Search Results

< Back Sr Program Manager - Governance, Risk & Compliance Apply Now United States (Remote) Job Type Full Time Organization HealthEquity Application Deadline April 13, 2024 About the Role Develop an understanding of HealthEquity business processes and systems to support the Security GRC team. Conduct comprehensive risk assessments and vulnerability analyses to identify potential security risks and recommend appropriate mitigation strategies. This will require leading and influencing cross-functional teams and stakeholders at all levels of the company. Guide external assessors in conducting NIST CSF, HITRUST, PCI DSS, FedRAMP, and other assessments. Act as a liaison between assessors and internal teams to ensure clear communication and timely completion of evidentiary requests. Participate in control walkthroughs, assist in gathering audit evidence requests, and coordinate follow-up requests. Oversee exception remediation and monitoring. In conjunction with Attack Surface Management and Vulnerability Management teams, plan and support penetration tests, vulnerability scans, and remediation actions required by compliance programs, including PCI DSS and FedRAMP. Develop and implement security metrics and key performance indicators (KPIs) to measure the effectiveness of security controls, risk mitigation strategies, and compliance efforts. Regularly analyze and report on security metrics to senior management, identifying trends, areas of improvement, and actionable insights. Lead and support information-gathering efforts related to HealthEquity’s complex data environment and apply new or changing security practices to new and existing processes and controls. Manage identification and rollout of scalable innovative technologies to support security governance, including developing usage policies and guidelines, audit, and control processes. Maintain “auditor-ready” toolkits for response to audits, assessments, and regulator inquiries. Drive continuous improvement efforts by identifying opportunities for enhancing security governance, risk management, and compliance practices. Requirements Bachelor’s Degree, focus on information security, information technology, or related discipline is preferred. 5+ years of professional experience in a role involving Information Security GRC, IT Compliance, IT Audit, legal, or privacy, preferably in a technology setting or highly regulated industry. Experience with O365 applications (Word, PowerPoint, Excel) Additional Education/Certification preferred but not required, e.g. CIPP or CIPM, CDPSE, CISSP, CISM, CISA, CCSA Experience interacting with and working directly with/for internal/external business partners. Able to work collaboratively in a fast-paced technology environment, where willingness to learn and adapt is critical. At least one certification from ISO 27001 Lead Auditor, CISA, HIPAA Expert, SOX Expert Certification (Preferred) or applicable project management certifications. Strong level of knowledge in at least one of industry standards and best practices such as SOC1, SOC2 Type II, ISO/IEC 27001 Certification, HIPAA Compliance, HITRUST, and PCI/DSS Strong exposure to and knowledge of Information Technologies and IT security best practices Strong working experience in establishing information security risk management, governance, compliance and audits in different regions and business units from scratch and achieve maturity over next 2 years. Ability to work autonomously or as part of a team, within targets and deadlines Excellent written and verbal communication skills. Experience influencing others to take action. About the Company HealthEquity is a leading administrator of Health Savings Accounts (HSAs) and other consumer-directed benefits—FSA, HRA, COBRA, and Commuter. Benefits advisors, health plans, and retirement providers partner with us to help over 13 million members work toward long-term health and financial wellbeing. Visit HealthEquity.com to see our intuitive technology and remarkable service in action. Apply Now < Prevous Next >

TPRM Tools At the Third Party Risk Association we know that finding the right vendor for your needs can be a challenge. Often, organizations may not even know the potential vendors in the space. We're aiming to build an exhaustive list of TPRM vendors in various categories to make life a little easier for you. This list of TPRM Vendors is not affiliated with the TPRA, nor does the TPRA receive any monetary gain from listing them below. ​ If you are a TPRM Vendor and would like to be included in the list below, please email Julie Gaiaschi at Julie@tprassociation.org . Filter by Category Select Category Filter by TPRA Membership Select Status Search Clear Filters Number found: 95 Category Name TPRA Member? URL GRC Platform 360Factors Inc No https://www.360factors.com GRC Platform Archer Integrated Risk Management No https://www.archerirm.com/third-party-governance GRC Platform CoreStream No http://corestreamplatform.com GRC Platform DVV Solutions TPRM No https://www.dvvs.co.uk GRC Platform Diligent No https://www.diligent.com/ GRC Platform LogicManager No https://www.logicmanager.com/ GRC Platform MetricStream No https://www.metricstream.com GRC Platform Navex No https://www.navex.com/en-us/products/navex-irm-integrated-risk-management/third-party-risk-management/ GRC Platform Onspring No https://onspring.com/solutions/governance-risk-compliance/third-party-risk-management/ GRC Platform OpenPages GRC by IBM No https://www.ibm.com/products/openpages-with-watson?utm_content=SRCWW&p1=Search&p4=43700070084211913&p5=p&gclid=f61d865decc71a305683e4bf26ab6b2c&gclsrc=3p.ds GRC Platform RiskOptics formerly Reciprocity No https://reciprocity.com/ GRC Platform SAI 360 GRC No https://www.sai360.com/ GRC Platform SAP Risk Management No https://www.sap.com/products/financial-management/risk-management.html GRC Platform ServiceNow GRC No https://www.servicenow.com/products/governance-risk-and-compliance.html GRC Platform Standard Fusion No https://www.standardfusion.com/ GRC Platform TutelaSolutions No https://www.tutela-solutions.com/ Risk Ratings/Intelligence Argos No https://argosrisk.com Risk Ratings/Intelligence BitSight No https://www.bitsight.com Risk Ratings/Intelligence Black Kite Yes https://blackkite.com/ Risk Ratings/Intelligence BreachSiren Yes https://breachsiren.com Risk Ratings/Intelligence Continuity Strength No https://continuitystrength.com/corporate-support Risk Ratings/Intelligence Cyberwrite No https://www.cyberwrite.com/ Risk Ratings/Intelligence Dun & Bradstreet No https://www.dnb.com/solutions/manage-supplier-risk.html Risk Ratings/Intelligence Findings No https://findings.co/ Risk Ratings/Intelligence FortifyData No http://www.fortifydata.com Risk Ratings/Intelligence ISS Corporate Solutions No https://www.isscorporatesolutions.com/solutions/security-suite/ Risk Ratings/Intelligence Interos No https://www.interos.ai/ Risk Ratings/Intelligence Ionix previously Cyberpion No https://www.ionix.io/ Risk Ratings/Intelligence KHARON No https://www.kharon.com/ Risk Ratings/Intelligence Ncontracts Yes https://www.ncontracts.com/ Risk Ratings/Intelligence Orpheus Cyber No https://www.orpheus-cyber.com Risk Ratings/Intelligence Owlin No http://www.owlin.com Risk Ratings/Intelligence Panorays No https://www.panorays.com Risk Ratings/Intelligence RapidRatings Yes https://www.rapidratings.com/ Risk Ratings/Intelligence Recorded Future No https://www.recordedfuture.com Risk Ratings/Intelligence RiskRecon Yes https://www.riskrecon.com Risk Ratings/Intelligence Security Scorecard No https://www.securityscorecard.io Risk Ratings/Intelligence Supply Wisdom Yes https://www.supplywisdom.com/ Risk Ratings/Intelligence The Smart Cube, a WNS company No https://www.thesmartcube.com/solutions/procurement-supply-chain/supplier-risk-intelligence/ Risk Ratings/Intelligence UpGuard No https://www.upguard.com/ Risk Ratings/Intelligence Vendict No https://www.vendict.com/ TPRM Platform Aravo Yes https://www.aravo.com TPRM Platform Censinet No https://www.censinet.com TPRM Platform Clarity360 (Kroll) No https://www.krollclarity.com/ TPRM Platform Coverbase Yes https://coverbase.ai/ TPRM Platform Crossword Cybersecurity No https://www.crosswordcybersecurity.com/ TPRM Platform CyberGRX (now ProcessUnity) No https://www.cybergrx.com TPRM Platform DoubleCheck Software No http://www.doublechecksoftware.com TPRM Platform EthixBase360 (formerly EthixBase) No https://ethixbase360.com/ TPRM Platform Exiger Yes https://www.exiger.com/ TPRM Platform Gatekeeper No https://www.gatekeeperhq.com TPRM Platform GraphiteConnect No https://www.graphiteconnect.com/ TPRM Platform Lema Yes https://www.lema.ai/ TPRM Platform Mirato No https://mirato.com/ TPRM Platform OneTrust Yes https://www.onetrust.com TPRM Platform Prevalent No https://www.prevalent.net TPRM Platform ProcessBolt No https://www.processbolt.com TPRM Platform ProcessUnity Yes https://www.processunity.com TPRM Platform Protecht No https://www.protechtgroup.com/en-us/ TPRM Platform Risk Ledger No https://riskledger.com/ TPRM Platform S&P Global KY3P® No https://www.spglobal.com/marketintelligence/en/mi/products/ky3p.html TPRM Platform Smarsh (formerly Privva) No https://www.smarsh.com/platform/cybersecurity-risk-management/vendor-risk-management TPRM Platform Sphera (formerly RiskMethods) No https://sphera.com/supply-chain-risk-management/ TPRM Platform Start No https://www.startvrm.com/ TPRM Platform TDI Yes https://tdinternational.com/ TPRM Platform ThirdPartyTrust (a Bitsight company) No https://www.thirdpartytrust.com TPRM Platform TrustExchange No https://www.trustexchange.com TPRM Platform VISO TRUST Yes https://www.visotrust.com TPRM Platform Velocity No https://www.velocitysec.com/ TPRM Platform VendorRisk No https://www.vendorrisk.com TPRM Platform Vendorly No https://www.vendorly.com/ TPRM Platform Venminder Yes https://www.venminder.com TPRM Platform Whistic Yes https://www.whistic.com TPRM Platform myCYPR No https://www.mycypr.com/ TPRM Services BDO USA No https://www.bdo.com TPRM Services CORL Technologies No https://www.corltech.com TPRM Services Cadre No https://www.cadre.net TPRM Services CastleHill Risk No https://www.castlehillrisk.com TPRM Services Certificial, Inc. No http://www.certificial.com TPRM Services ComplyScore No https://www.complyscore.com TPRM Services Copeland BUHL No https://www.copelandbuhl.com/ TPRM Services Crowe Yes https://www.crowe.com/services/consulting/third-party-risk-management TPRM Services Defentrix No https://www.defentrix.com/ TPRM Services Dixon Hughes Goodman No https://www.dhg.com/services/advisory TPRM Services Evident ID No https://www.evidentid.com TPRM Services Global Resilience Federation (GRF) Yes https://www.grf.org/ TPRM Services Grant Thorton No https://www.grantthornton.com/services/advisory-services/cybersecurity-and-privacy/third-party-risk TPRM Services HITRUST No https://hitrustalliance.net/ TPRM Services RSM US Yes https://rsmus.com/ TPRM Services Schneider Downs No https://www.schneiderdowns.com/third-party-risk-management TPRM Services SecureCrest No https://www.securecrest.com TPRM Services Source Callé No https://www.sourcecalle.com TPRM Services TUV OpenSky No https://www.tuvopensky.com TPRM Services VIVIDedge No https://www.vivid-edge.com/ TPRM Services Vendor Centric No https://www.vendorcentric.com

< Back Trading Up From Tradeoffs: AI Driving Broader, Deeper Nth Party Cyber Risk Assessment April 10, 2024 2:00 - 2:50 PM Ahwatukee Type: Breakout Format: Presentation Track: Innov-AI-tion Slam Dunk (Innovation & Automation) The level of challenges that any given 3rd or Nth party partner presents always depends on the types of interaction a company has with those third parties: some we may only connect with; others we may share data with; still others we may recruit people from or partner closely with or even use their SaaS platform. Determining the scope and depth of assessments on the cyber risks of this complex ecosystem of Nth party cyber partners has, until now, inherently involved making trade-offs in deference to a company’s budgets and risk management resources. And as risk pros know, each trade-off has been fraught with its own risks and levels of exposure. Trade Offs: There’s so many partners, data and layers of interconnectivity and degrees of interaction that TPRM teams have been forced to narrow and lower the scope and depth of assessments in order to reduce the time and labor involved. But that approach is ignoring the larger issue of who can most impact us overall in the event that they’re breached. Adding to this pressure is a fundamental shift in C-suite expectations around TPRM. It was occasionally and mistakenly viewed as a “checking the box” compliance function, but today, we as risk managers are charged with identifying the risks and understanding and clearly communicating the possible impacts of those impacts. Enter AI. The use of AI lets us add efficiency and speed to widen both the scope to full population of 3rd parties and also identify and evaluate the parties with the greatest potential impact on risk. Ideally this evaluation is done continuously. This engaging session will explore specific processes for enabling better and more risk abatement through AI than solely manual processes could possibly enable, and identifying where invoking compensating controls are required with unprecedented precision. Previous Next Paul Valente | CEO & Co-Founder | VISO TRUST Paul Valente is the current CEO & Co-Founder of VISO Trust. He was also the former CISO and built successful security teams and programs at ASAPP, LendingClub, and Restoration Hardware. Paul's third-party risk management programs have been vetted by hundreds of Fortune 1000 companies and his teams have vetted thousands of third parties. ​ ​ ​ ​

THIRD PARTY RISK MADNESS Register About the Conference Speakers Sponsors Agenda Venue ABOUT THE CONFERENCE Game On! Are you ready to experience the most thrilling conference in the TPRM industry? Welcome to Third Party Risk Madness – where the electrifying energy of March Madness collides with the strategic prowess of professional business practices. This one-of-a-kind conference, hosted by the Third Party Risk Association , promises an action-packed event that will elevate your TPRM game to championship levels! Join us at Third Party Risk Madness – where basketball, business, and TPRM unite for an epic showdown of innovation and success. Get ready to dribble your way to victory in Phoenix, Arizona , on April 9-12, 2024 ! Early bird registration closes February 1, 2024 . Click here to secure your court-side seat and take advantage of exclusive offers. Hurry, space is limited, and you won't want to be left on the bench for this thrilling event. Registration Now Closed. The cost of your ticket includes access to all conference sessions (including keynotes, breakout sessions, roundtables, demos, and more), breakfast , lunch , and snacks throughout the day, and deluxe appetizers and two drink tickets during network events. Conference attendees will also receive a fun conference welcome bag and exclusive conference-themed t-shirt, plus all the free swag you could need! Level Up Your Strategies & Unleash Your TPRM Skills Just like in basketball, success in TPRM requires effective teamwork and tactics. At Third Party Risk Madness, industry leaders and experts will share their winning strategies, innovative approaches, and best practices. Discover how to navigate complex risks and ensure a slam-dunk performance in your TPRM program. Not only are TPRA conferences some of the most affordable in the industry, but they are an investment in yourself, your employees, and your program. Check out our "Why Attend " brochure to learn more and share with your team! ​ Star-Studded Speaker Lineup: Score Big Insights Prepare to be inspired by our lineup of MVP speakers who have conquered the TPRM court. From seasoned veterans to rookie rising stars, each speaker brings unique experiences and invaluable knowledge to the table. This conference will feature 4 speaking tracks with a whopping 60 sessions , including 35 breakout sessions , 3 keynotes , 16 roundtables , and 5 demo presentations from innovative TPRM Service Providers. You won't want to miss their game-changing insights and exclusive tips for staying ahead of the competition. ​ Fast-Break Networking: Form Winning Alliances Connect with an elite squad of TPRM professionals, just like assembling a dream team. Forge valuable connections during our 2 all-attendees networking events , halftime lunch mixers , private network events , and special outings . Exchange plays, collaborate on strategies, and lay the groundwork for future partnerships that will elevate your TPRM game to championship heights. ​ Shoot for Success: Tackle Real-World Challenges Engage in meaningful discussion, interactive roundtables, and hands-on presentations that highlight real-life TPRM scenarios. Huddle up with industry experts to brainstorm solutions for common challenges and gain practical takeaways you can implement back at your organization. It's time to make winning moves on and off the court. ​ Game Winning Conference Enhancements Attendees will have the option to purchase a professional HEADSHOT session at a highly discounted rate! Your session can be pre-ordered by selecting the $15 headshot ticket option when you register for your conference ticket. Pre-ordered sessions are guaranteed a photo session slot at the event (which you will be able to choose ahead of time). Headshots purchased at the event will be on a first come first serve basis. Headshots are an essential part of personal and professional branding. They help you establish a consistent and recognizable image and are often the first impression people have of you. A well-composed and professional headshot can convey professionalism and confidence. With this in mind, TPRA is bringing in a professional photography team with over 20 years of experience. They will work to expertly pose your shots and enhance your pictures with professional editing. You will also receive your edited headshots digitally the same day you take them! ​ Following this conference, attendees will return to their organizations with their game faces on, ready to take on third party risk any day of the week! April 9 - 12, 2024 | Sheraton Phoenix Downtown | Phoenix, Arizona About register Membership Offer 0 DAYS TO THE EVENT Third Party Risk Madness | TPRM Conference Apr 09, 2024, 3:00 PM MST Sheraton Phoenix Downtown Join us for TPRA's annual TPRM conference, "Third Party Risk Madness," April 9 - 12, 2024 in Phoenix, Arizona! Details SPEAKERS Apply to Speak View Full Agenda Kao Zi Chong Co-Founder & CTO | Coverbase SESSION TITLE: Data Governance in the Age of AI: Addressing Vendor Misuse and Protecting Your Assets Learn More Ram Vemula Product Management - Head of Partnerships | Safe Security SESSION TITLE: Let's Kill TPRM Learn More Henry Stanley Chief Product Officer | Fabrik (the team behind GenAITrust.com) SESSION TITLE: Full-Court Press: Defending Against Third Party AI Risk Learn More Rob West Managing Director, Risk Consulting | RSM US LLP SESSION TITLE: Regulation Court: Shooting for Compliance Success with Third-Party Players Learn More Vince Dasta Senior Partner - Risk Strategy | Safe Security SESSION TITLE: Let's Kill TPRM Learn More Courtney Turner Enterprise Third Party & Security Risk Engineering Manger | John Deere SESSION TITLE: Industry Roundtable: Retail & Manufacturing Learn More LOAD MORE Speakers SPONSORS Apply to Sponsor PREMIUM MVP | LEVEL 1 SHARP SHOOTER | LEVEL 2 POINT GUARD | LEVEL 3 ROOKIE | LEVEL 4 DRAFT EXTRAS Sponsors VENUE Sheraton Phoenix Downtown | 340 N 3rd St, Phoenix, AZ 85004 Reserve Your Room Conference Discount Ended March 11, 2024 Where better to host Third Party Risk Madness than the vibrant city of Phoenix, Arizona? Bask in the warm desert sun as you immerse yourself in the intense action of the conference. Explore the city's rich culture, stunning landscapes, and unbeatable hospitality – the perfect backdrop for an extraordinary TPRM experience. ​ Completely transformed, the Sheraton Phoenix Downtown has 31 floors hosting 1,003 stylishly transformed rooms and suites, which feature Sheraton Sweet Sleeper® Bedding, wireless internet, flat-screen TVs and thoughtful amenities including boutique Le Grand Bain bath products. Venue Exterior Venue Lobby Phoenix, Arizona Venue Exterior 1/38 AMENITIES ​ Located in the heart of Downtown Phoenix, minutes from popular attractions. Mobile check-in & check-out State-of-the-art Fitness Center featuring Techno Gym equipment Luxury Terrace Pool Intuitive Lobby featuring Soundproof Booths On-site Dining ​&More by Sheraton – Attendees can find breakfast, fresh pastries and their favorite hot beverages in the morning, then small plates, creative cocktails and local craft beers throughout the day. Carcara is a space curated to provide a resonating guest experience, from distinctive & inviting design to thoughtful menus. Grounded with a strong sense of place they celebrate local, indigenous & seasonal ingredients through native American and Sonoran-inspired cuisine with hand crafted cocktails. ADA Compliant Valet Parking ​ ACTIVITIES Down time can be as simple as relaxing in one of the venue's comfortable lounge chairs surrounding their lap pool area, have an impromptu break-out session around one of the signature gathering areas or simply take in all the action while meeting with colleagues in one of the studios in their reinvented hotel lobby. When "Third Party Risk Madness" attendees are ready to explore, the excitement is all waiting for them just beyond the doors: Catch a Diamondbacks game at Chase Field, just 5 minutes from the hotel. Root for the Phoenix Suns or enjoy concerts and live shows at Footprint Center. Attend an event at the Phoenix Convention Center, just 1 block from the hotel. Explore the museums, shops and restaurants of Historic Heritage Square. Learn about artists such as Rembrandt, Norman Rockwell, Annie Leibowitz and Monet at the Phoenix Art Museum. Venue TRANSPORTATION Phoenix Sky Harbor International Airport (PHX) Airport Phone: +1 602-273-3300 | Hotel direction: 3.8 miles E | PHX Website Shuttle service is not provided by the hotel to/from Phoenix Sky Harbor International Airport. Alternate transportation: Super Shuttle Express Taxi: $18 per way Light rail: $2 per person per way Group transfers: $25-40 per person per way, depending on vehicle Alternate transportation: Execucar (on request) ​ Driving Directions: From Phoenix Sky Harbor Airport:Get on I-10 W (1.1 mi) Follow I-10 W to N 7th St. Take exit 145A from I-10 W (3.0 mi), Continue on N 7th St. Drive to 3rd St. (1.0 mi) to 340 N 3rd St. IMG_7801 FullSizeRender IMG_9550 IMG_7801 1/11

< See All < Previous Next > Heather Kadavy, CERP, CBVM, CFSSP AVP Third Party Risk Management & Information Security Officer Union Bank and Trust Company Biography Heather Kadavy worked at Union Bank and Trust Company for nearly 34 years with a career focus on Operational Risk Management. As her Bank’s Board of Directors designee, she has managed and evolved several major programs including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Model Risk Management, and Enterprise Risk Management. She developed and implemented training programs for thousands of employees, had oversight of over a thousand third party relationships, due diligence reviews and contract management activities. Heather has been married for over 20 years to her husband, Patrick, and has a daughter and son both attending the University of Nebraska-Lincoln. In her spare time, Heather enjoys spending time with friends and family, volunteering, doing puzzles, and baking. She is an avid Vikings football and Lakers basketball fan. Leadership Challenges Heather persevered through a previously male dominated industry (e.g., Finance, Physical Security, Information Security, IT, Cyber Security, Business Recovery, and Third Party Risk Management) by addressing complex operational risk areas within an enterprise risk management framework by building one-on-one collaborative relationships with business owners and serving as their expert resource. When it comes to complex topics, Heather found that business unit priorities were typically sales and client-centric support-focused goals. Operational risk management frameworks, documentation, and practices were not part of individual training programs and were often silos with one individual. As an Operational Risk Management translator, educator, and collaborative partner, Heather found a niche that equated to success which allowed her to bypass old silo practices and allow for not only 'train the trainer,' but 'train their successors,' spreading the alignment and understanding of risk management vocabulary, framework, and practices which allowed for continual improvement. Key Takeaways Heather’s favorite part about TPRM is the collaboration that comes when working with teams and seeing the “ah ha” light come on when parties new to TPRM see the enterprise risk view of a third party relationship. Fun Fact Heather loves writing poetry and sends out a new poem each Christmas to over 500 friends and family members. Leadership Characteristics Relator-Responsibility-Restorative-Achiever-Activator Relator – Values one-on-one relationships and authenticity and contributes something unique to relationships. Responsibility – Has a deep sense of purpose and therefore loyalty and dedication and psychological ownership in success. Restorative – Multitasks and trouble shoots problems theoretically or on the fly; are ok that we are never done we are always transforming. Achiever – Self motivated with her own innate intensity. Activator – An action-oriented catalyst to move and improve. Read Heather's Blog: "Women Bring the Relationship-Oriented Collaboration to TPRM Which Evolves Overall Effectiveness" Leadership Challenges Heather persevered through a previously male dominated industry (e.g., Finance, Physical Security, Information Security, IT, Cyber Security, Business Recovery, and Third Party Risk Management) by addressing complex operational risk areas within an enterprise risk management framework by building one-on-one collaborative relationships with business owners and serving as their expert resource. When it comes to complex topics, Heather found that business unit priorities were typically sales and client-centric support-focused goals. Operational risk management frameworks, documentation, and practices were not part of individual training programs and were often silos with one individual. As an Operational Risk Management translator, educator, and collaborative partner, Heather found a niche that equated to success which allowed her to bypass old silo practices and allow for not only 'train the trainer,' but 'train their successors,' spreading the alignment and understanding of risk management vocabulary, framework, and practices which allowed for continual improvement. Key Take-a-ways "As Third Party Risk Practitioners, our approach to relationship-building and collaboration outweigh systems and platforms when assisting the first line of defense in understanding the “why” and “how” with their role in overall risk management," Heather noted. Heather’s favorite part about TPRM is the collaboration that comes when working with teams and seeing the “ah ha” light come on when parties new to TPRM see the enterprise risk view of a third party relationship. Fun Fact Heather loves writing poetry and sends out a new poem each Christmas to over 500 friends and family members.

< Back Next > Supply Wisdom Risk Ratings/Intelligence Advocate Member CONTACT INFORMATION Pete Curtis Head of Marketing Supply Wisdom marketing@supplywisdom.com Supply Wisdom transforms global business with comprehensive, predictive, real-time risk intelligence. Through continuous monitoring, comprehensive intelligence reports, and real-time alerts, Supply Wisdom speeds business growth, lowers costs, increases security and compliance, and unlocks revenue opportunities. Supply Wisdom’s full-stack AI-based SaaS products turn open-source data into risk intelligence and are the market’s only software to cover all risk domains in real-time: financial, cyber, operational, ESG, compliance, Nth party, and location-based risk. Supply Wisdom clients include Fortune 100 and Global 2000 firms in the financial services, insurance, healthcare, and technology sectors, including United Healthcare, BNY Mellon, and Bank of Ireland. Supply Wisdom values diversity with a global workforce that is currently 57% female. Contact Supply Wisdom today for a quick demo so you can see how our actionable approach can achieve great results for your company. For more information, visit our website and follow us on LinkedIn . TOP 10 PRODUCT FUNCTIONALITY CATEGORIES Full-spectrum supplier risk intelligence with coverage for the following risk domains: Financial Risk Cyber Risk SG Risk Compliance Risk Operations Risk Nth Parties Locations Accessible as real-time and continuous full-spectrum risk monitoring for suppliers and locations, comprehensive one-time risk reports, or instant risk scans. RESOURCES FROM THIS VENDOR MEMBER Weekly Update: Global Supply Chain Disruptions - The Tigray Conflict: A Humanitarian Crisis in Ethiopia SERVICE PROVIDER RESOURCE | October 30, 2023 Cascading Risks & Best Practices for Risk Mitigation SERVICE PROVIDER RESOURCE | September 11, 2023 EVENTS FROM THIS VENDOR MEMBER ADDITIONAL OPPORTUNITIES Previous Next

Our Team Dedication. Expertise. Passion. TPRA strives daily to promote the value that third party risk professionals and practitioners add to their organizations; educate community members and other relevant audiences on best practices in third party risk; research and disseminate information on third party risk tools and techniques; and build third party risk guidance as a community. But we couldn't do any of this without a great team. Which is why we promote a collaborative, flexible, and inclusive work culture. We value innovation and enjoy exploring new ideas. We have self-starting, mission-driven team members who aren't afraid to bring creative ideas to the table and have the passion and energy to drive those ideas to fruition. With that said, we put people at the center of everything we do and love to celebrate milestones and wins! As we continue to grow, we are always on the lookout for creative and passionate professionals who are always learning and teaching, while understanding the bigger picture. Julie Gaiaschi CEO & Co-Founder Julie Gaiaschi, CISA, CISM, is the CEO & Co-Founder of the Third Party Risk Association (TPRA). She has over 15 years of technology and information security risk experience, with the last 10 years specializing in third party risk identification and mitigation techniques. In her role as CEO, she provides strategic direction for the non-profit, whose mission it is to further the third party risk profession through knowledge sharing and networking. She also has a passion for helping others enhance their own third party risk management programs. In 2021, Julie was awarded "CEO of the Year " by Women in Governance, Risk, and Compliance. Prior to co-founding the TPRA, Julie consulted on third party risk for a large bank. She also developed and led a large health payer organization’s Third Party Security program. There, she established and executed the third party risk assessment process, which included integration into the Procurement process. Prior to her role as the leader over Third Party Security, Julie was a Senior IT Auditor. Julie resides in Iowa with her husband and two girls. She enjoys traveling and cooking. Heather Kadavy Senior Membership Success Coordinator Heather Kadavy joined the Third Party Risk Association (TPRA) in 2023 as the Senior Membership Success Coordinator. In recent year(s) Heather has been providing freelance TPRM consulting work to various organizations after retiring from a Nebraska financial institution after nearly 35 years where she oversaw and managed critical programs of the organization including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Financial Crimes, Model Risk Management, and Enterprise Risk Management. In her TPRM role she had oversight of over a thousand third party relationships, systems, due diligence reviews and contract management activities. She developed, facilitated, and implemented training programs for thousands of employees over the years. As well as has served in board of director or leadership team roles to facilitate local, regional and state-wide peer-partnerships meetings between financial institutions, law enforcement, and other industry, external audit & regulatory participants (e.g., the Institute of Internal Auditors, Great Plains Contingency Planners, FILE, FISA, etc.). Heather is a natural born connector of people and values relationship building at the cornerstone of her career. She encourages you to connect with TPRA and herself via LinkedIn to join in the "TPRM Global Conversation". Heather received her bachelor's in accounting from the University of Nebraska-Lincoln and has achieved numerous certifications over the years including the latest of Certified Enterprise Risk Professional (CERP), Certified Third Party Risk Management(CTPRM), and Certified Banking Vendor Manager (CBVM). Heather currently sits on the leadership team of Lincoln Women For Good (philanthropic non-profit) and the board of directors of the Lincoln Hygiene Network a program of Poverty Impact Network (a hygiene bank non-profit). She resides in Lincoln Nebraska along with her husband and two adult children. She enjoys spending time with her family & friends, volunteering, puzzles and baking. Meghan Schrader Senior Marketing & Communications Coordinator Meghan graduated Summa Cum Laude from Trine University in 2022 with a Bachelor of Arts in English and Communications. She was the 2022 Jannen School of Arts and Sciences Distinguished Student of the Year, the Trine University 2022 Robert B. Stewart Award Winner, and was awarded the Gold Key for outstanding academic performance. At Trine, she was the Director of Creative Design for the HAC Media Team and Editor-in-chief of the Writers' Block Literary Journal. She began working as an intern at TPRA in July of 2021 before officially joining the team in June of 2022. In her role as Marketing Coordinator, Meghan provides organization-wide marketing strategy in support of TPRA's mission to further the third party risk profession through knowledge sharing and networking. Meghan currently lives in Fort Wayne, Indiana with her boyfriend and their dog. She has a passion for reading and writing and hopes to one day see her novels-in-progress published.

2023 Virtual Conference | Operational Risk & Resilience Session Presentations Morning Keynote Considering Breach Data to Gain Budget Jay Bobo Founder | Breach Siren Download Presentation Breakout 1 Track 1 Dream Team Assemble: Combat Constraints with Collaboration Erin Reese Cybersecurity & Incident Response Manager | Wellmark BCBS Download Presentation Breakout 1 Track 2 Not Your Parent's TPRM: Best Practices for Taking Your Risk Program into the Future Loren Johnson Product Marketing Leader | Aravo Download Presentation Breakout 1 Track 3 The Supply Chain Minority Report: Heading Off Breaches and Ransomware Events Before They Impact Operations Jon Ehret Vice President of Customer Enablement | RiskRecon Download Presentation Breakout 2 Track 1 Third Party Financial Assessments: Using a Comprehensive Approach to Spot and Mitigate Problems Tom Rogers, Founder & CEO and Josh Angert, Manager of Technology & Client Services Vendor Centric Download Presentation Breakout 2 Track 2 Building Operational Resilience: A Framework and its Implementation Brian Katula Technical Project Manager | GRF Download Presentation Breakout 2 Track 3 Insurance Requirements Our Third Parties Should be Meeting Charmi Patel Head of Vendor Risk Management | Israel Discount Bank of NY Download Presentation Lunch Keynote Hacking Humans: Unlocking the Power of People Dustin Sachs Sr. Manager, Governance Risk and Compliance | World Fuel Services Download Presentation Breakout 3 Track 1 Beyond the Plan: Using third-party risk and performance monitoring to improve operational resilience Hilary Jewhurst Head of Third Party Education | Venminder Download Presentation Breakout 3 Track 2 Rhetoric to Reality: While it all sounds good, what can we really do? John Bree Chief Risk Officer | SupplyWisdom Download Presentation Breakout 3 Track 3 Digital Operational Resilience Act (DORA) Kim LaBarbiera Director & Counsel - Cybersecurity and Third Party Risk Management Group | American Express Download Presentation Breakout 4 Track 1 Beyond the Questionnaire: Tips to Modernize Your TPRM Program Ed Thomas Senior Vice President | ProcessUnity Download Presentation Breakout 4 Track 2 Expand Your Critical Skills While Incorporating Artificial Intelligence Tom Garrubba Echelon Cyber Download Presentation Breakout 4 Track 3 Operational Resilience & critical third-party supplier risk mitigation. Thomas Sutton Director of Global Accounts | NCC Group Download Presentation

< Back TPRM Tool Talk Demo: RiskRecon, A Mastercard Company April 10, 2024 2:00 - 2:50 PM Valley of the Sun D Type: Demo Track: TPRM Fundamentals (TPRM Essentials & Better Practices) During this demo, participants will gain valuable insights into a cutting-edge TPRM tool. Expert service provider presenters will showcase practical demonstrations of their TPRM solutions, providing attendees with a firsthand look at their features and functionalities. Previous Next Austin Starowicz | Director, Solutions Consultant – Mastercard Cyber & Intelligence Solutions | RiskRecon Austin has 17+ years experience in Cybersecurity and Information Technology fields. Roles Include: Director of IT, IT Manager Solutions / Sales Engineer ​ ​ ​ ​

< Main Page Previous Lunch 12:00 PM to 12:55 PM Next

< Back Industry Roundtable: Insurance April 11, 2024 1:00 - 1:50 PM Ahwatukee Type: Roundtable Format: Open Discussion Track: Innov-AI-tion Slam Dunk (Innovation & Automation) Embark on a focused exploration of Third-Party Risk Management (TPRM) within the intricate landscape of the insurance industry at our TPRM-specific Industry Roundtable: Insurance (Life, Health, Auto, etc). In this session, participants will delve into the nuanced challenges and strategic imperatives that TPRM professionals encounter in the diverse realms of life, health, auto, and other insurance sectors. Discussions will revolve around optimizing vendor risk assessments, ensuring compliance with industry-specific regulations, and fortifying resilience against evolving risks. Industry leaders will share insights into effective TPRM frameworks tailored to the insurance landscape, emphasizing risk mitigation strategies and fostering collaboration across the sector. This roundtable provides a targeted platform for TPRM practitioners in the insurance industry to share experiences, explore tailored solutions, and stay ahead of the curve. Join us for a comprehensive dialogue on TPRM intricacies within the insurance domain at our specialized Industry Roundtable. Previous Next Christopher Strazishar | Third Party Governance Program Manager | Corebridge Financial Christopher Strazishar is part of a small team in Third Party Governance at Corebridge Financial supporting the 1st Line Business and 2ndLine Third Party Risk Management team. He has spent his entire career in the Life and Retirement Insurance industry – the first 17 years building out Life New Business operations, vendor management teams, and an internal insurance agency; the past 5 years in Risk Management and Governance. Being from Wisconsin originally, Christopher received his BS in Business Administration from the University of Wisconsin-Green Bay and MBA from University of Wisconsin-Milwaukee. With his wife and teenage son, they have lived in Houston and now in Nashville. In his free time he volunteers with the Third Party Risk Association, helps with local church ministries, and is a member of the University of Tennessee-Knoxville Educational Advisory Board. ​ ​ ​ ​

Your CPEs Upload CPEs CPE credits you have claimed can be found here. Please keep in mind, TPRA will not upload CPE credits on your behalf. Please be sure to upload TPRA CPEs as you receive them. Last Updated: N/A Upload Date Training Date Training Title/Description Number of CPEs Loading...