Watch

AI & Emerging Technologies Committee – August 2024

The Shared Assessments AI & Emerging Technology Committee provided an update on Shared Assessments' AI initiatives, including the EU AI ACT, response to the Treasury's RFI and an upcoming AI briefing paper. The committee discussed potential cyber risks and concerns around autonomous vehicles (AVs), including data privacy, cross-border data sharing, and the lack of underwriting history compared to human-driven vehicles. Participants highlighted the need for regulatory frameworks and standards to address the risks of AVs, as the technology is rapidly evolving. Lastly, the committee had an in-depth discussion on the advancements in deep fake technology and the potential for misuse, including identity fraud in remote work situations. Participants emphasized the balance between convenience and security, and the need for new methods to verify identity in a remote workforce. The group also discussed the importance of educating customers and third parties about the risks of deep fakes. The next meeting is scheduled for October 22, 2024.

Best Practices for Threat and Vulnerability Response & Emergency Assessments

It's not getting any easier. Every time we turn around there seems to be another attack or threat that demands our attention. While each event is unique, they all result in third-party risk management teams scrambling to ensure their organizations are protected. Rapid responses and emergency assessments can be knee-jerk, stressful and distracting. It doesn't have to be that way. Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We'll outline what's required to prepare in advance so you're ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we'll cover the necessary steps and considerations for an effective response plan. Session attendees will learn:

  • • How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss
  • • How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability
  • • How quick-assess campaigns can automatically scope, distribute, and score responses
Speakers:
  • Ed Thomas
    Senior VP, ProcessUnity
    Ed Thomas is a Senior Vice President at ProcessUnity, with an extensive background in Third-Party Risk Management. A seasoned expert in the field, Ed has years of experience guiding organizations on their journey to establish efficient and effective risk management programs. Combining his deep industry knowledge with practical insights, Ed aims to assist organizations in realizing the full potential of their TPRM programs.
    View full bio
  • Elizabeth Dunsmoor
    TPRM Principal, Shared Assessments
    Elizabeth Dunsmoor recently joined Shared Assessments as a TPRM Principal after 15 years as a TPRM practitioner. She has experience designing holistic programs and delivering assessment work within the cybersecurity, financial services, manufacturing, and healthcare sectors. With a proven ability to oversee and execute long-term operational strategies and methodologies for risk programs, Elizabeth is proficient in a variety of management actions including translating strategies into measurable plans, partnering with Procurement, corporate teams, and firm leaders to develop a pipeline of cross-functional leaders within the risk management function. She now provides training and guidance to business leaders to ensure understanding of program requirements, third-party capabilities, and performance expectations.
    View full bio
Register to Watch

Global ESG TPRM Committee – August 2024

The conversation focused on various regulations and directives related to ESG (Environmental, Social, and Governance) factors in vendor management programs. Speakers discussed the German Supply Chain Act, EU's Corporate Sustainability Due Diligence Directive, and ESG ratings, highlighting their significance in ensuring ethical and sustainable practices. They also discussed the potential impact of recent Supreme Court decisions on ESG regulations and the evolving nature of third-party risk management in the face of climate change. The speakers emphasized the importance of staying abreast of changes in the insurance industry and incorporating insurance reviews into third-party risk programs to mitigate potential risks. Thank you to our guest speakers, including Justin Libucki, ESG Risk Analyst, SEI Investments, and Jennifer Hancock, Senior Advisor, Shared Assessments.

August Member Forum Call – Cloud Computing Essentials For Third Party Risk Management Leaders

Join us for an engaging and insightful session tailored specifically for third party risk management leaders. This webinar will explore the transformative impact of cloud computing on business operations and risk management strategies. Key topics include: Best practices for assessing and mitigating risks associated with cloud service providers Ensuring data security and maintaining regulatory compliance Effective cloud governance and vendor risk assessments Latest trends shaping the future of cloud technology Attendees will gain valuable insights to enhance their expertise and safeguard their organization's cloud environment. Don't miss this opportunity to stay ahead in the ever-evolving landscape of cloud computing and risk management.
Speakers:
  • Chris Johnson
    Senior Advisor , Shared Assessments
    Chris is a Senior Advisor to Shared Assessments where he focuses on healthcare, financial services, and emerging technologies. He has more than 25 years of experience helping clients effectively manage risk while exhibiting a passionate and dynamic leadership style. Prior to joining Shared Assessments, Chris led third party risk management and information technology initiatives at Bristol Myers Squibb, Bank of America, Merrill Lynch, KPMG, and Marriott International.
    View full bio
  • John DiMaria
    Director of Operations Excellence and Research Fellow, Cloud Security Alliance
    John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, is the Director of Operations Excellence and Research Fellow with the Cloud Security Alliance. He has 40 years of experience in Standards and management System Development, including Information Systems, Business Continuity, and Quality. John was one of the innovators and co-founders of the CSA STAR programs Open Certification Framework for cloud providers and developed the first certification scheme and process related to the NIST Cybersecurity Framework. John is a contributing author of the last three editions of the American Bar Association’s Cybersecurity Handbook, and a working group member, and a key contributor to the NIST Cybersecurity Framework and former contributing author and Steering Committee member of the Shared Assessments Program, where he dedicated significant time and effort to advancing the goals and initiatives of the program. John also serves as a leading expert as the BCI SIG Vice-Chair for Cyber Resilience, Working Group Chair for the IEEE P3454™, Standard for Cloud Computing - Operational Resilience – Framework, Member of the MSECB Impartiality, Ethics, and Appeals Committee, and Customer Experience Advisory Member with Lindenwood University, St. Louis, MO. He currently oversees the strategic execution of core operational functions, liaising across departments to provide tactical support and guidance, promoting operational efficiency and interdepartmental collaboration. Prior to joining CSA, DiMaria was the Global Product Champion for The British Standards Institution where he served as the global head of all information security, business continuity and cybersecurity product and process offerings as well as operations assessment scheme manager. He has experience working with both national and international environments.
    View full bio
Become a Member to Watch
1 2 3 4 15