top of page

Search Results

387 results found with an empty search

  • Women Lead | Laura Valente

    Learn about Laura Valente, Director, Compliance, Ethics & Regulatory Affairs (& Chief Privacy Officer) for General Bank of Canada, and TPRA's WNTPRM May 2025 Leader Spotlight. < See All < Previous Next > Laura Valente Director, Compliance, Ethics & Regulatory Affairs (& Chief Privacy Officer) General Bank of Canada Biography Laura is the Director of Compliance, Ethics, and Regulatory Affairs (& Chief Privacy Officer) at General Bank of Canada. Bringing 10 years of experience across the banking and energy sectors, she has a proven track record in leading strategic initiatives, including the design and operationalization of Third-Party Risk Management and Regulatory Compliance frameworks, managing critical regulatory responses, and establishing key partnerships. Laura brings a global perspective from her experience working in the UK and Canada and studying in France, allowing her to tailor risk management to diverse business environments. Her work focuses on enhancing cross-functional collaboration, aligning risk management with business objectives, and fostering a culture of compliance and operational excellence. Laura is known for advancing risk management practices, driving change and her commitment to empowering others. In addition to her professional achievements, Laura is passionate about volunteering and mentoring individuals, guiding them in navigating their careers and building confidence. Leadership Characteristics Myers Briggs: INTJ Laura approaches leadership with a strategic and long-term outlook. She is detail-oriented, proactive, and committed to building strong partnerships. Her leadership style is rooted in fostering collaboration and trust, while maintaining high standards for quality and integrity in everything she does. Laura is passionate about enabling others to succeed, providing guidance and support to help her team members grow and develop their skills. She can adapt her leadership approach to meet the needs of individuals, demonstrating emotional intelligence and an ability to connect with her team on a personal level. Laura drives meaningful change by empowering her team to take ownership of their work, encouraging accountability, professional growth, and a culture of continuous improvement. Leadership Challenges As a traditional 2nd line of defense function, Risk Management is often viewed as a blocker to operations. Laura has faced the challenge of shifting the perception to Risk Management being a business enabler and strategic partner. This transformation is an ongoing journey and won’t happen overnight. Laura’s perseverance and resilience have been a key force in helping to build and maintain strong partnerships and demonstrate the value of proactive risk management. Operationalizing the TPRM program in the Bank provided a key opportunity to address this challenge. Laura used this initiative to collaborate with, train and guide stakeholders, ensuring they understood how Risk Management could support business objectives and strengthen strategic decisions. Key Take-a-ways The true value of a strong TPRM program extends beyond just mitigating threats - it lays the foundation for operational resilience and long-term success. A well-designed TPRM program helps businesses anticipate risks, adapt to change, and seize opportunities with confidence, knowing they have made well-informed decisions. Achieving this requires building strong relationships, educating stakeholders, and fostering a culture where risk is seen as a strategic partner in achieving business goals. When embedded effectively, TPRM becomes an integral part of decision-making processes, acknowledged early on rather than treated as an afterthought. Laura’s favourite aspect of TPRM is its dynamic, cross-functional nature, allowing her to collaborate with diverse teams across the entire organization. Fun Fact Laura grew up in Scotland before moving to Canada and has a passion for exploring new places and staying active. She loves road-tripping, hiking, kayaking and camping with her husband and their energetic Australian labradoodle puppy. And of course, with her personality type, she is always planning their next adventure!

  • Tandem | Vendor Member Profile

    Learn more about Tandem, a TPRA Advocate Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Tandem GRC Platform Advocate Member CONTACT INFORMATION Paul Hodnett Sales Manager phodnett@conetrix.com Tandem provides a simplified and streamlined vendor management software, designed to organize your vendor management program. Avoid complicated spreadsheets, manually updated calendars, and trying to organize files across network folders. Instead, use Tandem Vendor Management to efficiently oversee your vendors, create risk assessments, collect due diligence documents, and manage contracts and documents. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Manage and store your important vendor relationship details. Assess the significance of your vendor relationships using a consistent questionnaire. Rate each vendor's risk across a customizable list of risk categories. Organize important information about your vendor contracts in a central location. Automate the collection of third-party due diligence documents. Manage key dates through calendar, reports, and email reminders. Use more than 30 reports to gain insight into your vendor program. Conduct, document, and report on a variety of vendor reviews. Generate consistent and professional reports and documents effortlessly. Assign responsibility and various levels of access to users. RESOURCES FROM THIS VENDOR MEMBER A Better Way for Collecting Due Diligence Documents VENDOR MEMBER RESOURCE | August 28, 2025 Vendor Management Workbook VENDOR MEMBER RESOURCE | August 28, 2025 Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

  • ProcessUnity | Vendor Member Profile

    Learn more about ProcessUnity, a TPRA Advocate Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > ProcessUnity TPRM Platform Champion Member CONTACT INFORMATION Amy Brunelle amy.brunelle@processunity.com www.processunity.com ProcessUnity Third-Party Risk Management protects companies and their brands by reducing risk from third parties, vendors and suppliers. TPRM expands the scope of risk management to encompass any external party that could pose a risk to an organization, including vendors, contractors, partners and suppliers. With a single, configurable platform, ProcessUnity helps organizations manage the increasing complexity of supply chains and third-party relationships with tools to identify and assess the risks associated with each external party, monitor third-party performance and ensure external control effectiveness. Our software platform empowers you to proactively manage third-party risks and protect your organization from potential cyber threats and business disruptions. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Vendor Onboarding Sourcing RFx Inherent Risk Scoring & Vendor Classification Vendor Due Diligence & Ongoing Monitoring Vendor Risk Assessments SLAs & Vendor Performance Management Vendor Contract Management Vendor Issue Management On-Site Vendor Control Assessments Cyber Ratings, Financial Health Scores & ESG Ratings RESOURCES FROM THIS VENDOR MEMBER The Rise of ESG in TPRM | Whitepaper | ProcessUnity VENDOR MEMBER RESOURCE | September 11, 2023 Aligning Internal Cybersecurity Practices with External Third-Party Risk Management | Whitepaper | ProcessUnity VENDOR MEMBER RESOURCE | September 11, 2023 4 Keys to Creating a Vendor Risk Management Program That Works | Whitepaper | ProcessUnity VENDOR MEMBER RESOURCE | September 11, 2023 Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

  • Women Lead | Natasa Simovic

    Learn about Natasa Simovic, Third Party Risk Analyst for Telesign Corporation, and TPRA's WNTPRM January 2024 Leader Spotlight. < See All < Previous Next > Natasa Simovic Third Party Risk Analyst Telesign Corporation Biography Natasa has been in the Third-Party Risk Management for four years at Telesign Corporation, a US based company providing digital identity and programable communications APIs to prevent fraud and enable omnichannel engagement. In her current position, she manages activities throughout the TPRM lifecycle, conduct assessment process, develop and implement the TPRM program, Policy and Procedure requirements, hold trainings. Her efforts are directed to have a strong TPRM program in place and to raise awareness in general of its importance. Leadership Challenges Natasa built her organization's program and processes from the ground up in the IT industry. Key Takeaways Fun Fact Leadership Characteristics Respect, dedication, responsibility, ethics, a desire to learn, & smile Leadership Challenges Natasa built her organization's program and processes from the ground up in the IT industry. "It was really challenging, and still is, to promote and develop a TPRM role and TPRM program in the non-financial environment, to educate and invite to the collaboration all teams and involved parties." Key Take-a-ways "I find it of priceless value to have an organization such as the TPRA and all its members, programs and sources as a supporting partner in my TPRM role development." Fun Fact "TPRM awakened a whole new world within me - it increases my creativity to an unexpected level, inspires me to constantly explore further, learn, and make my environment safer."

  • Third Party Risk Association (TPRA) Announces Launch of Professional Certification Program | TPRA

    FOR IMMEDIATE RELEASE Third Party Risk Association (TPRA) Announces Launch of Professional Certification Program Friday, September 16, 2022 1/1 TPRA, a not-for-profit Third-Party Risk Management (TPRM)-focused organization, launches first professional certification, Third Party Cyber Risk Assessor (TPCRA) ANKENY, IOWA — 16 SEPTEMBER 2022 — Third Party Risk Association (TPRA) announced the official launch of the Third Party Risk Association Certification Program, open to all members of the third-party risk management (TPRM) industry to verify their knowledge, skills, and abilities within their profession. “We are excited to announce the launch of the Third Party Risk Association Certification Program,” Julie Gaiaschi, CEO and co-founder of TPRA, said. “As an organization whose mission it is to further the profession of third-party risk management through knowledge sharing and networking, it was really important to us to build-out a set of professional credentials for the practitioner community.” Professional certifications are a way to verify earner knowledge and understanding of a topic, establish professional credibility, and advance one’s career within a specialized profession. They allow earners to distinguish themselves from their peers by demonstrating commitment to mastering their skills and excelling in their field. According to MBO Partners, professional certifications are also known to boost efficiency. The advanced training, information and knowledge gained from specialized coursework can provide earners with up-to-date tools and technical strategies that will serve to guide and direct them in the execution of projects, allowing them to manage all aspects of their work more effectively. Studies also show that employees who invest in certifications tend to earn higher salaries. MBO Partners notes that Project Management Professional (PMP) certification recipients report median salaries that are 26% higher than those who are not PMP certified. Third Party Cyber Risk Assessor (TPCRA) Certification Pre-registration is now open for TPRA’s first certification, the Third Party Cyber Risk Assessor (TPCRA) Certification. The TPCRA Certification is a specialized qualification designation to confirm understanding and skill in the assessment of third-party cybersecurity controls and processes, as well as validate competency in the creation, execution, and management of third-party cyber risk assessments. In addition, the Certification will authenticate and add credibility to TPRM professional expertise as a third-party cyber risk assessor. The TPCRA is recommended for those who assess, monitor, and review third-party cybersecurity and information technology controls, as well as identify and mitigate risk related to said controls. Eligibility for this certification includes three or more years of experience in a full-time risk management/analyst and/or cybersecurity-related role, though substitutions may be obtained for up to one year of work experience. TPCRA Certification Overview The TPCRA Certification examination is designed to be challenging and ensure that the participant is fully knowledgeable, competent, and proficient in necessary cybersecurity and information technology assessment terms and techniques. The examination will cover the domains of: cybersecurity and TPRM basics, pre-contract due diligence, continuous monitoring, physical validation, disengagement due diligence, cloud due diligence, and reporting and analytics. The examination is a 150-question, multiple-choice assessment with a variety of question formats, including scenario-based, true/false, and ‘choose best response.’ It will be offered either virtually or in person and monitored via an assigned proctor, with a 3-hour time limit. TPRA is also offering optional training sessions to allow participants to be fully prepared for the examination. Purchase of TPCRA Training includes a copy of the book Cybersecurity and Third Party Risk: Third Party Threat Hunting by educator and TPRM leader, Gregory Rasner. “I’m excited to be able to announce the collaboration with Third Party Risk Association on this new training certification track around cybersecurity and third-party risk,” Rasner said. “The foundations [of this course] are built upon the book, but it’s new material that’s been built upon my experience, regulatory guidance, environmental changes, and other things that have come up since publication.” At this time, all training sessions will be taught by Rasner, giving participants direct access to the author of the text on which the examination is based. These lessons are designed to be interactive, allowing for conversation and classified learning, with a blend of informative lectures, open discussions, and workshops. “I hope that you’re as excited as I am to continue to grow this field and expertise within this new training and certification, and thanks for the collaboration with Third Party Risk Association,” Rasner said. Limited Time Promotion To celebrate the launch of their Certification Program and first certification, TPRA is offering a limited-time promotion to the first 30 individuals who register for the TPCRA Examination, Training, or Training and Examination Bundle. These individuals will receive a copy of the book, Cybersecurity and Third Party Risk: Third Party Threat Hunting, a TPCRA bookmark signed personally by the author, and 30 days of virtual access to the author and TPCRA Training Instructor, Rasner, to ask him any questions participants may have prior to their examination. Interested individuals can learn more and pre-register for the Third Party Cyber Risk Assessor (TPCRA) Certification on the TPRA website at www.tprassociation.org/tpra-certifications . Training and testing will begin in January 2023. “We are so excited to offer this first certification and cannot wait to launch the others in the coming years,” Gaiaschi said. “Thank you for your continued support of the Third Party Risk Association.” Founded in 2018, Third Party Risk Association (TPRA) was created out of a necessity to build a community of like-minded third-party risk professionals to allow for the sharing of best practices, exchanging of ideas, and influencing of the industry. Membership is available for both third-party risk management practitioners and service provider organizations, and is designed to promote collaboration, education, and advancement of the industry as a whole. This organization is a 501(c)(6) not-for-profit. ### Third Party Risk Association (TPRA) and Third Party Risk Association Certification Program are either registered trademarks or trademarks of Third Party Risk Association (TPRA) in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. MEDIA CONTACT Meghan Schrader Meghan.schrader@tprassociation.org www.tprassociation.org FOR MORE INFORMATION https://www.tprassociation.org/tpra-certifications Previous Next

  • VENDOR-HOSTED EVENTS | TPRA

    Learn about and register for events outside of the TPRA that are applicable to TPRM. Vendor-Hosted Events The TPRA promotes the industry of third party risk, which includes events conducted by other third party risk-related groups and organizations. Check back here regularly to see our list of vendor-hosted events. If you would like to promote your next third party risk-specific event, please complete the form below . Disclaimer: TPRA does not endorse or sponsor the products/services of one particular organization; however, we do communicate training opportunities for the benefit of the community. Filter by Organization Select Organization Filter by Event Type Select Event Type Filter Download Global Resilience Federation (GRF) Live Webinar AI Interrupted: A Multi-Sector Tabletop Exercise Wednesday, June 24, 2026 8:00 AM ET AI is quickly becoming a critical dependency for customer support, software delivery and core business workflows. What happens when AI is impaired? GRF’s Business Resilience Council is hosting a complimentary, cross-sector, virtual tabletop exercise offered on June 24 at 8am ET Bring your security, risk, and resilience teams – and invite your peers, colleagues, partners, vendors and suppliers. Together, we need to navigate the new risks introduced by these rapid advancements. Register Bitsight Webinar After Mythos: How Security and Risk Teams Take Action and Prove Resilience Thursday, July 16, 2026 11:00 AM ET Join us for a practical session for SecOps, GRC, TPRM, and cyber risk teams on connecting exposure, supply chain risk, and business impact into a resilience story leadership can trust. Frontier AI models like Mythos are changing how quickly vulnerabilities can be found and exploited. As that window shrinks, resilience matters more than ever. Teams need to know where they are exposed, which risks of exposure matter most, and how threats across the supply chain could impact the business. For CISOs, this also raises a harder board-level question: can we prove the organization is resilient when risk is moving faster than ever? That starts with the teams closest to the work. SecOps, GRC, TPRM, and vulnerability teams all have a piece of the story, but it’s traditionally hard to connect exposure, third-party risk, and remediation into one defensible view of resilience. Join Greg Keshian, Chief Product Officer, and Jacob Olcott, VP of Government Affairs, for a practical discussion on how organizations are adapting in the wake of Mythos and translating that work into a resilience narrative boards, investors, and executives can understand. You’ll walk away with a clearer understanding of how to: Identify the exposures and dependencies that matter most to resilience Translate exposure and supply chain risk into business impact Prioritize remediation using threat activity and business context Show progress, readiness, and investment needs with defensible evidence Register Cloud Security Alliance (CSA) Virtual Conference CSA Regulated Industries for Cloud & AI Summit 2026 Thursday, July 16, 2026 11:00 AM - 3:30 PM EDT As AI adoption and cloud modernization accelerate across energy, healthcare, government, and other highly regulated sectors, organizations face a critical question: how do you innovate at speed without compromising compliance, resilience, and trust? The Regulated Industries for Cloud & AI Summit brings together global leaders, practitioners, and policymakers to address the real-world security, governance, and regulatory challenges shaping mission-critical environments. This free, high-impact, one-day virtual event delivers actionable insights on building secure cloud and AI ecosystems, governing AI responsibly, managing third-party and supply chain risk, and preparing for emerging global regulations. If you are responsible for protecting critical infrastructure, sensitive data, or public trust, this is the forum to learn what’s working now—and what’s coming next. Register Exiger Webinar Human Rights in The Supply Chain: From Obligation to Operational Discipline Thursday, July 16, 2026 London | 6:00 PM GMT Register OneTrust Live Webinar Beyond ISO 27001: Building the Foundation for Scalable Risk and AI Governance Tuesday, July 21, 2026 11:00 am EST | 4:00 pm BST ISO 27001 has become one of the most searched and adopted security frameworks globally — but for many organizations, certification is only the beginning. As cybersecurity becomes a board-level priority and AI adoption accelerates new governance challenges, organizations are realizing they need more than point-in-time compliance. They need a scalable, operational foundation for managing risk, enabling trust, and supporting business growth. Register Bitsight Webinar Doomed or Prepared? How Frontier AI Models Reshape TPRM Programs Thursday, July 23, 2026 11:00 AM ET Vulnerability disclosure to weaponized exploit: once measured in weeks, now in minutes. How does that impact you? When your vendors' vendors are compromised, your breach happens in 90 seconds. CISOs and GRC leaders are caught between exploding third-party risk and outdated vendor management playbooks designed for a slower threat landscape. How do you shift from annual assessments to continuous intelligence? How do you prioritize when threat actors use AI to find your crown jewels faster than your teams can? And how do you finally speak the same language across SecOps, GRC, and Procurement? Join Emma Stevens (Threat Researcher, Bitsight) and Amanda Ravanesi [Director Product Management, Bitsight] as they map the post-Mythos TPRM landscape and arm you with a practical framework to build resilience at the speed of threat. What You Will Learn: How threat actors actually use AI in supply chain attacks—and why data triage, not initial access, is the new attack vector The shift from compliance-driven vendor management to threat-informed prioritization: the Before/After playbook A practical intelligence stack that turns thousands of vendors into a focused action list of critical risks Register Global Resilience Federation (GRF) In-Person Conference 9th Annual Summit on Security & Third-Party Risk Wednesday, October 21, 2026 Orlando, FL Networking and Education on Critical Third-Party and Cybersecurity Issues, for Mutual Resilience The conference features dozens of speakers on third-party risk management, cloud security, emerging cybersecurity threats, and AI/machine learning threat mitigation and management. Attendees will gain an understanding of how some of the largest and most sophisticated organizations in the world are managing risk, and leave the conference better armed to defend their company, regardless of its size or the status of its risk mitigation program. Register Submit an External Event TPRA Practitioner Members can submit upcoming events they'd like displayed on this page using the form below. Some events may also be shared via our monthly events emails and/or quarterly newsletter. TPRA does not post on-demand/recorded events to this page. TPRA Vendor Members can submit their upcoming events through the Vendor Member Submissions form . Submitter Information First name* Last name* Email* Event Information Event Title* Event Host* Event Type* Event Description* Event Date* Event Time (please include time zone)* Link to learn more and/or register for the event* Anything else we should know? Submit

  • Exiger Named 2024 Innovator Award Winner | TPRA

    FOR IMMEDIATE RELEASE Exiger Named 2024 Innovator Award Winner Thursday, April 11, 2024 Robert Huff (left), Senior Vice President, Third-Party & Supply Chain Risk Management Solutions for Exiger, accepts the 2024 Innovator Award from Julie Gaiaschi (right), CEO & Co-founder of the Third Party Risk Association (TPRA) at TPRA's 2024 In-Person Conference in Phoenix, AZ. Robert Huff (left), Senior Vice President, Third-Party & Supply Chain Risk Management Solutions for Exiger, accepts the 2024 Innovator Award from Julie Gaiaschi (right), CEO & Co-founder of the Third Party Risk Association (TPRA) at TPRA's 2024 In-Person Conference in Phoenix, AZ. 1/1 Robert Huff (left), Senior Vice President, Third-Party & Supply Chain Risk Management Solutions for Exiger, accepts the 2024 Innovator Award from Julie Gaiaschi (right), CEO & Co-founder of the Third Party Risk Association (TPRA) at TPRA's 2024 In-Person Conference in Phoenix, AZ. Exiger Named Third Party Risk Association's (TPRA) 2024 Third Party Risk Management (TPRM) Service Provider Innovator Award Winner PHOENIX, ARIZONA — APRIL 11, 2024 — At the Third Party Risk Association’s (TPRA) 2024 TPRM Conference, “Third Party Risk Madness” in Phoenix, Arizona, TPRA announced Exiger as the 2024 winner for their TPRM Service Provider Innovator Award. “We couldn’t be more excited! Thank you to all of the judges, all of the TPRA leadership, and the TPRM community,” said Brandon Daniels, Chief Executive Officer at Exiger. “Let’s make the world a safer and more transparent place for our customers to succeed!” TPRA had 24 total Service Provider nominations for this award, with 6 organizations chosen to be finalists in the award process. Despite the difficult selection process given the many outstanding service providers, the TPRA Board of Directors and select Practitioners chose Exiger as the overall winner. “What intrigued us the most about this organization is, not only do they obtain large amounts of data and correlate that data against a set of controls and regulations to determine current risks, but the correlation of that information via AI allows them to also provide you with leading risk indicators,” Julie Gaiaschi, CEO & Co-founder of the Third Party Risk Association, noted during her announcement speech. One example of this is that Exiger can provide customers with specific risks as they relate to a piece of software via CVE and the software assessment itself, but also provide leading risk indictors of how the software was developed. Not only does Exiger look at cyber risk, but also financial health, operational, regulatory, reputational, and criminal risk (which includes export controls). Because of their connection to the government, they map regulations to controls and artifacts, as well to determine regulatory compliance, via artificial intelligence (AI). When asked how they maintain the regulatory compliance side with so many new and changing regulations, Exiger stated they are, “...looking at each rule via AI and assessing changes and updates to the policy, rulemaking, or legislation on a regular basis.” In addition, they meet with regulators to help define legislation to ensure they can validate specific controls. The last piece that intrigued TPRA judges was their ability to perform root cause analysis of findings. Their AI model can articulate why risks exist through natural language prompts and provide the evidence it found to support the finding. For all these reasons and more, TPRA selected Exiger as their 2024 TPRM Service Provider Innovator Award winner. About Exiger Exiger got their start in terms of large scale TPRM in this sector with the Defense Counter Intelligence Agency and within the last few years have now branched out into the commercial space (which now makes up the majority of their business). Within the commercial sector, the majority of their clients are in healthcare, Information Communication Technology, and Advanced Manufacturing (or critical infrastructure). They are now seeing an increase in retail as well, post-COVID. Exiger is actively working to simplify the user experience by identifying risk no matter what domain it is in via not only open and privately procured sources, but also by correlating information obtained and within regulations via AI. Their mission is to provide a safer and more transparent space for customers to succeed. For more information about Exiger and their innovative approaches to identifying and mitigating third party risk, visit www.exiger.com . About the Award One of the objectives of the Third Party Risk Association (TPRA) is to promote the value that Third Party Risk Management (TPRM) Service Providers add with regards to advancing the TPRM industry as a whole. In support of this objective, the TPRA created the TPRM Service Provider Innovator Award to recognize all the work TPRM Service Providers put into delivering innovative, efficient, and effective tools and techniques for Practitioners to leverage to assess, mitigate, and manage the risk of third parties. After reviewing the initial applications, TPRA’s seven judges chose six organizations as finalists in the award process. The team of judges then met with these organizations individually to further discuss their application, where they see their organizations headed within the next five years, what they would change about the TPRM industry, and why social responsibility is important to them. “These organizations are all innovative in their own right,” TPRA noted in their initial announcement. “While this award is simply a visible recognition for one, all of these organizations are doing so many innovative and important things to better mitigate risk, improve processing times, reduce resource workload, and provide more meaningful risk identification and mitigation techniques.” This award recognizes a TPRM Service Provider organization that: offers a product and/or service to the TPRM Practitioner community at large to assist with identifying, assessing, monitoring, and/or mitigating third party risk, actively advances the industry through pioneering and/or innovating TPRM solutions/services, regularly collaborates with Practitioners, Regulators, and/or other Service Providers in the creation, implementation, and/or delivery of their innovative products/services, and advocates for and exemplifies social responsibility and philanthropy. Any TPRM Service Provider organization may apply for this award, regardless of membership with the TPRA. “We are extremely grateful to every one of the 24 innovative service provider organizations that applied this year. We look forward to getting to know even more awesome organizations in the coming years and giving them their due recognition through our Innovator Award Program,” Gaiaschi said in closing. ### The Third Party Risk Association was created out of a necessity to build a community of like-minded third party risk professionals to allow for the sharing of best practices, exchanging of ideas, and influencing of an industry. This organization is a 501(c)(6) not- for-profit. MEDIA CONTACT Meghan Schrader Meghan.schrader@tprassociation.org www.tprassociation.org FOR MORE INFORMATION https://www.tprassociation.org/innovator-award Previous Next

  • ThirdOrbit | Vendor Member Profile

    Learn more about ThirdOrbit, a TPRA Incubator Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > ThirdOrbit TPRM Platform Incubator Member CONTACT INFORMATION Tunde Ogunkoya, Founder Email: tunde@thirdorbit.io LinkedIn: linkedin.com/in/tundeogunkoya ThirdOrbit is an actuarial-grade Third-Party Risk Management (TPRM) platform purpose-built for regulated industries, particularly African Enterprises. Founded in South Africa, ThirdOrbit applies Bühlmann credibility theory, an established actuarial methodology to vendor risk scoring, producing mathematically defensible 0–999 risk scores with complete audit trails. The platform's FORCES methodology (Financial, Operational, Regulatory, Concentration, External, Security) provides six-dimension risk decomposition with AI-powered evidence verification, resolving the cold-start problem that plagues traditional TPRM tools. ThirdŌrbit natively supports POPIA, NDPA, SARB directives, and CBN frameworks, NOGICD Act 2010 (as amended by PIA), MPRDA 2002, serving regulated enterprises across banking, insurance, telecommunications, Oil& Gas and energy sectors in South Africa, Nigeria, and Kenya. TOP PRODUCT FUNCTIONALITY CATEGORIES Vendor Risk Scoring (Actuarial-Grade, Bühlmann Credibility) Third-Party Risk Assessment & Questionnaire Management AI-Powered Evidence Verification & Inconsistency Detection Regulatory Compliance Assessment (POPIA, NDPA, SARB, CBN) Continuous Security Monitoring (External Integration) Knowledge Base Auto-Fill with Three-Tier Answer Orchestration Model Governance & Parameter Sensitivity Analysis Contract Risk Management & SLA Monitoring Vendor Ecosystem Mapping (Orbit Map Visualization) TPRM-as-a-Service (Managed Assessments for ALL Enterprises) RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

  • Women Lead | Tiffany King

    Learn about Tiffany King, Senior Director for TD International (TDI), and TPRA's WNTPRM August 2023 Leader Spotlight. < See All < Previous Next > Tiffany King Senior Director TD International (TDI) Biography Tiffany King is a Senior Director at TDI, a risk intelligence and advisory firm that helps clients manage a broad range of market, regulatory, compliance, and reputational risks. Tiffany leads the business development team for TDI Diligence Suite, an end-to-end workflow management platform specifically designed to manage third-party risk. Tiffany is a licensed attorney with more than a decade of experience consulting with companies and law firms on various software solutions. Leadership Characteristics Tiffany believes in a transformational leadership style looking to always set the bar higher and motivating colleagues to do the same. She recognizes each person brings something different to the table and emphasizes the strengths of each. She sees value in taking initiative while always remaining coachable. Leadership Challenges In a consulting, vendor, or advisory role, each of the different challenges faced by your clients become your challenges as well. It's critical to not only understand their overall objectives, but also their challenges, and work alongside them to find outside-the-box solutions that work for the specifics of their situation. Key Take-a-ways "TPRM professionals are some of the most collaborative people I have been around and everyone is constantly learning from the experiences of their peers and solving problems together in this ever-evolving practice. Get involved in the networking groups and don't hesitate to reach out and make new connections." Fun Fact The majority of Tiffany's spare time is spent in a volunteer capacity with a number of philanthropic organizations including: IMPACT100, Big Brothers Big Sisters & Project Formal. She also enjoys offshore fishing and big game hunting.

  • Women Lead | Dr Angela Dogan

    Learn about Dr Angela Dogan, Associate Director, Cybersecurity Assurance for Kyndryl, and TPRA's WNTPRM April 2026 Leader Spotlight. < See All < Previous Next > Dr Angela Dogan Associate Director, Cybersecurity Assurance Kyndryl Biography Dr. Angela obtained her Doctor of Information Technology specialized in Information Assurance and Cybersecurity in 2022. However, she has spent the past 20+ years in the field of Cybersecurity Risk Management beginning in Third Party Risk Management to where she currently is which is assisting organizations build, maintain, and mature their Cybersecurity Governance, Risk, and Compliance programs at Kyndryl. Her expertise spans across industries such as Financial Services, Healthcare, and Retail. She’s driven by her ability to strategize with organizations to determine a customized approach to the regulatory and compliance needs of the organization. Coupled with her passion for leading and growing teams that can effectively maintain Cybersecurity risk management programs aligned with NIST 800-53, ISO 27001/2, SOX, ITGC, and/or PCI. Angela is a demonstrated leader and expert in the industry as she has written content for several Risk Management Control Frameworks such as the Cloud Security Alliance’s Cloud Controls Matrix, The Shared Assessments Program SIG, SCA, and VRMMM. Angela also has a passion for Public Speaking and has led many webinars and workshops related to Third Party Risk Management, Enterprise Risk Management, Careers in Cyber to name a few. She also is an Adjunct Professor, teaching Introduction to Cybersecurity and Network Fundamentals. Leadership Characteristics Servant Leader Leadership Challenges I have persevered by keeping a growth mindset and never feeling like "I've arrived" so I've made it a goal to continue to be a life-long learner. I'm committed to being the change I want to see. Key Take-a-ways TPRM Strategy - never feeling like a company is too small to have a solid TPRM Program. Fun Fact I love to crochet and do fun things with my grands.

  • FusionAIrre | Vendor Member Profile

    Learn more about FusionAIrre, a TPRA Incubator, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > FusionAIrre TPRM Platform Incubator Member CONTACT INFORMATION Stephanie Greer CEO & Founder Stephanie@FusionAIrre.ai +1 (919) 271-4341 FusionAIrre.a i Tom Garrubba Cofounder & Chief Commercial Officer Tom@FusionAIrre.ai +1 (412) 720-4248 FusionAIrre.ai Trust Has Become a Business Requirement. Organizations today face unprecedented pressure to demonstrate trust across a growing number of stakeholders. FusionAIrre helps organizations respond to customer, regulatory, and due-diligence requests faster, more accurately, and with greater confidence through agentic AI, governed workflows, and enterprise orchestration. As External-Party Assurance demands continue to grow, FusionAIrre is redefining how organizations demonstrate trust, accelerate business, and maintain compliance at scale. TOP PRODUCT FUNCTIONALITY CATEGORIES FusionAIrre enables organizations to respond to customer, regulatory, and due diligence requests through a single, governed platform—delivering fast, consistent, and audit-ready assurance at scale. Complete External-Party Assurance in hours not days or weeks through governed AI, structured workflows, and reusable, evidence-backed responses. Show More RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES Delta Dental of NJ and Connecticut PR Newswire: FusionAIrre & Delta Dental of NJ and Connecticut June 18, 2026 Scheider Downs PR Newswire: FusionAIrre & Schneider Downs June 4, 2026 ADDITIONAL OPPORTUNITIES Previous Next

  • Women Lead | April Harrison

    Learn about April Harrison, Sr. Director of Marketing & Communications for Trust Your Supplier, and TPRA's WNTPRM January 2026 Leader Spotlight. < See All < Previous Next > April Harrison Sr. Director of Marketing & Communications Trust Your Supplier Biography April Harrison is a B2B SaaS marketing leader with six years of experience helping organizations in procurement and third-party risk management (TPRM) connect big ideas to real customer value. At Trust Your Supplier, she built the marketing function from the ground up, launching campaigns, creating thought leadership, and designing onboarding experiences that made blockchain technology accessible and useful. Along the way, she’s introduced award-winning initiatives, produced an industry podcast, and brought together Fortune 500 leaders to collaborate on the future of supplier risk management. Colleagues describe April as adaptable, collaborative, and creative under pressure. She thrives on turning complex concepts into clear, compelling stories and building systems that make teams stronger and more efficient. Beyond her day-to-day work, she is passionate about advancing women's leadership in TPRM by sharing knowledge and lifting others up. Leadership Characteristics April has played a key role in shaping how third-party risk management is communicated and understood. At Trust Your Supplier, she doesn’t just run campaigns, she built the entire marketing function from scratch. Her work has amplified the company’s voice in the market, from increasing LinkedIn engagement by 400% to guiding product launches with clear, accessible messaging. She has also brought industry leaders together through governance boards and customer advisory groups, ensuring that innovation is informed by the voices of those on the front lines. Her leadership has been about creating connections, building trust, and showing what’s possible when collaboration is at the center. Leadership Challenges Like many in growing organizations, April has faced shifting priorities, leadership changes, and the challenge of building impact with limited resources. Rather than seeing these as setbacks, she treated them as opportunities to adapt and grow. By staying focused on the end goal, reaching new customers and helping customers succeed, she was able to pivot quickly, create new processes that brought clarity, and keep projects moving even when the path forward wasn’t always clear. These challenges strengthened her resilience and reinforced her belief that steady progress and collaboration matter more than perfection. Key Take-a-ways If there’s one message April would share with others in TPRM, it’s that clarity and connection make all the difference. Whether you’re explaining complex risk concepts to a customer, collaborating across functions, or mentoring a teammate, the ability to communicate clearly builds trust and accelerates progress. Her favorite part of working in TPRM is that it’s never just about technology, it’s about people coming together to solve problems, protect organizations, and build stronger partnerships. Fun Fact At her core, April is a teacher. She started her career as a preschool teacher and has spent the last eight years teaching group fitness classes. Whether it’s helping a child master a new skill, guiding a class through a workout, or mentoring a colleague at work, she loves creating spaces where people feel encouraged, capable, and supported.

bottom of page