Search Results

< Previous View Resource Library Next > VIDEOS TPRM 101: Reporting on Residual Risk The final section of Pre-Contract Due Diligence, Reporting on Residual Risk , focuses on translating your risk findings into clear, actionable insights for approvers and stakeholders. This episode of TPRM 101 covers how to articulate the remaining (unmitigated) risk and ensure informed decisions are made before a third party is onboarded. Key features include: Techniques for summarizing complex risk data Report formatting for executive and operational audiences Aligning residual risk with organizational risk tolerance Documentation required for audit, legal, and regulatory purposes WATCH

Originally developed by TPRA's Women in TPRM "Lead" work group, this training activity is designed for all current and aspiring leaders within the Third Party Risk Management (TPRM) industry. Leadership Ladder About Welcome to TPRA's Leadership Ladders©. Originally developed by TPRA's Women in TPRM "Lead" work group, this training activity is designed for all current and aspiring leaders within the Third Party Risk Management (TPRM) industry. Each box on the board below is linked to a valuable resource–including customized guides, blogs, videos, quizzes, and more–with the goal of enhancing your leadership potential through buildable skills and expert insights. Any professional, regardless of what stage they're at in their career, can find value in this activity. How to Operate To start your leadership journey, follow these simple steps: Start at the first square for a brief overview video. Click the text on the next square to open and review your first resource. Follow the numbers within each square as you discover a variety of resources which build on one another to give you a well-rounded and developed grasp on key leadership topics and skills. Hidden throughout the game are short Scenarios with multiple-choice answers. Choose correctly , thereby proving your leadership savviness, and you might be able to skip ahead a few squares. Choose wrong and you may find yourself needing a refresher on an earlier topic. Complete all the boxes, reach the end, and click the last square for a congratulatory video! Resource Categories Thoughtful intention went into developing the leadership categories and characteristics noted in the board below. Designed to first develop your core competencies as a leader, the board will then lead you through other scenarios current and new leaders will face. Please review the categories below (color coded for your reference). Core Competencies Communication Collaboration Confidence Cultivating Relationships Coaching TPRM Lifecycle Budgeting HR Process Boundaries Driving Strategy & Influencing Change Navigating Executive Leadership Discussions Crucial Conversations Mentorship Public Speaking & Getting Published GET STARTED Driving Continue Boundaries Collaboration - Continue VIDEO CONGRATULATIONS LEADER! PDF 35 Getting Published PDF 34 Public Speaking VIDEO 33 Mentorship How to Fin d a M entor Who Can Accelerate Your Career PDF 32 Mentorship SCENARIO 31 Crucial Conversations SCENARIO 25 Driving Strategy & Influencing Change PDF 24 Driving Strategy & Influencing Change VIDEO 13 CORE COMPETENCIES: Cultivating Relationships How To Build Good Relationships At Work VIDEO 12 CORE COMPETENCIES: Cultivating Relationships 3 Things You Need to Accept About Other People by Mel Robbins VIDEO 26 Driving Strategy & Influencing Change How to Survive Change at Work VIDEO 23 Boundaries How to Set Healthy Boundaries at Work: 8 Tips for Creating Bou ndaries at Work PDF 14 CORE COMPETENCIES: C oaching VIDEO 15 CORE COMPETECIES: Coaching Coac hing Skills Demo nstrated PDF 22 Boundaries SCENARIO 27 Driving Strategy & Influencing Change PDF 11 CORE COMPETENCIES: Cultivating Relationships VIDEO 10 CORE COMPETENCIES: Confidence Six Behaviors to Increase your Confidence - A Ted Series PDF 21 HR Proces ses for Leaders PDF 28 Navigating Executive Leadership Discussions VIDEO 17 TPRM Lifecycle Wha t Is TPR M? EBOOK 16 TPRM Lifecycle TPRA's "Third Party Risk Management 101 Guidebook" PDF 20 TPRM B udgeting PDF 29 Crucial Conversations PDF 9 CORE COMPETE NCIES: Confidence SCENARIO 8 CORE C OMPETENCIES: Collaboration VIDEO 30 Crucial Conversations Crucial Conversations | 10-Minute Book Summary VIDEO 19 TPRM Lifecycle Contract Review VIDEO 18 TPRM Lifecycle Program Planning & Oversight VIDEO 7 CORE COMPETENCIES: Collaboration Professional Development: Collaboration in the Workplace by KnowledgeWave PDF 2 CORE COMPETENCIES: Introduction PDF 3 CORE COM PETENCIES: Communication VIDEO 4 CORE COMPETENCIES: Communication The Power of Communication by Nina Legath INTERVIEW 5 CORE COMPETENCIES: Communication "How Women Undermind Themselves With Words" by Goop PDF 6 CORE COMPETENCIES: Collaboration Publishing Cultivating Rel Submit Comments Do you have something you thing should be added to Leadership Ladders? Do you have ideas on how we can improve the game? Whether it's content, formatting, or something else, submit comments below to let us know! First name Last name Email Comments Submit

Learn more about OneTrust, a TPRA Partner Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > OneTrust TPRM Platform Partner Member CONTACT INFORMATION sales@onetrust.com Want to learn more? Watch this online demo ! OneTrust empowers you to collect, govern, and use data with complete visibility and control. We help you streamline risk management, enforce compliance, and optimize data strategies for innovation — all while meeting regulatory and customer demands. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Consent and Preferences Privacy Automation Third-party Management Tech Risk and Compliance Data Governance AI Governance RESOURCES FROM THIS VENDOR MEMBER Are you ready for DORA compliance? VENDOR MEMBER RESOURCE | March 18, 2025 Understanding and implementing APRA's CPS 230 Standard VENDOR MEMBER RESOURCE | March 18, 2025 Rise above risk: Third-party management in technology VENDOR MEMBER RESOURCE | March 18, 2025 Load More EVENTS FROM THIS VENDOR MEMBER Tackling privacy and personalization: Fireside chat with PwC and the NFL Live Webinar February 4, 2026 NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

Learn more about DocuBark, a TPRA Incubator Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > DocuBark TPRM Platform Incubator Member CONTACT INFORMATION Jonathan Mandell CEO & Founder jonathan@docubark.com DocuBark is a TPRM workflow automation and risk analysis platform built to replace legacy, rigid systems with a faster, more transparent approach. When teams log in, they get a clear view of every vendor assessment - what’s in progress, what’s complete, and what’s holding things up. DocuBark analyzes vendor documents, supports FAIR-based residual risk scoring, and offers features like smart intake forms and dynamic inherent risk scoring to reduce manual effort and improve decision-making across the third-party risk lifecycle. TOP PRODUCT FUNCTIONALITY CATEGORIES Document Intelligence & Parsing: Automatically extract and structure data from vendor documents (e.g., SOC 2, SIG, CAIQ), enabling faster, more accurate due diligence. Control Summarization & Mapping: Generate clear summaries of vendor security controls and map them directly to your questionnaires, frameworks, or scoring rubrics. FAIR-Based Residual Risk Analysis: Quantify residual risk in financial terms using FAIR methodology, factoring in inherent risk, control strength, and business impact. Smart Intake Forms: Guide business requesters through risk-relevant questions during intake, dynamically adjusting based on the vendor’s role, data access, and system integration. Dynamically Built Assessments Based on Vendor Scope: Automatically generate tailored security assessments based on each vendor’s risk profile, services, and technology footprint—reducing noise and focusing on what matters. RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

Enhance your Third Party Risk Management (TPRM) skills with TPRA’s flexible certificate program. Explore free and paid courses covering AI risk, cloud security, and more. Gain practical knowledge to support your organization. Certificate Program The Third Party Risk Management (TPRM) Certificate Program , offered by TPRA in collaboration with our trusted partners, provides comprehensive training designed to enhance knowledge and expertise in TPRM best practices. This program features a diverse selection of courses covering critical topics in third-party risk, cloud security, AI/LLM security and risk. Participants can choose from both free and paid courses, ranging in duration from one to four hours, allowing for flexible learning tailored to individual needs and schedules. Participants will receive a certificate upon completion of the training course. Please note that this is not a certification program, nor will participants receive any professional credentials. Whether professionals are new to TPRM or looking to deepen their expertise, the program provides valuable insights and practical knowledge to strengthen risk management strategies within their organizations. Available Courses AI/LLM Security & Risk Course for TPRM: Learn the risks that AI in vendors can carry, and how to assess them On-Demand, Self-Paced | 1 hour | $0 | 1 CPE hour The Third Party Risk Association (TPRA) has partnered with PromptArmor to bring you the " AI/LLM Security & Risk Course for TPRM ". This training course includes 12 modules to teach you… Read More Register Securing SaaS Applications: A Comprehensive Approach to Cloud Risk Management Live Virtual Training | 4 hours | $159 | 4 CPE hours As organizations increasingly rely on cloud-based Software-as-a-Service (SaaS) solutions, understanding and mitigating associated risks is critical. This virtual training provides an in-depth exploration of key security considerations when evaluating and… Read More Register

Learn about Ejona Preci, Principle Manager - Cybersecurity Risk for FREENOW, and TPRA's WNTPRM April 2024 Leader Spotlight. < See All < Previous Next > Ejona Preci Principle Manager - Cybersecurity Risk FREENOW Biography Ejona Preçi is an enthusiastic cybersecurity professional with over 12 years of experience in the field, demonstrating a profound dedication to promoting diversity within the cybersecurity realm. She holds the position of Principal Manager for Cybersecurity Risk at FREENOW where her responsibilities encompass overseeing and managing both cyber and third-party risks. In addition, Ejona also serves as the President for WiCyS Germany, where she empowers women and other underrepresented groups in cybersecurity. With an impressive array of security certifications (CISSP, CISM, CRISC, and ITIL v4), Ejona possesses a robust cybersecurity background. She has earned recognition as a prominent figure in the industry, garnering features in online magazines and social networks for her roles as a mentor, author, podcaster, community builder, and keynote speaker. Ejona has been recognised as one of the 44 Cyber Power Women in the Top Cyber News Magazine and shortlisted for Cybersecurity Woman of the Year Award 2023. Recognizing the need for accessible and engaging cybersecurity content, Ejona has started her own podcast called "Cyberstar Talk Podcast”. Leadership Characteristics Ejona is passionate about fostering synergy within the workplace. She firmly believes that collaboration and the effective leverage of individual talents are the cornerstone of success. Her commitment to this ethos drives her to not only identify and nurture the unique strengths of her team members but also to create an environment where their talents can flourish. By promoting a culture of inclusivity and empowerment, she aims to elevate the collective expertise and ensure that every member is thriving in their roles. Leadership Challenges Historically, risk professionals were perceived as adversaries in workplaces. However, the mindset has now shifted towards recognizing the value they bring. Ejona's challenge is to demystify risk for managers and other business professionals, fostering better communication and collaboration while maintaining a focus on effective risk management. Key Take-a-ways “I follow the approach of conveying to risk owners that it's not me against them but us against the problem, striving to create a united front in addressing challenges.” Fun Fact Ejona enjoys traveling and has an insatiable curiosity about different cultures. Back when she was a kid, she wanted to become a TV presenter, and now, she's living a version of that dream as a cybersecurity podcaster and influencer!

Learn more about Fabrik, a TPRA Incubator Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Fabrik TPRM Platform Incubator Member CONTACT INFORMATION Henry Stanley CPO henry@thetrustfabrik.com Fabrik's Data Connectivity Platform makes third-party risk assessments faster by enabling real-time access to vendor security documents and monitoring data directly inside their existing TPRM platforms. This removes the need for time-consuming manual document collection and review, saving effort for both vendors and TPRM teams. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

Learn more about Vanta, a TPRA Advocate Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Vanta GRC Platform Advocate Member CONTACT INFORMATION Adrian Conley Director, Specialty Sales adrian.conley@vanta.com Vanta accelerates every step of vendor due diligence, automating evidence collection, pre-filling questionnaires, and highlighting the most critical risks. Customers see up to a 50% reduction in time to complete risk assessments and a 3× faster time to findings, allowing teams to identify and remediate issues far more efficiently. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Vanta is the leading trust management platform, helping organizations simplify, centralize, and automate their security, compliance, and third-party risk programs. By unifying Trust Center, GRC, Security Questionnaire Automation, and Third-Party Risk Management (TPRM) into one platform, Vanta enables organizations to build and demonstrate trust in real time. Third-Party Risk Management – Automate vendor reviews with AI-powered evidence collection, risk flagging, and renewal comparisons. Governance, Risk & Compliance (GRC) – Centralize frameworks and automate controls for SOC 2, ISO 27001, HIPAA, GDPR, and more. Trust Center – Publicly share your real-time security posture through an auto-updating, customizable trust portal. Security Questionnaire Automation – Enable instant, AI-assisted pre-filling and review of vendor questionnaires. Continuous Monitoring & Alerts – Maintain compliance through live monitoring of your infrastructure, vendors, and cloud stack. Framework & Standards Integration – Map once, comply everywhere: crosswalk controls across 20+ frameworks. Reporting & Analytics – Measure and visualize compliance, vendor performance, and remediation velocity. Remediation & Collaboration – Assign follow-ups, close findings faster, and track progress across teams. RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

Get to know Hilary Jewhurst, TPRA's Senior Membership & Education Coordinator! < Back Hilary Jewhurst Senior Membership & Education Coordinator SENIOR STAFF Hilary Jewhurst is a seasoned expert in third-party risk and risk operations, with nearly two decades of experience across financial services, fintech, and the nonprofit sector. She has built and scaled third-party risk programs from the ground up, designed enterprise-wide training initiatives, and developed widely respected content that helps organizations navigate regulatory complexity with clarity and confidence. Known for turning insight into action, Hilary’s thought leadership and educational work have become go-to resources for professionals looking to mature their TPRM programs. She regularly publishes articles, frameworks, and practical guides that break down complicated risk topics into meaningful, accessible strategies. Hilary recently joined the Third-Party Risk Association (TPRA) as a staff member, supporting industry-wide education, peer learning, and advancing best practices. She is also the founder of TPRM Success , a boutique consultancy that helps organizations strengthen their third-party risk management capabilities through targeted training, tools, and strategic guidance. Next >

Get to know Courtney Turner, Deere & Co, and a member of TPRA's Board of Directors! < Back Courtney Turner Deere & Co BOARD OF DIRECTORS Courtney Turner is the Third-Party Risk Manager, with over 19 years of invaluable experience at John Deere. Courtney's career at John Deere began in Supply Management, where she spent over 10 years specializing in areas such as Order Fulfillment Process (OFP), global growth initiatives, strategic sourcing, and managing indirect materials. Courtney shifted her focus to Information Security, focusing the last 7 years to mastering security banking regulations for audit and compliance purposes. Drawing from her diverse background in both supply management and security, Courtney played a pivotal role in elevating John Deere's third-party risk management program to new heights. Residing in Iowa with her family, Courtney is passionate about all things related to third party risk and thrives on engaging in discussions within this space. Next >

Get to know Chris Phillips, Lendmark Financial Services, and a member of TPRA's Board of Directors! < Back Chris Phillips Lendmark Financial Services BOARD OF DIRECTORS Chris Phillips is a seasoned executive with a deep commitment to operational excellence, risk governance, and leadership development. Known for driving innovation in vendor oversight and compliance strategy, Chris brings a collaborative mindset and a passion for empowering teams and organizations to navigate complex regulatory landscapes. Her career reflects a consistent focus on aligning risk management with business growth, and she actively contributes to industry conversations through thought leadership, mentorship, and cross-sector engagement. Next >

Get to know Eric Rosendaul, Citizens Bank, and a member of TPRA's Board of Directors! < Back Eric Rosendaul Citizens Bank BOARD OF DIRECTORS I am currently a Team Manager within Third Party Assurance at Citizen's Bank. I've been with the bank 5+ years, having started in 2020 as a Sr. Analyst, then promoted in 2023 to a Team Manager. I currently lead a team of cyber and operational risk analysts which will soon expand to include compliance analysts in 2026. Prior to Citizens, I spent 6 years with Alliance Data Systems (now Bread Financial). I started out in the Legal department before quickly moving to their Vendor Management Office, where I quickly worked my way up from low risk assessments to the most critical, built a 4th party management program, and eventually a 2LOD program with the bank directly. I've worked fully remote since 2016 when my wife and I relocated from Columbus, OH to NW Ohio where we currently reside with our 3 kids, 2 dogs, 2 cats, 2 horses, and some chickens. We enjoy camping as a family and I have recently picked up side interest in watches. Next >