top of page

Search Results

386 results found with an empty search

  • Women Lead | Jill Czerwinski

    Learn about Jill Czerwinski, Managing Partner - Third Party Risk Services for Crowe LLP, and TPRA's WNTPRM November 2022 Leader Spotlight. < See All < Previous Next > Jill Czerwinski Managing Partner - Third Party Risk Services Crowe LLP Biography Jill has been with Crowe for over 20 years, and started the third party risk practice in 2009. She started her career in Cybersecurity, pivoting after seeing clients suffer a breach due to vendors despite strong internal security programs. Leadership Characteristics Jill's Meyers Briggs profile is an ISTJ - meaning she thrives on observing and analyzing facts. She has always been drawn to consulting because of the ability to independently observe many companies and synthesize their strengths and weaknesses. Third party risk plays to her strengths with even more company data points. Leadership Challenges Jill's primary challenge in leadership is slowing down. She sometimes moves too quickly through tasks without taking the opportunity to observe, ask, collaborate, and listen. She often focuses with relentless prioritization, asking what she can stop doing so she can do other things with more focus. Key Take-a-ways Jill enjoys Third Party Risk because of the opportunity to get a bird's-eye-view into a company's extended ecosystem. She notes: "If you think of your job as a questionnaire processor, you miss the opportunity to take a step back and see the strategy in all those tasks." Fun Fact Jill enjoys traveling with her husband and two children. They've been to about a dozen states so far, with a trip out West to the National Parks planned for next year.

  • Ventara Risk Solutions | Vendor Member Profile

    Learn more about Ventara Risk Solutions, a TPRA Consultant Catalyst Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Ventara Risk Solutions TPRM Services Consultant Catalyst CONTACT INFORMATION Steve Alameda Managing Principal steve@ventararisksolutions.com Ventara Risk Solutions provides senior, business-aligned TPRM advisory and operating support for organizations under pressure from assessments, backlog, renewals, remediation, audit scrutiny, regulatory expectations, unclear ownership, or vendor approval friction. Ventara helps teams connect third-party oversight to material business risk, evidence sufficiency, residual-risk ownership, and decisions leadership can explain and defend. Engagements may start with practical assessment, backlog, or remediation support, but the goal is a stronger TPRM program where review depth matches business consequence and the business can stand behind its approvals, exceptions, and ongoing reliance decisions. TOP PRODUCT FUNCTIONALITY CATEGORIES Business-Risk Tiering and Intake Governance: Classify requests by revenue, operations, data exposure, access, and dependency so review effort scales to consequence. Risk Acceptability and Decision Standards: Define what is acceptable, who decides, what evidence is enough, and how exceptions are approved and time-bound. Use-Case Due Diligence and Evidence Calibration: Match evidence to the actual use case, business reliance, and risk tier rather than defaulting to generic questionnaires. Decision-Ready Approvals and Renewals: Provide practical, prioritized, and defensible approve, remediate, exception, and renewal options leaders can act on. Contract Controls and Assurance Rights: Translate requirements into enforceable terms, audit rights, assurance rights, and flow-down obligations. Material-Change and Vendor Change Governance: Identify change triggers for SaaS, AI, data-flow changes, subcontractors, and scope shifts before risk drifts between reviews. Onboarding Control Activation and Handoffs: Turn requirements into operating reality through access, configuration, ownership, evidence, and cadence setup. Monitoring and Renewal Cadence: Establish tier-based monitoring, renewal rhythm, evidence refresh, and escalation paths for relationships that matter. Remediation, Exceptions, and Closure Verification: Track remediation, verify closure evidence, define compensating controls, and time-bound exceptions. Exit Readiness and Offboarding Resilience: Reduce disruption through exit planning, access removal, transition assumptions, and data return or deletion evidence. RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

  • DocuBark | Vendor Member Profile

    Learn more about DocuBark, a TPRA Incubator Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > DocuBark TPRM Platform Incubator Member CONTACT INFORMATION Jonathan Mandell CEO & Founder jonathan@docubark.com DocuBark is a TPRM workflow automation and risk analysis platform built to replace legacy, rigid systems with a faster, more transparent approach. When teams log in, they get a clear view of every vendor assessment - what’s in progress, what’s complete, and what’s holding things up. DocuBark analyzes vendor documents, supports FAIR-based residual risk scoring, and offers features like smart intake forms and dynamic inherent risk scoring to reduce manual effort and improve decision-making across the third-party risk lifecycle. TOP PRODUCT FUNCTIONALITY CATEGORIES Document Intelligence & Parsing: Automatically extract and structure data from vendor documents (e.g., SOC 2, SIG, CAIQ), enabling faster, more accurate due diligence. Control Summarization & Mapping: Generate clear summaries of vendor security controls and map them directly to your questionnaires, frameworks, or scoring rubrics. FAIR-Based Residual Risk Analysis: Quantify residual risk in financial terms using FAIR methodology, factoring in inherent risk, control strength, and business impact. Smart Intake Forms: Guide business requesters through risk-relevant questions during intake, dynamically adjusting based on the vendor’s role, data access, and system integration. Dynamically Built Assessments Based on Vendor Scope: Automatically generate tailored security assessments based on each vendor’s risk profile, services, and technology footprint—reducing noise and focusing on what matters. RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

  • Women Lead | Vicki Dean

    Learn about Vicki Dean, Senior Strategic Sales Director for Supply Wisdom, and TPRA's WNTPRM February 2023 Leader Spotlight. < See All < Previous Next > Vicki Dean Senior Strategic Sales Director Supply Wisdom Biography Vicki Dean is Senior Strategic Sales Director at Supply Wisdom, an always-on monitoring solution helping companies stay ahead of supply chain disruptions. Building relationships in this industry and working as a partner to design risk-mitigating solutions has become a passion for Vicki. Prior to joining Supply Wisdom, Vicki was Senior Vice President at Shared Assessments, a member-driven organization delivering secure and resilient third-party partnerships and solutions, and the creator of the widely used SIG (Standardized Information Gathering) questionnaire. She is also a proud holder of the Certified Third Party Risk Professional (CTPRP) designation. Leadership Characteristics Vicki believes in always leading with kindness. Leadership Challenges At the beginning of her career, Vicki spent nearly a decade working for the National Agency of Record for General Motors. She was a young woman in a man’s world and was almost always the only female in the room. This experience taught her many things about how to be heard, back up her objectives with metrics, and lead with confidence. Although there were bumps in the road, she has always felt respected, and she attributes a lot of that to the fact that early on she applied a life motto which she refers to as the kindness principle. Vicki goes into every business situation with an open mind and kind heart, which has proven to be successful for her throughout her entire career. She has built entire teams based on this principle and has proven to leadership and boards that leading with kindness yields superior results. Key Take-a-ways "I have found the TPRM community to be one where collaboration and relationships are highly valued. We all should work hard every day to keep that collaboration going because it truly contributes to the greater good." Fun Fact More than anything Vicki enjoys spending time with her 3 daughters, Anna, Rayna and Jessica. She also has a passion for hiking, and her favorites so far are Devil’s Bridge in Sedona and the White Cliffs of Dover.

  • Women Lead | Maria Alhasoon

    Learn about Maria Alhasoon, VP Vendor Management for Byline Bank, and TPRA's WNTPRM February 2026 Leader Spotlight. < See All < Previous Next > Maria Alhasoon VP Vendor Management Byline Bank Biography Maria is a strategic TPRM leader with 20+ years of experience who enjoys being the SME in the TPRM world for the enterprise. Maria has over 10 years of experience in banking. Maria is highly educated with a Master of Science in Supply Chain Management. She transformed the vendor management program to ensure the organization is meeting standard industry practices. She has a proven track record by receiving satisfactory ratings on all FDIC Exams. Maria successfully developed and implemented a robust TPRM program for the Bank. Leadership Characteristics Ambitious, Overachiever, Discipline, Perfectionist. Maria exemplifies collaborative leadership, fostering strong relationships across departments to drive alignment and achieve shared goals. She is recognized for her ability to mentor and empower team members, cultivating a culture of accountability and professional growth. Her proactive approach and strategic vision consistently inspire confidence and trust throughout the organization. Leadership Challenges 1. Support from Executive Leadership 2. Business units requesting prompt onboarding of vendors. Among the challenges Maria faces as a leader are balancing high expectations with practical realities and ensuring sustainable growth while managing limited resources. She also navigates the complexities of evolving regulatory requirements, responding quickly to changes while maintaining strong operational standards. Key Take-a-ways Strategic transformation of vendor management programs leads to improved compliance and organizational resilience. Collaborative leadership and mentorship foster a culture of growth and accountability. Fun Fact Maria has recently begun taking golf lessons, playing several times each month. She regularly participates in fitness classes such as Zumba, and kickboxing. Additionally, she serves as a Women Empowerment leader at the bank and take part in volunteer activities that support domestic violence organizations.

  • Certa | Vendor Member Profile

    Learn more about Certa, a TPRA Principal Partner Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Certa TPRM Platform Principal Member CONTACT INFORMATION Collin Townsend Head of Account Management collin.townsend@getcerta.com Certa is the leading Third Party Risk Management (TPRM) solution. With its comprehensive Third Party Operating System (Third Party OS), Certa lets you manage risk across all third party types, all risk domains, all in one OS. Certa leverages AI across the third party lifecycle—automating onboarding, risk analysis, compliance, and monitoring. Its no-code workflows, AI-driven decisioning, and real-time data integrations help you adapt to evolving regulations and business needs. With full spectrum risk coverage, Certa delivers due diligence 80% faster, driving smarter and more efficient third party management for global enterprises. TOP PRODUCT FUNCTIONALITY CATEGORIES Certa TPRM: Onboarding, Due Diligence, Performance Management, Infosec, Privacy, Fraud, PEPs & Sanctions, Adverse Media, Geopolitical, + more Certa Ethics & Compliance: ABAC, KYC/AML, KYB, Forced Labor, UFLPA, + more Certa ESG: Sustainable supply chain RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

  • Women Lead | Hilda AndelizGomez

    Learn about Hilda AndelizGomez, VP. Enterprise Third Party Risk Performance Analyst for Valley Bank, and TPRA's WNTPRM August 2025 Leader Spotlight. < See All < Previous Next > Hilda AndelizGomez VP. Enterprise Third Party Risk Performance Analyst Valley Bank Biography Hilda Andeliz is a Dominican American professional with over 10 years of experience in the banking industry. She began her career in retail banking, where she built a strong foundation in operations and customer relationships. Her path into Third-Party Risk Management wasn’t conventional—but the turning point came when a leader saw beyond her résumé. They believed in her potential, recognized the value of her frontline experience, and opened the door to a new career path. Today, Hilda serves as Vice President, Enterprise Third-Party Risk Performance Analyst at Valley Bank, where she oversees third-party performance, regulatory alignment, and operational resilience. She leads with empathy, collaboration, and a deep commitment to continuous growth for herself and those around her. Hilda has shared her journey and insights at events like CeFPro’s Vendor & Third-Party Risk USA and through Aravo’s webinars, championing the belief that growth in risk management is a shared journey driven by support, connection, and purpose.Hilda holds a Bachelor’s degree in Finance from Rutgers University and is a Certified Third-Party Risk Management Professional (C3PRMP). Leadership Characteristics My leadership characteristics are rooted in empathy, integrity, and collaboration. I lead with purpose and adaptability, always focused on creating environments where people feel empowered to grow, contribute, and thrive. I bring a detail-oriented mindset and a passion for continuous improvement, using data, clear communication, and proactive problem solving to drive meaningful results. Whether it’s regulatory stewardship, vendor partnerships, or cross-functional execution, I approach each challenge with a commitment to learning, inclusion, and long-term impact. I believe strong leadership is not just about outcomes—it’s about how we show up for others and create space for innovation and growth. Leadership Challenges One of the most meaningful leadership challenges I’ve faced was stepping into new roles while leading teams with diverse backgrounds, often including individuals with more industry experience or different learning styles. Navigating these dynamics taught me that leadership isn’t about having all the answers; it’s about showing up with humility, listening actively, and creating space for others to thrive. I’ve learned to adapt my approach to meet people where they are, foster an inclusive environment, and lead with empathy and openness. These experiences, much like my own nontraditional path into Third-Party Risk Management, have reinforced my belief that trust, collaboration, and belief in one another are what truly move teams—and careers—forward. Key Take-a-ways One of my favorite aspects of Third-Party Risk Management(TPRM) is how it goes far beyond oversight—it’s about aligning people, processes, and strategy to strengthen the organization as a whole. At its core, TPRM is relationship-driven. The most effective partnerships are built on trust, transparency, and consistent communication. For me, growth in this space begins from within. It starts with believing in yourself and showing up with purpose, courage, and a willingness to evolve. That mindset has shaped how I lead, collaborate, and contribute to the broader mission of risk management. Fun Fact Outside of work, I find balance and energy in the moments that bring me joy and connection. Whether it’s traveling to new places, spending peaceful days at the beach, or dancing to music that lifts my spirits, these experiences help me recharge and stay grounded. The time I treasure most, however, is the time I spend with my daughter. From exploring new adventures to sharing quiet, everyday moments, being with her reminds me of what truly matters. She inspires me to approach life and work with intention, purpose, and gratitude, constantly shaping the example I strive to set for her.

  • Secure Controls Framework (SCF) | Vendor Member Profile

    Learn more about Secure Controls Framework (SCF), a TPRA Strategic Partner, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Secure Controls Framework (SCF) TPRM Services Strategic Partner CONTACT INFORMATION support@securecontrolsframework.com The SCF is made up of volunteers, mainly specialists within the cybersecurity profession, who focus on Governance, Risk and Compliance (GRC) and the cybersecurity side of data privacy. These are auditors, engineers, architects, incident responders, consultants and other specialists who live and breathe these topics on a daily basis. The end product is "expert-derived content" that makes up the SCF. We have the ambitious goal of providing cybersecurity and data privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin. The end state is to help companies become and stay compliant with cybersecurity and data privacy requirements. The glue that ties GRC together is a uniform set of controls. Unfortunately, in most organizations, there is no set of shared controls and that leads to poor governance practices and an overall weaker state of security and privacy. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Cybersecurity Controls Data Privacy Controls RESOURCES FROM THIS VENDOR MEMBER Security, Compliance & Resilience Management System (SCRMS) VENDOR MEMBER RESOURCE | March 10, 2026 Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES Security, Compliance & Resilience Management System (SCRMS) March 9, 2026 ADDITIONAL OPPORTUNITIES Previous Next

  • AI/LLM Security & Risk Course for TPRM: Learn the risks that AI in vendors can carry, and how to assess them | Training Course

    This training course is designed for Third-Party Risk Management teams looking to enhance their understanding of AI security and risk assessment. It consists of two specialized tracks.  AI/LLM Security & Risk Course for TPRM Learn the risks that AI in vendors can carry, and how to assess them Price $0 Duration 1 Hour Type On-Demand Enroll < Back About the Course PromptArmor brings you the " AI/LLM Security & Risk Course for TPRM ". This training course includes 12 modules to teach you the risks that AI in vendors can carry, and how to assess them. This training course is designed for Third-Party Risk Management teams looking to enhance their understanding of AI security and risk assessment. It consists of two specialized tracks. Track 1: AI Security for TPRM Teams focuses on core AI security concepts, including large language model (LLM) behavior, embeddings, vector databases, retrieval-augmented generation (RAG), fine-tuning, and indirect prompt injection—key areas where security risks can emerge in AI-driven systems, and where third party risk professionals should look to mitigate risk. Track 2: Holistically Assessing AI in Third Parties equips TPRM professionals with the skills to evaluate the AI-enabled features that vendors offer. It covers AI application architecture, data usage policies, cybersecurity, data privacy, governance, and model risks, providing a comprehensive framework for assessing AI-related risks in third-parties. Together, these tracks offer a structured approach to understanding and mitigating AI security threats in third parties. If you have any questions, please contact PromptArmor at support@usepromptarmor.com . Your Instructor N/A – On-Demand PromptArmor helps TPRM teams assess and continuously monitor the risks of AI in vendors. We have extensive experience in finding novel threats in AI-enabled applications, and suggesting concrete actionable recommendations to remediate - both with configuration changes and vendor questions. N/A – On-Demand N/A – On-Demand 1/1 Previous Next

  • Heather Kadavy | Director of Membership Success

    Get to know Heather Kadavy, TPRA's Director of Membership Success! < Back Heather Kadavy Director of Membership Success SENIOR STAFF Heather Kadavy is the Director of Membership Success at the Third Party Risk Association (TPRA) , where she advances the global Third-Party Risk Management (TPRM) community by connecting practitioners, service providers, and thought leaders across the broader GRC ecosystem. With nearly 35 years of experience in financial services , Heather brings deep expertise across TPRM, Enterprise Risk Management, Cybersecurity, Information security, Business Resiliency, Vendor Governance, and Regulatory Risk . Prior to joining TPRA in 2023, she led and matured multiple enterprise-wide risk programs at a Nebraska-based financial institution, overseeing more than 1,000 third-party relationships , due diligence processes, and contract management activities. She has also provided independent TPRM executive consulting to organizations seeking to strengthen their programs and practices. A passionate educator and facilitator, Heather has designed and delivered risk and compliance training for thousands and has served in leadership and board roles supporting local, regional, and statewide peer collaborations among financial institutions, regulators, law enforcement, and industry organizations. Known as a natural connector , Heather believes meaningful relationships are the foundation of strong risk management. Her approach blends technical expertise with kindness, clarity, and collaboration , helping individuals and organizations grow their influence while strengthening the TPRM profession. Heather holds a bachelor's degree in accounting from the University of Nebraska–Lincoln and has held multiple professional certifications, including but not limited to: Certified Enterprise Risk Professional (CERP) , Certified Third Party Risk Management (CTPRM) , and Certified Banking Vendor Manager (CBVM) . Based in Lincoln, Nebraska , Heather enjoys volunteering, puzzles, baking, and time with family and friends. She welcomes connection through TPRA and LinkedIn to continue the TPRM Global Conversation . Next >

  • BraunWeiss Inc. | Vendor Member Profile

    Learn more about BraunWeiss Inc., a TPRA Consultant Catalyst, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > BraunWeiss Inc. TPRM Services Consultant Catalyst CONTACT INFORMATION Contact us at compliance@braunweiss.net Phone: 781 489 3743 BraunWeiss is a recognized leader in Third-Party Risk Management (TPRM) services, focused on supporting small and mid-sized organizations in meeting TPRM compliance requirements. As a valued member of Third Party Risk Association (TPRA), BraunWeiss is at the forefront of transforming the outsourced TPRM services landscape while empowering organizations to proactively manage, monitor, and mitigate and fulfill their Vendor and Third-Party Risk Assessments obligations. BraunWeiss delivers comprehensive TPRM services, as “TPRM AS A Service” by leveraging decades of expertise and third-pary risk practioners with industry standard certifications (CTPRP, CTPRA, CISM, CISA, CDPSE, CRISC). By offering the specialized outsourced TPRM services, empowering organizations across diverse industries to confidently navigate the complexities of third-party relationships, safeguard their operations, and achieve regulatory compliance in an increasingly interconnected business environment. TOP PRODUCT FUNCTIONALITY CATEGORIES 1. Third-Party Risk Assessments: (On-site and Remote) BraunWeiss conducts thorough risk assessments on behalf of clients to uncover potential vulnerabilities, compliance gaps, and security risks posed by third-party relationships. These assessments are tailored to the unique requirements of each client and industry, ensuring that organizations can make informed decisions about vendor selection and ongoing management. 2. Vendor Lifecycle Management: BraunWeiss supports clients throughout the entire vendor management lifecycle, from sourcing and onboarding to ongoing monitoring and periodic reviews. This approach ensures that third-party risks are continuously evaluated and managed as business needs and regulatory landscapes evolve. 3. Regulatory Compliance Alignment: BraunWeiss assists organizations in aligning TPRM programs with leading compliance frameworks such as SOC 2, NIST, ISO, HIPAA, HITRUST and GDPR, helping clients prepare for independent audits, maintain certifications, and demonstrate robust information security practices. 4. Cybersecurity Risk Mitigation: As part of TPRM services, BraunWeiss implements effective strategies to reduce cybersecurity threats originating from third-party vendors, helping organizations protect sensitive data and maintain business continuity. RESOURCES FROM THIS VENDOR MEMBER TPRM and Compliance Slick July 2025 VENDOR MEMBER RESOURCE | July 28, 2025 10 Steps for SOC 2 Compliance Readiness VENDOR MEMBER RESOURCE | July 28, 2025 SOC 2 Compliance Readiness Services VENDOR MEMBER RESOURCE | July 28, 2025 Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

  • Women Lead | Verity Billson

    Learn about Verity Billson, Group Head of Third Party Risk Management for Experian, and TPRA's WNTPRM March 2026 Leader Spotlight. < See All < Previous Next > Verity Billson Group Head of Third Party Risk Management Experian Biography Verity Billson is a senior leader in Third Party Risk/Supplier Management with over 25 years of experience across financial services, retail, and manufacturing. She currently serves as Group Head of Third Party Risk Management at Experian, where she leads global oversight and strategy across UK&I, EMEA, APAC, and Brazil. Verity has a strong track record of building TPRM functions from the ground up, delivering operational resilience, and driving compliance with regulatory standards. Her career includes senior roles at Jaguar Land Rover, Boots, and Capital One, where she led supplier management strategies, contract negotiations, and risk mitigation initiatives. Verity is known for her strategic thinking, stakeholder engagement, and ability to deliver measurable results. She is also an active fundraiser for the British Heart Foundation and a recipient of the National Outsourcing Association’s Academic Achievement Award. Leadership Characteristics Influencer & Communicator Strategic Visionary & Collaborative Leader Leadership Challenges Winning hearts & minds to see TPRM as more than a tick box Key Take-a-ways It’s a field that’s constantly evolving, with new risk landscapes and emerging challenges. That pace of change is what makes it so exciting and rewarding to be part of. Fun Fact I am a grandmother to 3 wonderful grandsons, I have a black labrador (Otis) and my favorite past time is watching competitive show jumping (ideally from a warm & sunny destination!)

bottom of page