Search Results

< Previous View Resource Library Next > TRAINING ACTIVITY Leadership Ladders Originally developed by TPRA's Women in TPRM "Lead" work group, this training activity is designed for all current and aspiring leaders within the Third Party Risk Management (TPRM) industry. Each box on the board is linked to a valuable resource–including customized guides, blogs, videos, quizzes, and more–with the goal of enhancing your leadership potential through buildable skills and expert insights. Designed to first develop your core competencies as a leader, the board will then lead you through other scenarios that current and new leaders will face. Any professional, regardless of what stage they're at in their career, can find value in this activity. VIEW

Learn more about Black Kite, a TPRA Advocate Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Black Kite TPRM Platform Advocate Member CONTACT INFORMATION Johnathan Bald VP of Sales, North America johnathan.bald@blackkite.com https://blackkite.com/ Black Kite gives companies a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners and suppliers in an ever changing digital landscape. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Cyber Risk Intelligence Third Party/Supply Chain Risk Management Continuous Monitoring Financial Risk Quantification Ransomware Risk Assessment Automated Compliance Mapping Vendor Risk Mitigation (with Prioritization) Vulnerability Assessment Threat Intelligence Standards-Based Methodology RESOURCES FROM THIS VENDOR MEMBER Black Kite Global Adaptive AI Assessment Framework (BK-GA³™) VENDOR MEMBER RESOURCE | November 12, 2025 Black Kite Third Party Breach Report 2024 VENDOR MEMBER RESOURCE | March 22, 2024 2023 Ransomware Threat Landscape Report | Report | Black Kite VENDOR MEMBER RESOURCE | September 11, 2023 Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES Black Kite Releases Global Adaptive AI Assessment Framework (BK-GA³™) Developed in Consultation with Shared Assessments November 12, 2025 ADDITIONAL OPPORTUNITIES Previous Next

< Previous View Resource Library Next > INFOGRAPHICS 5 Tips for Proactively Managing TPRM Regulatory Compliance If you're tired of scrambling for documentation, chasing down vendors for evidence, or rewriting the same compliance answers every exam cycle, this is for you. This one-page infographic is built with real TPRM pain points in mind: inconsistent monitoring, reactive audits, evolving regulations, and the pressure to prove your program’s worth with limited resources. It distills five actionable strategies into a visual format you can actually use—with your stakeholders, during training, or as a north star for revamping your vendor oversight. You’ll find guidance on mapping regulations, upgrading due diligence, monitoring with intention, and embedding compliance into your daily operations, not just during audit season. Because real TPRM maturity isn’t about checking boxes—it’s about building a program that works when things go wrong. This infographic helps you start there. Perfect for sharing with your team, your boss, or anyone who still thinks compliance is a once-a-year event. DOWNLOAD

Learn about Madelyn Norwood, Solution Advisor for Ncontracts, and TPRA's WNTPRM April 2025 Leader Spotlight. < See All < Previous Next > Madelyn Norwood Solution Advisor Ncontracts Biography Madelyn previously served as the Manager of Customer Success at Venminder, Inc. and has recently transitioned to Solutions Advisor through the acquisition of Venminder by Ncontracts. She was one of the first Senior Customer Success Managers at Venminder and transitioned to managing the team in 2021. In both roles, her responsibilities include cultivating long-lasting relationships, advising on best practices for Third Party Risk Management (TPRM) to Venminder’s diverse customer base, collaborating with Product and Development to enhance our SaaS solution, and integrating customers’ complex processes into their software. Madelyn joined Venminder in early 2019 and quickly developed an interest in third party risk and vendor management. She is a Certified Third-Party Risk Professional (CTPRP) and Certified Vendor Management Professional (NCVMP) with plans to continue her professional education. Leadership Characteristics What I value most in leaders are transparency, accountability, and empathy. I strive to demonstrate these qualities because they align with my own expectations for leadership. The bar is set high for me, especially with the fearless leadership I’ve experienced at both Venminder and Ncontracts. One of the most rewarding aspects of being a leader is identifying positive solutions for the team and our customers. I love problem-solving and having a new challenge thrown at me. I'm a "just figure it out" kind of gal. It’s important to listen to understand rather than just to respond and to recognize that your way may not always be the best way. This fosters a culture of empowerment within the team and helps everybody grow personally and professionally. Additionally, I believe in getting involved and working alongside your team. I never want to become so focused on management that I forget the importance of being a good teammate. We’re all striving toward a common goal. Leadership Challenges A challenge I faced as a leader was navigating and understanding the complexities of Third-Party Risk Management (TPRM) beyond the financial services sector, especially as its influence expanded into various other industries. These verticals do not necessarily operate their programs the same as Traditional FI's and come with their own set of rewarding challenges. It taught me to be adaptable in my approach with customers allowing me to better understand their needs. Key Take-a-ways There is always room for growth in the world of TPRM. It is what you make of it, and there are so many opportunities to be had. Whether it is honing your overall skills and broader knowledge of TPRM or picking one piece of it that interests you most, there is something for everybody. Fun Fact My favorite place is at the beach with my husband and kids with not a single plan in sight. I’m the best aunt in the entire world. I'm an avid University of Louisville Cardinal fan. Go CARDS! I love a well-made margarita and tacos… especially by the beach.

Learn about Jill Czerwinski, Managing Partner - Third Party Risk Services for Crowe LLP, and TPRA's WNTPRM November 2022 Leader Spotlight. < See All < Previous Next > Jill Czerwinski Managing Partner - Third Party Risk Services Crowe LLP Biography Jill has been with Crowe for over 20 years, and started the third party risk practice in 2009. She started her career in Cybersecurity, pivoting after seeing clients suffer a breach due to vendors despite strong internal security programs. Leadership Characteristics Jill's Meyers Briggs profile is an ISTJ - meaning she thrives on observing and analyzing facts. She has always been drawn to consulting because of the ability to independently observe many companies and synthesize their strengths and weaknesses. Third party risk plays to her strengths with even more company data points. Leadership Challenges Jill's primary challenge in leadership is slowing down. She sometimes moves too quickly through tasks without taking the opportunity to observe, ask, collaborate, and listen. She often focuses with relentless prioritization, asking what she can stop doing so she can do other things with more focus. Key Take-a-ways Jill enjoys Third Party Risk because of the opportunity to get a bird's-eye-view into a company's extended ecosystem. She notes: "If you think of your job as a questionnaire processor, you miss the opportunity to take a step back and see the strategy in all those tasks." Fun Fact Jill enjoys traveling with her husband and two children. They've been to about a dozen states so far, with a trip out West to the National Parks planned for next year.

Learn about Madiha Fatima, Director, Head of Third Party Risk Management for Angelo Gordon, and TPRA's WNTPRM March 2023 Leader Spotlight. < See All < Previous Next > Madiha Fatima Director, Head of Third Party Risk Management Angelo Gordon Biography Madiha Fatima is a Director and Head of Third Party Risk Management at Angelo Gordon, where she leads the development of Third Party Risk Management framework while enabling businesses to achieve their strategic objectives from utilizing service providers. Angelo Gordon is a leading global investment management firm headquartered in New York. Madiha oversees the firmwide Third Party Risk Management function including vendor cyber, technology, business continuity and data security assessments and governance. Madiha is a very well-known industry expert in risk management. She has been featured as Top 50 Women Leaders of New York as well as in Wall Street Journal and published in various magazines. Prior to joining Angelo Gordon, Madiha Fatima served as Head of Third Party Risk Governance & Oversight at DTCC. Madiha is a Certified Third Party Risk Professional (CTPRP). Madiha earned a Bachelor of Science in Financial and Capital Markets from Rutgers Business School. Leadership Characteristics D&I champion, Madiha launched various programs focused on women advancement in financial industry. She has been recognized and awarded the outstanding leadership award by Financial Industry awards hosted by DTCC and FICC. Leadership Challenges Madiha worked her whole career in a challenging environment showcasing her resilience by her continuous achievements throughout her career. She is one of the Top 20 youngest executives and rising stars of wall street. Key Take-a-ways "TPRM is one function where you have to be an expert in several different areas of risk management, strategy and operations to be successful. TPRM leaders are versatile and can provide effective leadership in many different areas due to their ability of being jack of all trades whether its cyber, regulatory, BCM or info sec, we challenge and do it all." Fun Fact "TPRM is the fun part about me; however, if I have to choose one thing outside my passion for TPRM, it would be cooking. I love cooking and find it very relaxing. I love trying different cuisines and from-scratch recipes."

FOR IMMEDIATE RELEASE Third Party Risk Association (TPRA) Announces Launch of Professional Certification Program Friday, September 16, 2022 TPRA, a not-for-profit Third-Party Risk Management (TPRM)-focused organization, launches first professional certification, Third Party Cyber Risk Assessor (TPCRA) ANKENY, IOWA — 16 SEPTEMBER 2022 — Third Party Risk Association (TPRA) announced the official launch of the Third Party Risk Association Certification Program, open to all members of the third-party risk management (TPRM) industry to verify their knowledge, skills, and abilities within their profession. “We are excited to announce the launch of the Third Party Risk Association Certification Program,” Julie Gaiaschi, CEO and co-founder of TPRA, said. “As an organization whose mission it is to further the profession of third-party risk management through knowledge sharing and networking, it was really important to us to build-out a set of professional credentials for the practitioner community.” Professional certifications are a way to verify earner knowledge and understanding of a topic, establish professional credibility, and advance one’s career within a specialized profession. They allow earners to distinguish themselves from their peers by demonstrating commitment to mastering their skills and excelling in their field. According to MBO Partners, professional certifications are also known to boost efficiency. The advanced training, information and knowledge gained from specialized coursework can provide earners with up-to-date tools and technical strategies that will serve to guide and direct them in the execution of projects, allowing them to manage all aspects of their work more effectively. Studies also show that employees who invest in certifications tend to earn higher salaries. MBO Partners notes that Project Management Professional (PMP) certification recipients report median salaries that are 26% higher than those who are not PMP certified. Third Party Cyber Risk Assessor (TPCRA) Certification Pre-registration is now open for TPRA’s first certification, the Third Party Cyber Risk Assessor (TPCRA) Certification. The TPCRA Certification is a specialized qualification designation to confirm understanding and skill in the assessment of third-party cybersecurity controls and processes, as well as validate competency in the creation, execution, and management of third-party cyber risk assessments. In addition, the Certification will authenticate and add credibility to TPRM professional expertise as a third-party cyber risk assessor. The TPCRA is recommended for those who assess, monitor, and review third-party cybersecurity and information technology controls, as well as identify and mitigate risk related to said controls. Eligibility for this certification includes three or more years of experience in a full-time risk management/analyst and/or cybersecurity-related role, though substitutions may be obtained for up to one year of work experience. TPCRA Certification Overview The TPCRA Certification examination is designed to be challenging and ensure that the participant is fully knowledgeable, competent, and proficient in necessary cybersecurity and information technology assessment terms and techniques. The examination will cover the domains of: cybersecurity and TPRM basics, pre-contract due diligence, continuous monitoring, physical validation, disengagement due diligence, cloud due diligence, and reporting and analytics. The examination is a 150-question, multiple-choice assessment with a variety of question formats, including scenario-based, true/false, and ‘choose best response.’ It will be offered either virtually or in person and monitored via an assigned proctor, with a 3-hour time limit. TPRA is also offering optional training sessions to allow participants to be fully prepared for the examination. Purchase of TPCRA Training includes a copy of the book Cybersecurity and Third Party Risk: Third Party Threat Hunting by educator and TPRM leader, Gregory Rasner. “I’m excited to be able to announce the collaboration with Third Party Risk Association on this new training certification track around cybersecurity and third-party risk,” Rasner said. “The foundations [of this course] are built upon the book, but it’s new material that’s been built upon my experience, regulatory guidance, environmental changes, and other things that have come up since publication.” At this time, all training sessions will be taught by Rasner, giving participants direct access to the author of the text on which the examination is based. These lessons are designed to be interactive, allowing for conversation and classified learning, with a blend of informative lectures, open discussions, and workshops. “I hope that you’re as excited as I am to continue to grow this field and expertise within this new training and certification, and thanks for the collaboration with Third Party Risk Association,” Rasner said. Limited Time Promotion To celebrate the launch of their Certification Program and first certification, TPRA is offering a limited-time promotion to the first 30 individuals who register for the TPCRA Examination, Training, or Training and Examination Bundle. These individuals will receive a copy of the book, Cybersecurity and Third Party Risk: Third Party Threat Hunting, a TPCRA bookmark signed personally by the author, and 30 days of virtual access to the author and TPCRA Training Instructor, Rasner, to ask him any questions participants may have prior to their examination. Interested individuals can learn more and pre-register for the Third Party Cyber Risk Assessor (TPCRA) Certification on the TPRA website at www.tprassociation.org/tpra-certifications . Training and testing will begin in January 2023. “We are so excited to offer this first certification and cannot wait to launch the others in the coming years,” Gaiaschi said. “Thank you for your continued support of the Third Party Risk Association.” Founded in 2018, Third Party Risk Association (TPRA) was created out of a necessity to build a community of like-minded third-party risk professionals to allow for the sharing of best practices, exchanging of ideas, and influencing of the industry. Membership is available for both third-party risk management practitioners and service provider organizations, and is designed to promote collaboration, education, and advancement of the industry as a whole. This organization is a 501(c)(6) not-for-profit. ### Third Party Risk Association (TPRA) and Third Party Risk Association Certification Program are either registered trademarks or trademarks of Third Party Risk Association (TPRA) in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. MEDIA CONTACT Meghan Schrader Meghan.schrader@tprassociation.org www.tprassociation.org FOR MORE INFORMATION https://www.tprassociation.org/tpra-certifications Previous Next

Learn about Jennifer Wilkinson, Vice President TPRM for Cenlar FSB, and TPRA's WNTPRM November 2024 Leader Spotlight. < See All < Previous Next > Jennifer Wilkinson Vice President TPRM Cenlar FSB Biography I have spent 29 years in the mortgage industry, my first job out of college was working in the Appraisal Management department for PHH Mortgage where I worked my way through a variety of roles in Vendor Management, Loan Operations and Processing, Strategic Sourcing and Provider Governance, Vendor Relations and Strategic Planning working primarily with their Servicing teams where we focused on building a robust and regulatory compliant TPRM program. I came to Cenlar 9 years ago in September where I got to build a TPRM from scratch working with the Chief Risk Officer, Chief Compliance Officer, Chief Technology Officer, Office of the CISO and a bevy of some of the best Subject Matter Experts in the business. I am proud to be working for Cenlar, the largest mortgage sub-servicer in the U.S. running their TPRM function. I am an active member of the ABA’s TPRM roundtable and this past June I was invited to speak on a panel at their 2024 National Risk and Compliance Conference in Seattle. In July I was named an Elite Woman by Mortgage Professional America. This award celebrates women who are considered top performers and role models across the mortgage industry. I am a self-proclaimed TPRM nerd and proud to be a diversity ambassador with Cenlar’s DEI group. I love what I do and enjoy sharing best practices with those interested in and just starting out in TPRM! Leadership Characteristics Accountability Counts, clear goals and objectives. Listen and extend flexibility where you can while being fair to the team. Have some fun doing what you do. Risk is such a serious and important arm of the organization, you have to laugh where you can. Build positive relationships with others and always be open to collaboration-- the best organizations thrive when people work together for the common good of the organization as opposed to their department. Leadership Challenges My degree is in Communications- my experience is in TPRM. I kind of evolved into this genre of risk because I was really good at talking to people and asking questions in a way that while considered credible challenge at times, didn't come off as adversarial. I have worked with great leaders who have taught me a lot, I have also worked with not so great leaders who have taught me ways I can be a better leader to my team and made me work hard to ensure that I am able to articulate the risks of not having a robust TPRM in a regulated institution. Key Take-a-ways Build Positive Relationships- Being friendly, dependable and responsive counts- in TPRM it is important to build positive relationships with the business leaders within your organization. The same goes for your team. Verify! Verify! Verify!- In TPRM, Trust but Verify. Documentation/evidence counts! Add Value- Make sure you have a good WIIFM speech for those who resist TPRM. Everyone needs to be a risk manager! Stay In Tune- Stay on top of industry best practices and regulatory changes to ensure your risks aren’t being increased by third party relationships Question the unfamiliar- Ask questions when you need to. TPRM is a genre that requires continuous learning. You will not be able to grow your program to meet the needs of your organization if you don’t understand where risks lie. Be Prepared for the bad stuff to happen- Anticipate that bad things can happen and work to ensure you have the appropriate stakeholders in the organization to drive how the organization will respond to them. There is no I in team- I am not successful as a stand-alone entity. I have built an incredible team who makes me proud of the work that the TPRM does for my organization. The program is not successful because of my efforts alone. A rule of thumb- Make Sure your program is auditable, transparent and repeatable. It will help immensely with regulatory audits. Fun Fact I love to cook- and with my Eastern European background, I make a mean homemade Pierogi.

Bitsight Third Party Risk Management is an end-to-end solution that includes continuous, data-driven, validated cyber risk insights and automated vendor assessment capabilities. < Back Bitsight Wednesday, February 18, 2026 10:30 - 10:55 AM CT TPRM Platform Globe Mail Search Search Search Bitsight Third Party Risk Management is an end-to-end solution that includes continuous, data-driven, validated cyber risk insights and automated vendor assessment capabilities. It delivers real-time monitoring, risk prioritization, actionable remediation, and workflow automation—helping organizations proactively manage the entire third-party lifecycle in one place with trusted, independently validated security analytics and proven cyber risk intelligence on top of a robust network of vendor engagement. Presenter(s) Evan Tegethoff VP of Solutions Engineering Evan Tegethoff is an information security professional currently serving as the Vice President of Solutions Engineering at BitSight. With over 23 years of experience in the cybersecurity industry, Evan helps organizations holistically consider cybersecurity, data protection, technology, and business risk as a unified concept. Prior to BitSight, Evan developed third-party risk programs for numerous large organizations, through his work with Optiv, Accuvant, and Forsythe Technologies. Additionally, he has led consulting… Show More Previous Next

Learn more about Venminder, an Ncontracts Company, a TPRA Principal Partner Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Venminder, an Ncontracts Company TPRM Platform Principal Partner Member CONTACT INFORMATION Rashida Holmes SVP Partnership & Outreach Rashida.holmes@ncontracts.com Christopher Parrish Partner Specialist Christopher.parrish@ncontracts.com 1221 Broadway, Ste 1900, Nashville, TN 37203 Venminder offers a world-class SaaS platform that guides and streamlines third-party risk management. Today, more than 1,200 customers globally use Venminder to manage the entire end-to-end vendor lifecycle, from onboarding new vendors to ongoing management to offboarding vendors. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Onboarding, Ongoing Management, Offboarding Outsourced Due Diligence Risk Assessments Questionnaires Contract Management Oversight Management & Automation Cross-Domain Continuous Monitoring SLA Management Issue Management Reports & Dashboards RESOURCES FROM THIS VENDOR MEMBER Inherent Vendor Risk: Sample Questions and Next Steps VENDOR MEMBER RESOURCE | July 31, 2025 Vendor Business Continuity and Disaster Recovery Checklist VENDOR MEMBER RESOURCE | July 28, 2025 10 Reasons for a Third-Party Risk Budget VENDOR MEMBER RESOURCE | June 30, 2025 Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

Learn more about Continuiti Solutions, a TPRA Incubator Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Continuiti Solutions TPRM Services Incubator Member CONTACT INFORMATION Contact@ContinuitiSolutions.com Chris@ContinuitiSolutions.com Patrick@ContinuitiSolutions.com Continuiti Solutions is a Third-Party Risk Management services firm dedicated to helping small and mid-sized organizations meet regulatory expectations without the burden of costly software or internal compliance teams. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Custom Vendor Intake Forms – Tailored intake workflows that capture key details to assess inherent risk and vendor criticality. Risk Tiering & Scoring – Automated and analyst-reviewed classification of vendors based on data sensitivity, operational impact, and regulatory exposure. Analyst-Led Due Diligence – Experienced risk professionals review and validate SOC reports, financials, security documentation, and compliance evidence. Audit-Ready Documentation – Organized and exportable documentation that aligns with SOC 2, GLBA, FFIEC, and other regulatory frameworks. Custom-Built Client Portal – A proprietary portal where clients can submit vendors, track assessments, view reports, and communicate with analysts in real-time. Continuous Vendor Monitoring – Optional ongoing surveillance of high-risk vendors, including legal, financial, and cybersecurity-related alerts. Regulatory Alignment – Services designed to help organizations maintain compliance with regulatory bodies, audit standards, and third-party governance expectations. Scalable Pricing Model – Flexible service plans that scale with organizational growth, with pricing based on vendor count or flat-rate subscriptions. Dedicated Support & Collaboration – Direct access to compliance analysts and project leads throughout the vendor lifecycle for guidance and support. Workflow Automation with Human Oversight – Intelligent process automation paired with human review to ensure both efficiency and depth in risk evaluation. RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

Learn more about Coverbase, a TPRA Incubator Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Coverbase TPRM Platform Incubator Member CONTACT INFORMATION Clarence Chio CEO sales@coverbase.ai Coverbase is a TPRM copilot that automates 90% of third-party risk assessments using AI. Coverbase is your mission control for automating and managing third-party risk management workflows. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES AI Workflow Automation AI Vendor Outreach AI Risk Assessment Reviews AI Document Reviews False Positive Alert Filtering Enhanced Vendor Due Diligence Real-time Continuous Monitoring SLA Monitoring & Reporting Issue Management Reports & Dashboards RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES Coverbase Raises $20M To Bring AI-Enabled Security To the Forefront of Procurement November 20, 2025 ADDITIONAL OPPORTUNITIES TPRM Trends & Top Priorities for 2024 SURVEY Coverbase, an AI startup, is conducting a survey on TPRM trends and top priorities for 2024. The survey, which will provide insights into TPRM trends, offers a $50 Amazon gift card for the first 100 respondents. Previous Next