Shared Assessments 18th Annual Third-Party Risk Summit 2025 (USA)

March 26-27th, 2025

The Westin Fort Lauderdale Beach Resort

Third-Party Risk Summit

Join us as we celebrate the 20th Anniversary of Shared Assessments and the 18th Annual Third-Party Risk Summit—the premier global event for advancing third-party risk management across industries. This milestone for our organization and Summit shines a spotlight on cutting-edge processes, emerging technologies, and strategies driving efficiencies throughout the risk universe and beyond.

For two decades, the Shared Assessments Annual Third-Party Risk Summit has been the ultimate gathering of industry thought leaders and risk management experts. This year, we’re raising the bar by exploring future trends, sharing actionable insights, and celebrating 20 years of education, innovation, and excellence.

Attendees will gain unparalleled opportunities to network with peers, benchmark program maturity, and discover how to harness best practices and transformative technologies to elevate their risk management strategies. Don’t miss this special celebration of leadership and innovation in the risk management community, taking us light years into the next galaxy!

This event offers 13 Continuing Professional Education Credits (CPEs) for attending both Day 1 and Day 2.

Interested in Sponsorship Opportunities for Summit?

Contact Us

Pre-Summit Education

Certified Third Party Risk Professional (CTPRP)

Certified Third Party Risk Assessor (CTPRA)

Join us in person for a CTPRP or a CTPRA course hosted on March 25th, 2025, prior to our Third Party Risk USA Summit. These designations from the Shared Assessments Program validate expertise, and provide professional credibility, recognition, and marketability in third-party risk.

To learn more about the class, the exam, and maintaining your certification, see the FAQs at the bottom of the CTPR P or CTPRA page on our website.

Cost: Members: $1,345 | Non-Members: $1,645

Event Location: The Westin Fort Lauderdale Beach Resort | Fort Lauderdale, FL

Date: March 25th, 2025 | 8:00am – 6:00pm ET

CPEs: Completion of this course will earn 12 CPEs.

Interested in Speaking at Summit?

Contact Us

Hotel

We are back! Join us where the warm waters of the Atlantic meet the sparkling sand, and create lasting risk management memories at The Westin Fort Lauderdale Beach Resort. This hotel is a true oceanfront oasis, designed to enhance your wellbeing. Say yes to the outdoor heated pool and the beach access skywalk!

Schedule

The schedule is under development and subject to change – be sure to check back for updates:

Time	Session	Speakers	Description	Location
7:30am ET	Registration Opens			Foyer, Dine In Las Olas Ballroom
7:30am - 8:55am ET	Breakfast Buffet		Breakfast will be served in the Los Olas Foyer from 7:30 to 8:55 am ET before the Opening Keynote
9:00am ET	Welcome & Opening Keynote	Andrew Moyad, CEO, Shared Assessments	Captain’s Log: Charting the Future of TPRM Beyond Our First 20 Years	Las Olas Ballroom
9:15am ET	Panel: Securing the Cloud Frontier: Protecting Third-Party Ecosystems in 2025	Erin Joe, Senior Executive, Cybersecurity and Shared Assessments Advisory Board Member Joe Lyons, VP Cyber Security, BitSight Lena Licata, VP, Governance, Risk & Compliance, Blackstone Moderator: Chris Johnson, Senior Advisor, Shared Assessments	As organizations increasingly rely on cloud solutions for critical operations, the need for robust cloud security within third-party ecosystems has never been more urgent. This panel will explore the evolving landscape of cloud security and its integration with third-party risk management practices, providing actionable guidance for risk managers navigating these challenges in 2025.	Las Olas Ballroom
10:05am ET	Exhibitor Networking Break			Foyer
10:35am ET	Panel: Evolving Regulatory Compliance Post-DORA and NIS2	Eyvonne R. Mallett, Of Counsel, Loeb & Loeb LLC John Ingold, Head of Supplier Management, T. Rowe Price Mark Orsi, CEO, Global Resilience Federation Moderator: Patricia Murphy, Managing Director, Alvarez and Masal	As regulatory landscapes grow more complex, organizations must develop strategies that ensure both operational and regulatory resilience. This panel will explore how evolving frameworks like DORA, NIS2, and AI regulations are reshaping third-party risk management practices. Experts will discuss actionable approaches to: -Harmonize compliance efforts across jurisdictions. -Strengthen operational resilience by aligning risk management frameworks with regulatory demands. -Proactively address the intersection of ESG and TPRM requirements.	Las Olas Ballroom
11:10am ET	Sponsored Keynote: Agentic AI and Third-Party Risk: Rethinking Vendor Assessments for the Future	Chris Patterson, Director, Strategy, One Trust Third Party Risk Management	The last 24 months have seen a paradigm shift in the global technology landscape as cheaper, faster and more scalable LLMs and AI models have accelerated the availability of AI-enabled solutions. While AI governance and managing risk around third-party AI have become top priorities for risk and compliance teams, there has been less attention paid to how these technologies can potentially disrupt the fundamentals of third-party risk management. This keynote will help organizations understand the realities of agentic AI, paint a vision for the future of TPRM in an agentic landscape, and provide a pathway to navigate disruptions and harness the power of AI, responsibly.	Las Olas Ballroom
11:40am	Networking Lunch The Risk Launchpad: Your Hub for Expert Insights and Practical Solutions		Need quick guidance on a pressing third-party risk management challenge? Looking for expert advice in a private, supportive setting? Welcome to The Risk Launchpad, where your toughest questions meet tailored solutions. This drop-in space is designed for attendees who: - Have a specific TPRM issue to troubleshoot with Shared Assessments Senior Advisors and TPRM Principals. - Seek one-on-one conversations in a more informal setting. - Want actionable advice to take back to their organization right away. No appointments or pre-registration required—simply stop by, share your concerns, and engage with experts ready to help you navigate your challenges. From regulatory compliance dilemmas to operational disruptions, our SMEs are here to equip you with insights and strategies for success.	Las Olas Ballroom (The Risk Launchpad will be on the Sky Terrace)
1:00pm ET	Afternoon Tracks 1 Thought Leadership Panel: To Boldly Automate: Harnessing Automation for Efficient TPRM	Ed Thomas, SVP Marketing & Sales Operations, ProcessUnity Clarence Chio, Co-Founder & CEO, Coverbase Gatha Sadhir, EVP, Global Technology, Jazwares Dennis Frio, Managing Director, Cyber, Risk & Regulatory, PwC US Moderator: Chris Johnson, Senior Advisor, Shared Assessments	Automation in TPRM is the future. This panel will explore how cutting edge AI tools can automate vendor onboarding, risk assessments, and continuous monitoring, providing organizations with timely and accurate risk data.
1:00pm ET	Afternoon Tracks 1 Practitioner Panel: Building a Continuous Monitoring Ecosystem: Insights for TPRM Practitioners	Deb Zoppy, Head of TPRM & Business Resiliency Oversight, Guardian Bob Maley, CSO, Black Kite Falicia Foster-Cruz, Manager – Third Party Risk Management, Iron Mountain Moderator: Sheria Williams, TPRM Principal, Products and Support	Continuous monitoring is the cornerstone of proactive third-party risk management but creating a sustainable and comprehensive monitoring ecosystem requires more than just tools. This session offers a hands-on exploration of the strategies, frameworks, and methodologies that practitioners need to integrate diverse data sources—including financial assessments, ESG ratings, and real-time alerts—into their monitoring practices. Designed for TPRM professionals looking to elevate their strategies, this session ensures you leave with the insights and techniques necessary to build a resilient monitoring ecosystem that adapts to today’s complex risk landscape.
1:50pm ET	Transition/Break
2:00pm ET	Afternoon Tracks 2 Thought Leadership Track: Future-Proofing Critical Third Parties	Elizabeth Dunsmoor, TPRM Principal, Shared Assessments Eric Evans, Managing Director, Partnerships and Alliances, Rapid Ratings Jenna Wells, Chief Customer and Product Officer, Supply Wisdom Moderator: Nasser Fattah, Senior Advisor, Shared Assessments	This panel will explore how to assess CTP dependencies, implement robust risk mitigation strategies, and align with evolving regulations to safeguard operational stability. Panelists will share insights on continuous monitoring, contingency planning, and regulatory expectations, helping organizations build stronger, future-ready third-party ecosystems.
2:00pm ET	Afternoon Tracks 2 Practitioner Panel: Non-Traditional Vendors: Rethinking Risk Management for Unique Relationships	Becky Brown, Program Manager for Third Party Risk Management, SEI Investments Mary Kay Merkt, Director Vendor Management & Procurement, Johnson Financial Group Jan Lucero, Senior Director, Third Party Risk Management, Transamerica Dan Even, Senior Manager - Third Party Risk Management (TPRM), Mayo Clinic Moderator: Rhonda K.R. Cook, Senior Advisor, Shared Assessments	Not all third-party relationships fit neatly into traditional risk management frameworks. From facilities management to sub-advisors and beyond, non-traditional vendors require tailored approaches that go beyond the standard assessment process. This session explores innovative strategies to categorize and manage these unique relationships while ensuring compliance and mitigating risk. Designed for practitioners seeking actionable solutions, this discussion will equip you with the tools to build more inclusive and efficient TPRM strategies for the full spectrum of vendor relationships.
2:50pm ET	Transition/Break
3:00pm ET	Afternoon Tracks 3 Thought Leadership Panel: Navigating the Regulatory Constellation: Cross Jurisdictional Compliance	Caitlin M. Clarke, Senior Director of Cybersecurity Services, Venable LLP Moderator: Gary Roboff, Senior Advisor, Shared Assessments	This session will explore strategies for navigating the complexities of cross-jurisdictional compliance, including insights on DORA, NIS2 and GDPR related mandates. Industry experts will share real-world approaches to harmonizing regulatory requirements across regions, avoiding common pitfalls, and ensuring that your risk management strategies stay aligned as new stars appear in the regulatory sky.
3:00pm ET	Afternoon Tracks 3 Practitioner Panel: Engineering Vendor Contracts for the Future: Risk, Responsibility, and Automation	Julie Gaiaschi, CEO & Co-Founder, Third Party Risk Association Tammy Knies, CPO, Eastern Bank Shamul Ehteshamul Haque, Outside General Counsel, Shared Assessments Moderator: Jennifer Hancock, SVP Professional Development & Education, Shared Assessments	A detailed discussion on how to build flexible, risk-sensitive contracts with third parties that can accommodate emerging risks, such as AI governance and cybersecurity threats.
3:50pm - 4:20pm ET	Exhibitor Networking Break			Foyer
4:20pm - 4:50pm ET	Achievement Award Presentation and Acceptance	Andrew Moyad, CEO, Shared Assessments
4:50pm - 5:20pm ET	Fireside Chat	Heidi Grant, Former Director of the Defense Security Cooperation Agency Paul Kurtz, CTO, Splunk
5:20pm ET	Closing Remarks	Brian Shaw, VP Head of North America, Certa
5:30pm ET	Networking Reception

Time	Session	Speakers	Description	Location
7:30am - 8:30am ET	Breakfast Buffet			Foyer, Dine In Las Olas Ballroom
8:30am ET	Opening Remarks & Awards	Andrew Moyad, CEO, Shared Assessments		Las Olas Ballroom
9:15am ET	Panel: Expanding the Horizons of AI and Emerging Technologies in Risk Management	Katie Boswell, Securing AI Lead, KPMG Konstantinos Karagiannis, Director Quantum Computing Services, Protiviti, Inc. Mark Wehrle, Director Cyber Risk & Awareness, The Campbell's Company Jonathan Dambrot, CEO, Cranium Moderator: Andrew Moyad, CEO, Shared Assessments	Discover how AI and cutting-edge technologies are reshaping the TPRM landscape. Panelists will discuss actionable strategies for integrating AI into risk assessment, addressing quantum computing challenges, and leveraging blockchain to enhance vendor management.	Las Olas Ballroom
10:05am - 10:35am ET	Exhibitor Networking Break			Foyer
10:35am ET	Breakout Sessions Round 1	1. Ed Thomas, SVP Marketing & Sales Operations, ProcessUnity 2. Bob Maley, CSO, Black Kite 3. Brian Shaw, VP Head of North America, Cera 4. Joey Carter, Sales Engineer, BlueVoyant	1. ProcessUnity: Get Off the Assessment Treadmill. Take a Data-First, Questionnaire-Second Approach to TPRM The work never ends. Every year, we onboard more third parties. And every year, our assessment workload gets worse. More resources to help? Not going to happen. Sound familiar? You’re not alone. We have been at this process for years, but it continues to get worse for your team and the people in your company that rely on your third parties. It doesn't have to be that way. It's time the flip the script and cut back on assessment questionnaires. Learn how the newest risk exchange models are eliminating 80% of questionnaire requests with data. Our expert will outline how to: • Instantly perform inherent risk analysis on your entire vendor portfolio • Incorporate assessment data into your process to reduce questionnaire requests • Map your questionnaire and controls to standard exchange questionnaires and ask fewer questions • Complete assessments on large, hard-to-assess third parties that don't respond to you • Monitor 100% of your portfolio -- not just your critical vendors TPRM doesn't have to be the most painful process in your company. Join us and start your program's evolution. 2. Black Kite: Beyond Checkboxes: Transforming TPRM with Automation and Agility The old ways of managing third-party risk are failing. Questionnaires and manual processes are drowning us in a sea of checkboxes, while third-party breaches continue to rise. In this presentation, we'll explore how to ditch the outdated methods and embrace a new era of TPRM with automation and agility. Discover how to streamline assessments, gain real-time visibility into risk, and build a more secure future for your organization. 3. Certa: TPRM by Exception, The Future of TPRM Is Here Now —Traditional third-party risk management (TPRM) is no longer enough to keep pace with today’s evolving threat landscape. The future of TPRM isn’t more assessments; it’s exception-based risk management. This session will explore how leading organizations are shifting from reactive assessments to real-time, exception-based risk management, leveraging AI and automation to eliminate manual inefficiencies and focus only on what truly matters. You’ll learn: What “TPRM by Exception” really means with AI and automation surfacing only risks that require action. The power of data-driven exception management, enabling organizations to pinpoint risks before they become threats. Why real-time risk assessment is replacing static evaluations, allowing businesses to move from compliance-driven to proactive risk mitigation. The tools and technology to achieve this exist today. Join us to discover how to streamline processes, enhance risk visibility, and stay ahead of regulatory expectations—without drowning in assessments. Don’t just manage risk—master it. 4. BlueVoyant: Reducing Risk Across the Vendor Assessment Lifecycle Commercial organizations are constantly increasing the number and variety of third parties they work with to meet business needs. From onboarding to offboarding every stage of the vendor lifecycle represents an opportunity and need for cyber risk reduction. To stay ahead of threats in the supply chain, Third Party Risk Management (TPRM) programs should be able to map and prioritize risk reduction processes in these varying lifecycle stages. This session will cover cyber-risk illumination and reduction best practices - including leveraging AI/ML - to continuously protect your outsourced critical business processes and data. Agenda: Review the various stages that make up the vendor lifecycle Cover best practices for ensuring cyber risk illumination and reduction is being carried out at each step Incorporating validation of the accuracy of cyber-related questionnaire responses Brief demo of the above
11:35am - 12:00pm ET	Exhibitor Networking Break	1. Ed Thomas, SVP Marketing & Sales Operations, ProcessUnity 2. Bob Maley, CSO, Black Kite 3. Brian Shaw, VP Head of North America, Certa 4. Joey Carter, Sales Engineer, BlueVoyant	1. ProcessUnity: Get Off the Assessment Treadmill. Take a Data-First, Questionnaire-Second Approach to TPRM The work never ends. Every year, we onboard more third parties. And every year, our assessment workload gets worse. More resources to help? Not going to happen. Sound familiar? You’re not alone. We have been at this process for years, but it continues to get worse for your team and the people in your company that rely on your third parties. It doesn't have to be that way. It's time the flip the script and cut back on assessment questionnaires. Learn how the newest risk exchange models are eliminating 80% of questionnaire requests with data. Our expert will outline how to: • Instantly perform inherent risk analysis on your entire vendor portfolio • Incorporate assessment data into your process to reduce questionnaire requests • Map your questionnaire and controls to standard exchange questionnaires and ask fewer questions • Complete assessments on large, hard-to-assess third parties that don't respond to you • Monitor 100% of your portfolio -- not just your critical vendors TPRM doesn't have to be the most painful process in your company. Join us and start your program's evolution. 2. Black Kite: Beyond Checkboxes: Transforming TPRM with Automation and Agility The old ways of managing third-party risk are failing. Questionnaires and manual processes are drowning us in a sea of checkboxes, while third-party breaches continue to rise. In this presentation, we'll explore how to ditch the outdated methods and embrace a new era of TPRM with automation and agility. Discover how to streamline assessments, gain real-time visibility into risk, and build a more secure future for your organization. 3. Certa: TPRM by Exception, The Future of TPRM Is Here Now —Traditional third-party risk management (TPRM) is no longer enough to keep pace with today’s evolving threat landscape. The future of TPRM isn’t more assessments; it’s exception-based risk management. This session will explore how leading organizations are shifting from reactive assessments to real-time, exception-based risk management, leveraging AI and automation to eliminate manual inefficiencies and focus only on what truly matters. You’ll learn: What “TPRM by Exception” really means with AI and automation surfacing only risks that require action. The power of data-driven exception management, enabling organizations to pinpoint risks before they become threats. Why real-time risk assessment is replacing static evaluations, allowing businesses to move from compliance-driven to proactive risk mitigation. The tools and technology to achieve this exist today. Join us to discover how to streamline processes, enhance risk visibility, and stay ahead of regulatory expectations—without drowning in assessments. Don’t just manage risk—master it. 4. BlueVoyant: Reducing Risk Across the Vendor Assessment Lifecycle Commercial organizations are constantly increasing the number and variety of third parties they work with to meet business needs. From onboarding to offboarding every stage of the vendor lifecycle represents an opportunity and need for cyber risk reduction. To stay ahead of threats in the supply chain, Third Party Risk Management (TPRM) programs should be able to map and prioritize risk reduction processes in these varying lifecycle stages. This session will cover cyber-risk illumination and reduction best practices - including leveraging AI/ML - to continuously protect your outsourced critical business processes and data. Agenda: Review the various stages that make up the vendor lifecycle Cover best practices for ensuring cyber risk illumination and reduction is being carried out at each step Incorporating validation of the accuracy of cyber-related questionnaire responses Brief demo of the above
1:00pm - 2:00pm ET	Networking Lunch The Risk Launchpad: Your Hub for Expert Insights and Practical Solutions		Need quick guidance on a pressing third-party risk management challenge? Looking for expert advice in a private, supportive setting? Welcome to The Risk Launchpad, where your toughest questions meet tailored solutions. This drop-in space is designed for attendees who: - Have a specific TPRM issue to troubleshoot with Shared Assessments Senior Advisors and TPRM Principals. - Seek one-on-one conversations in a more informal setting. - Want actionable advice to take back to their organization right away. No appointments or pre-registration required—simply stop by, share your concerns, and engage with experts ready to help you navigate your challenges. From regulatory compliance dilemmas to operational disruptions, our SMEs are here to equip you with insights and strategies for success.	Las Olas Ballroom (The Risk Launchpad will be on the Sky Terrace)
2:00pm - 2:50pm ET	Panel: The Legacy of Shared Assessments: 20 Years of Leadership in TPRM	Cathy Allen, Founder, Board Risk Committee Tom Garrubba, Vice President and Sr. Manager for Security Policy & Governance, PNC Paul Kooney, Managing Director, Protiviti Moderator: Andrew Moyad, CEO, Shared Assessments	A reflective panel celebrating the 20th anniversary of Shared Assessments. Panelists will discuss the key milestones in the organization's history, its impact on TPRM globally, and what the next 20 years might hold as we continue to chart new courses.
2:50pm - 3:40pm ET	Panel: Obstacles to Standardization: Overcoming Fragmentation in Third-Party Risk	Andrew Moyad, CEO, Shared Assessments Dr. Angela Dogan, Associate Director Security Consulting, Kyndryl Linnea Solem, CEO and Founder of Solem Risk Partners, LLC Moderator: Mark Orsi, CEO, Global Resilience Federation	In a rapidly evolving regulatory and operational landscape, the promise of standardization in TPRM remains elusive. This session will tackle the complexities of harmonizing frameworks to enhance efficiency, reduce redundancy, and support continuous monitoring efforts. Experts will discuss how shared standards, evolving technologies, and collaboration across industries can pave the way toward a more cohesive future in third-party risk management.	Las Olas Ballroom
3:40pm - 4:00pm ET	Closing Remarks	Andrew Moyad, CEO, Shared Assessments		Las Olas Ballroom

Shared Assessments 18th Annual Third-Party Risk Summit 2025 (USA)

March 26-27th, 2025

The Westin Fort Lauderdale Beach Resort

Third-Party Risk Summit

Interested in Sponsorship Opportunities for Summit?

Pre-Summit Education

Certified Third Party Risk Professional (CTPRP)

Certified Third Party Risk Assessor (CTPRA)

Interested in Speaking at Summit?

Hotel

Sponsors

Platinum Sponsors

Gold Sponsors

Exhibitors

Schedule

Speakers

Catherine A. Allen

Katie Boswell

Dr. Angela Dogan

Becky Brown

Joey Carter

Clarence Chio

Caitlin M. Clarke

Rhonda K.R. Cook

Jonathan Dambrot

Elizabeth Dunsmoor

Eric Evans

Dan Even

Nasser Fattah

Falicia Foster-Cruz

Dennis Frio

Julie Gaiaschi

Tom Garrubba

Heidi Grant

Jennifer Hancock

Ehteshamul Haque

John Ingold

Erin Joe

Chris Johnson

Konstantinos Karagiannis

Tammy Knies

Paul Kooney

Paul Kurtz

Lena Licata

Jan Lucero

Joe Lyons

Bob Maley

Eyvonne R. Mallett

Mary Kay Merkt

Andrew Moyad

Patricia Murphy

Mark Orsi

Chris Paterson

Gary Roboff

Gatha Sadhir

Brian Shaw

Linnea Solem

Ed Thomas

Mark Wehrle

Jenna Wells

Sheria Williams

Debra Zoppy

Pricing

SUMMIT + CTPRP or CTPRA CLASS

SUMMIT ONLY

CTPRP or CTPRA CLASS ONLY

Refund/Cancellation Policy

Feedback Agreement