Search Results

< Back From Benchwarmer to Baller: Advancing Your TPRM Program with Maturity Models and Self-Assessments April 10, 2024 10:00 - 10:50 AM Valley of the Sun D Type: Breakout Format: Presentation Track: TPRM Fundamentals (TPRM Essentials & Better Practices) Achieving third-party risk management (TPRM) program maturity requires discipline, strategic thinking, and the ability to think quickly and adapt to changing situations. If you're looking to improve your TPRM program maturity, but don't know what that means or how to measure it, then join us to level up your training. Our information-packed session will arm you with the skills you need to improve and mature your program. We'll explore various maturity models, teach you how to assess your program's strengths and opportunities through self-assessment, and share tips for moving your TPRM program practice to the next level, even when resources are limited. Get off the bench to become a TPRM baller and take on the program maturity game with confidence! Previous Next Hilary Jewhurst | Head of Third-Party Risk Education & Advocacy | Venminder Hilary leads the advancement and promotion of third-party risk management best practices and solutions through thought leadership, subject matter expertise, and support for Venminder’s customers, Marketing, Sales, and Third-Party Risk divisions. Hilary has served as a senior leader for over 20 years, working in operations management, and risk management roles, with an emphasis on third-party risk. Hilary successfully built, improved, and managed enterprise-wide third-party risk management frameworks and programs for leading financial services companies. She has designed and developed training materials, reference guides, desk-top procedures, job aids, checklists, and templates for a full spectrum of learning environments and learners as well as personally trained hundreds of third-party risk managers, vendor relationship managers, and vendors. ​ ​ ​ ​

< Back Industry Roundtable: Finance April 11, 2024 1:00 - 1:50 PM Valley of the Sun D Type: Roundtable Format: Open Discussion Track: TPRM Fundamentals (TPRM Essentials & Better Practices) Engage in a specialized discourse at our TPRM-focused Industry Roundtable: Financial, tailored for professionals navigating the intersection of Third-Party Risk Management (TPRM) within the financial sector. In this session, participants will deep-dive into the unique challenges and opportunities that financial institutions encounter in TPRM. Topics include vendor due diligence, regulatory compliance, and the evolving threat landscape specific to financial services. Industry leaders will share strategies for aligning TPRM practices with financial objectives, enhancing resilience against cyber threats, and ensuring compliance with stringent regulations. This roundtable provides a targeted platform for TPRM professionals in the financial industry to exchange insights, benchmark best practices, and foster collaborative solutions. Don't miss this opportunity to gain a nuanced understanding of TPRM within the financial sector and connect with peers facing similar challenges in our TPRM-specific Industry Roundtable: Financial. Previous Next Kim LaBarbiera | American Express Kim M. LaBarbiera is currently Director and Counsel for Third-Party Risk in the General Counsel’s Organization at American Express. At Amex she provides global legal support to business and legal colleagues related to third party risk including: strategy; training, third party lifecycle management; fin tech; bank vendor risk; compliance audit functions; regulatory requirements; cloud computing and lobbying. Prior to working at American Express, Kim held various legal, compliance and risk roles at: Goldman, Sachs, USAA, Lloyds Bank, and Société General among other global financial institutions. Kim holds a BA from Boston College, JD from Seton Hall Law School and LLM from Georgetown University. She is GDPR, CAMS, and CTPRP certified and has previously held equity and options principle licenses. Kim resides in Old Town Alexandria, VA with her husband Rob and her Chocolate Lab and two cats. ​ ​ ​ ​

< Back Building TPRM from Scratch April 10, 2024 3:10 - 4:00 PM Valley of the Sun D Type: Breakout Format: Presentation Track: TPRM Fundamentals (TPRM Essentials & Better Practices) In this session, we will discuss the changes organization should consider to be in line with new guidance. Previous Next Charmi Patel, CRVPM | Head of Vendor Risk Management | Israel Discount Bank of New York (IDBNY) Charmi began her vendor risk management career at Millennium Management LLC and then she transitioned to Federal Reserve Bank of New York. Over the last year as head of vendor risk management at IDBNY, Charmi oversees risk and operational efficiencies of the entire portfolio of vendors and all the process and procedures that entails for the vendor risk management. She has proven track record of implementing innovative and comprehensive vendor risk management program for the IDBNY. Charmi holds a Master degree in IT Project Management from Webster University, Florida. ​ ​ ​ ​

< See All < Previous Next > Merav Vered VP GRC & Strategic Intiatives Vendict Ltd. Biography Merav has 29 years of professional experience in Cybersecurity, focusing on developing security methodologies, regulation, consulting, and management of information security companies. In her experience, she has accompanied hundreds of organizations in certification audits for compliance with ISO Standards 27001, 27799, 27032, GDPR, and the Israeli Privacy Protection Law. This is both as the actual executor of the preparation and as the manager of the advisory team working in the field. Merav has vast experience in information security strategic consultancy to management in organizations, worldwide. In addition, she managed tech consulting areas, which included penetration tests and risk surveys. Merav's first role in the Information Security field was as Head of TPRM in one of the largest mobile companies in the country. "There were no best practices or methodologies back then, and I practically constructed them from scratch. I'm proud to say that 99% of these have become commonly used global best practices of TPRM." Leadership Characteristics Merav is always willing to listen, open to learning, keen to teach, and hungry to achieve. Leadership Challenges Merav's main leadership challenge was to locate the very precise team members who would strive to develop with similar professional concepts and personal aspirations as herself so that they could create an effective work engine, capable of leaving their mark. Key Take-a-ways "My favorite part of TPRM is the challenging moment in which I see the sudden change of expression in a CEO's eyes, when he/she realizes that TPRM is not a pain for the organization, but rather - a solution." Fun Fact In her spare time, Merav volunteers in various hospitals–in the Emergency Ward and the Children's Wards–where she can provide a mere smile or a comforting shoulder. To her surprise, many times these really make a world of difference to patients in pain, fear, and despair.

< Back Corporate Senior Third-Party Risk Analyst Apply Now AZ, CO, ID, MT, NV, UT, WA, or WY Job Type Full Time Organization Glacier Bancorp Application Deadline June 1, 2024 About the Role • Develop and implement enhancements to the overall TPRM Program, including updates to policies and procedures, utilizing the third-party risk management system for all phases of the third- party life cycle and ensuring compliance with applicable third-party regulations and current cyber-risk mitigation strategies. Lead program improvements to outline which third parties have access to our sensitive customer, employee, and bank information along with third- party access to our systems. Active participation in the development, maturation, and maintenance of the TPRM Program, including the TPRM policy, risk appetite, and related metrics. Implement improvements to the overall third-party risk management program, including program governance, policies, procedures, templates, technology, training, and communication. • Provide Program guidance for risk-based due diligence reviews that measure, monitor, and mitigate the risks associated with ongoing third-party and fourth-party relationships. Utilize the bank’s risk profile framework to assess the inherent risk of third parties and accurately risk-rate the third parties, paying particular attention to third-party risks such as operational, information security, cyber and compliance risk. Utilize software to capture, categorize and risk score vendors. Partner with Third Party Relationship Owners to facilitate the fulfillment of due diligence requirements. Review, analyze and effectively challenge provided due diligence information. Develop risk acceptance and issues escalation process including conducting training, ongoing monitoring, and tracking. Common review areas include disaster recovery and business continuity program, insurance protection, internal control reports (SSAE 18, SOC reports), service level agreements (SLA), and third-party financial performance. Escalate material issues and risks to third-party risk and enterprise risk management, and the appropriate corporate stakeholders, as necessary. • Manage the contract review process with business units and division staff to ensure contract language appropriately protects the bank's interest, reduces operational, legal and financial risk, and that required contract language is included and adhered to by both parties. Develop process for terminating contracts to ensure all customer, employee and bank information is recovered from the third-party. • Create and enhance useful monitoring reports for management and the board, including third-party inventories, dashboards, performance reports, issue tracking, risk acceptance, findings, etc. Present and communicate findings verbally to audiences at different levels of the bank, including senior management and the board. Identify risk-related issues needing escalation to management. • Keep abreast of all third-party management regulatory requirements and changes as well as industry best practice and enhance the program proactively. Ensure compliance with all regulations, policies, and procedures through continued maturation of the TPRM Program. Provide leadership for program changes to comply with the recently issued Interagency Guidance on TPRM. Work directly with bank regulators, auditors, consultants, and other outside individuals. Must comply with all company policies and procedures and all applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Must complete the assigned online training courses and achieve a passing score by due date. • Support the Enterprise Risk Management Department in other duties such as report creation, technical writing, regulatory reporting, researching emerging risk issues, etc. • Must comply with all company policies and procedures and all applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Must complete the assigned online training courses and achieve a passing score by due date. Requirements Lead and build programs with strong passion to continuously identify and execute improvement opportunities. The ability to collaborate, communicate, motivate, persuade, and influence stakeholders at all levels is a critical component of the position. Internal and external stakeholders include the board, executive management, business units, auditors, consultants, third parties and regulators. Provide leadership and subject matter expertise/training to all parties in support of compliance with the Third-Party Risk Management Program. Strong team player with the desire to partner across the organization and achieve results. Passion to continuously identify and execute improvement opportunities within the Enterprise Risk Management Department and across the organization to mitigate the risks to the customers, employees, and bank. Proven strong problem solving, analytical and technical skills to understand and identify business needs to develop, communicate, and execute solutions. Strong organizational skills, adaptability to frequently changing demands, and ability to appropriately prioritize numerous open projects. Excellent technical writing and oral communication skills with particular emphasis on being able to articulate complex topics in a manner digestible to a wide audience. Ability to provide constructive feedback and follow-up on their mitigation. Ability to read, comprehend, and evaluate detailed laws, regulations, policies, programs, and data with the ability to make a strong judgement call and summarize key points succinctly to audiences. Ability to read, interpret and effectively challenge contracts and agreements, as well as write professionally, clearly, and succinctly. Possess strong project management skills with the ability to design and execute innovative programs. Possess analytical/quantitative skills demonstrating the ability to handle, analyze, interpret and utilize data to solve complex problems. Self-starter with ability to take ownership and accountability of all roles and responsibilities. Employee must be capable of interacting calmly and professionally with a variety of people from diverse backgrounds at various levels within and outside of the organization. Employee must be capable of regular, reliable, and timely attendance. About the Company COMPANY OVERVIEW: We are a family of banks whose unique local presence reflects the communities we serve. We welcome the opportunity to grow and change as our customers and communities do the same. Read our story, learn about our banks, and experience life at Glacier Bancorp, Inc. all from our website. Check it out! We are an Equal Opportunity Employer and qualified applicants or employees will receive consideration for employment without regard to race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, mental or physical disability, genetic information, protected veteran status, or any other category protected by applicable federal, state or local laws. Glacier Bancorp, Inc. does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US. No Recruiters or unsolicited agency referrals please. COMPENSATION & BENEFITS: Starting salary is dependent upon relevant experience and may vary based on the geographic location of the position. We offer an extensive benefits package that includes, but is not limited to medical, dental, vision, and life insurance, a health savings account option, an Employee Assistance Program (EAP), a health rewards program, a 401(k) retirement savings plan, discounts on banking products and services, Paid Time Off (PTO) and holidays. Visit our website for more details! Apply Now < Prevous Next >

< Back Welcome & Kick-Off | Day 4 April 12, 2024 8:45 - 9:00 AM Valley of the Sun Ballroom ABC Type: Keynote Format: Presentation Track: Keynote Third Party Risk Association CEO & Co-founder, Julie Gaiaschi, would like to take a few minutes to welcome conference attendees and make morning announcements regarding the day's events. Previous Next Julie Gaiaschi | CEO & Co-founder | Third Party Risk Association Julie Gaiaschi, CISA, CISM, is the CEO & Co-Founder of the Third Party Risk Association (TPRA). She has over 14 years of technology and information security risk experience, with the last 10 years specializing in third party risk. In her role as CEO, she provides strategic direction for the non-profit, whose mission it is to further the third party risk profession through knowledge sharing and networking. She also has a passion for helping others enhance their own third party risk management programs. In 2021, Julie was awarded "CEO of the Year" by Women in Governance, Risk, and Compliance. Prior to co-founding the TPRA, Julie consulted on third party risk for a large bank. She also developed and led a large health payer organization’s Third Party Security program. There, she established and executed the third party risk assessment process, which included integration into the Procurement process. Prior to her role as the leader over Third Party Security, Julie was a Senior IT Auditor. ​ Julie resides in Iowa with her husband and two girls. She enjoys traveling and cooking. ​ ​ ​ ​

< Back Next > OneTrust TPRM Platform Partner Member CONTACT INFORMATION Jason Sabourin Senior Director, Third-Party Risk jsabourin@onetrust.com Want to learn more? Watch this video ! OneTrust is the trust intelligence cloud platform organizations use to transform trust from an abstract concept into a measurable competitive advantage. Organizations globally use OneTrust to enable the responsible use of data while protecting the privacy rights of individuals, implement and report on their cyber security program, make their social impact goals a reality, and create a speak up culture of trust. More than 14,000 customers use OneTrust’s technology, including half of the Global 2,000. OneTrust currently ranks #24 on the Forbes Cloud 100 list of top private cloud companies in the world and employs over 2,000 people in regions across North America, South America, Asia, Europe, and Australia. Learn more at OneTrust.com . TOP 10 PRODUCT FUNCTIONALITY CATEGORIES Risk Assessments and Mitigation Vendor Evaluation and Automated Onboarding Risk Analytics and Control Gaps Report on Thousands of Vendors Ongoing Monitoring and Risk Alerts Auto Inherent Risk Insights to Prioritize Vendors Built-in Cyber Risk & ESG Ratings Vendor Scorecards and Comparison Audit-Ready Reporting and Dashboards Automated Workflows to Increase Collaboration RESOURCES FROM THIS VENDOR MEMBER 4 top-of-mind challenges for CISOs in 2024 SERVICE PROVIDER RESOURCE | February 13, 2024 How to start a third-party risk management program: Get leadership buy-in SERVICE PROVIDER RESOURCE | September 11, 2023 InfoSec's guide to third-party risk management: Key considerations and best practices SERVICE PROVIDER RESOURCE | September 11, 2023 EVENTS FROM THIS VENDOR MEMBER Unlocking data as a strategic asset Webinar May 29, 2024 ADDITIONAL OPPORTUNITIES Previous Next

< Back Next > Global Resilience Federation (GRF) TPRM Services Strategic Partner: Advocate CONTACT INFORMATION Jason Beard jbeard@grf.org https://www.brcgrf.org Watch Video GRF builds, develops and connects security information sharing communities for mutual defense. GRF, with nearly 20 years of experience, is a nonprofit provider and hub for cyber, supply chain, physical and geopolitical threat intelligence exchange between information sharing and analysis centers (ISACs), organizations (ISAOs) and computer emergency readiness/response teams (CERTs) from many different sectors and regions around the world. GRF will help your industry develop or enhance a trusted sharing community, obtain actionable intelligence, and support you in emergencies. That’s the power of Global Resilience Federation. Global Resilience Federation is the evolution of 1998's U.S. Presidential Decision Directive 63 and 2003's Homeland Security Presidential Directive 7 which mandated that the public and private sectors share information about cyber and physical security threats and vulnerabilities to help protect critical infrastructure. GRF was launched in 2017 as a standalone company, from a former Financial Services Information Sharing and Analysis Center (FS-ISAC) division, to coordinate multi-industry sharing and stand-up new sharing communities to be incorporated into that voluntary sharing architecture. That effort has expanded beyond the United States and critical infrastructure to encompass global organizations, essential industries, and supply chains. GRF members span five continents, working to protect industries deemed critical by most world governments, and others that are essential to the global economy. As industry and threat actors both adapt, cross-sector sharing is a necessary progression in the security of our modern digital economy. Business Resilience Council (BRC) | Discount for TPRA Members The Business Resilience Council (BRC) is a nonprofit, multi-sector, collaborative defense community where members share actionable intelligence, security and resilience best practices and analyst-curated information to help reduce risk and negative impacts across all hazards – cyber, physical, geopolitical, terrorism, major weather events and more. Key working groups focus on operational resilience, disaster recovery, supply chain and third party risk, AI security, and cross-sector exercises. TPRA Members are eligible to receive 10% off the first year of dues to the BRC. Information was sent via email. If interested, please email us at info@tprassociation.org . TOP 10 PRODUCT FUNCTIONALITY CATEGORIES Topic-based working groups to collaborate with industry experts Cross-sector chatrooms for real-time collaboration and information sharing Information sharing portal All source and multi-sector alerts and reports Resilience focused analysis Event-driven Situational Awareness Dashboard Multi-sector Situational Awareness Reports Threat and resilience discussions and presentations Event-driven emergency member meetings Peer-to-peer collaboration and information exchange across the Global Resilience Federation ISAC/ISAO network Participation in exercises and development of the Operational Resilience Framework, security standards, and playbooks RESOURCES FROM THIS VENDOR MEMBER EVENTS FROM THIS VENDOR MEMBER 2024 GRF Summit on 3rd Party Risk and Security In-Person Conference November 12, 2024 ADDITIONAL OPPORTUNITIES Business Resilience Council (BRC) – 10% Off Dues DISCOUNT The Business Resilience Council (BRC) is a nonprofit, multi-sector, collaborative defense community where members share actionable intelligence, security and resilience best practices and analyst-curated information to help reduce risk and negative impacts across all hazards – cyber, physical, geopolitical, terrorism, major weather events and more. Key working groups focus on operational resilience, disaster recovery, supply chain and third party risk, AI security, and cross-sector exercises. TPRA Members are eligible to receive 10% off the first year of dues to the BRC. Information was sent via email. If interested, please email us at info@tprassociation.org . Previous Next

< Main Page Previous Next Demo 2 Wednesday, April 24, 2024 at 4:00:00 PM UTC Track 2 Description 2 Speaker 2 TPRA kjjdshsvdf

< See All < Previous Next > Jill Czerwinski Managing Partner - Third Party Risk Services Crowe LLP Biography Jill has been with Crowe for over 20 years, and started the third party risk practice in 2009. She started her career in Cybersecurity, pivoting after seeing clients suffer a breach due to vendors despite strong internal security programs. Leadership Characteristics Jill's Meyers Briggs profile is an ISTJ - meaning she thrives on observing and analyzing facts. She has always been drawn to consulting because of the ability to independently observe many companies and synthesize their strengths and weaknesses. Third party risk plays to her strengths with even more company data points. Leadership Challenges Jill's primary challenge in leadership is slowing down. She sometimes moves too quickly through tasks without taking the opportunity to observe, ask, collaborate, and listen. She often focuses with relentless prioritization, asking what she can stop doing so she can do other things with more focus. Key Take-a-ways Jill enjoys Third Party Risk because of the opportunity to get a bird's-eye-view into a company's extended ecosystem. She notes: "If you think of your job as a questionnaire processor, you miss the opportunity to take a step back and see the strategy in all those tasks." Fun Fact Jill enjoys traveling with her husband and two children. They've been to about a dozen states so far, with a trip out West to the National Parks planned for next year.

< Back Next > TDI TPRM Platform Advocate Member CONTACT INFORMATION Tiffany King, J.D. Senior Director TDI king@tdinternational.com Watch Video TDI is a strategic advisory and risk intelligence firm that helps multinational organizations more effectively manage commercial, regulatory, and reputational risk. We deliver a decisive information advantage to our clients through advisory services, due diligence and investigations, and our flagship product, TDI Diligence Suite, which dramatically increases efficiency and provides clients with critical insights. TDI Diligence Suite is an enterprise, third-party onboarding and management SaaS system that is specifically designed to help you manage third-party risk. Our platform empowers businesses to unlock accuracy and efficiency with automated third-party onboarding, assessments, due diligence, approvals, and monitoring. TDIDiligence Suite also creates an auditable record of the entire process, provides valuable and easy-to-understand insight into your enterprise risk, and addresses data privacy requirements to provide a clear picture of your entire risk management process. TOP 10 PRODUCT FUNCTIONALITY CATEGORIES Third Party Risk Management and Onboarding End-to-End Workflow Management Configurable Risk Model / Risk Segmentation Nth Party Relationship Management Third Party Risk Screening & Monitoring (Sanctions, Watchlists, PEPs, Adverse Media) Programmatic Due Diligence Diligence Ordering Escalation to Enhanced Due Diligence and Investigations Additional Features for Specific Sectors: MedTech, Energy, Manufacturing, Private Equity Configurable to Client Needs RESOURCES FROM THIS VENDOR MEMBER EVENTS FROM THIS VENDOR MEMBER ADDITIONAL OPPORTUNITIES Previous Next

TPCRA Domains Elevate your expertise with the TPRA's Third Party Cyber Risk Assessor (TPCRA) Certification! Master the domains of: Cybersecurity and Third Party Risk Management Basics Pre-Contract Due Diligence Continuous Monitoring Physical Validation Disengagement Due Diligence Cloud Due Diligence Reporting and Analytics Practitioner Ethics. Gain comprehensive knowledge and practical skills to assess, manage, and mitigate cyber risks in third-party relationships. Be recognized as a trusted TPCRA-certified professional, equipped to make informed decisions and drive excellence in TPRM. Don't wait – apply now and become a leader in the ever-evolving landscape of third-party cyber risk! Certification Eligibility Criteria To be eligible for the TPCRA certification, you must have at least three years of experience in a full-time risk management/analyst and/or cybersecurity related role. Evidence of work experience must be submitted via the "TPCRA Work Experience Form" linked below. Substitutions may be obtained for up to one year of work experience. Substitutions may include, but are not limited to: 60 to 120 completed university semester credit undergraduate hours in an information security and/or information technology-related major. A master’s degree in information security or information technology from an accredited university. An active information security-related certification from an accredited institution. Examples include, but are not limited to, the CISSP, Security+, CRISK, CISA, CISM. Additional substitutions for work experience will be taken into consideration during the application process and reviewed/approved by the TPRA. In addition, you must sign and adhere to the Code of Practitioner Conduct (linked below). Deferred Achievement Option Should you wish to sit for the examination prior to meeting the minimum work experience requirement, you may do so if you will meet the requirement within the next 24 months. If you pass the examination, you will then receive your certification status once you meet and evidence the minimum work experience requirement, pending all other validation requirements have been achieved. Certification Pricing “Cybersecurity & Third Party Risk” by Gregory C. Rasner All Training and Training & Exam Bundles include a copy of the book. Alternatively, anyone is welcome to purchase the book separately – Purchase on Amazon Preparation & Training TPCRA Certification applicants may choose to purchase the book “Cybersecurity & Third Party Risk” by author Gregory C. Rasner to prepare for the examination. This book closely aligns with the TPRCA Certification examination domains. You may also choose to participate in optional TPCRA training, which includes a copy of the “Cybersecurity & Third Party Risk” book. Training provides you with 12 hours of in-depth discussion on the examination domains, hands on experience designing and performing cyber assessments, as well as opportunities to perform mock interviews and run through physical validation scenarios. Training is taught by a knowledgeable subject matter expert who has achieved the TPCRA Certification designation. Certification Training Schedule 2/26/2024 - 2/29/2024 @ 5 PM - 8 PM CT each day 5/20/2024 - 5/21/2024 @ 9 AM - 4 PM CT each day 8/26/2024 - 8/29/2024 @ 5 PM - 8 PM CT each day 11/6/2024 - 11/7/2024 @ 9 AM - 4 PM each day “Cybersecurity & Third Party Risk” – Book “Cybersecurity & Third Party Risk” by Gregory C. Rasner (OPTIONAL: Book is included in the cost of Training, or can be purchased separately) The secret is out: If you want to obtain protected data as a hacker, you do not attack a big company or organization that likely has good security. You go after a third party that more likely does not. Companies have created the equivalent of how to deter car thieves: Ensure that your car looks difficult enough to break into so that thieves move onto the automobile with its doors unlocked and keys in the ignition. When a burglar sees a car with a car alarm, they know that they can look, and eventually find, a target that isn't so well protected. Exploiting the weakest link is not new. A bank robber could go to the bank to steal money, but a softer target would likely be the courier service as they bring the money into and out of the bank. In this book you will find: An in-depth discussion on what risk is and how to assess cyber risk A step-by-step guide on how to create a cyber-focused third party risk management (TPRM) program without having to be a cyber or risk management expert Tips for create a more mature TPRM program that is more predictive and less reactive Details for ensuring your data is secure in a cloud environment and/or within your software supply chain. TPCRA Training Instructor Greg Rasner, CISSP, CIPM, ITIL, CCNA Author of "Cybersecurity & Third-Party Risk", SVP of Cyber Third Party Risk at Truist, Educator, and Frequent Keynote Speaker Gregory C. Rasner has worked as a cybersecurity and IT leader in Finance, Biotech, Technology and Software fields. He holds a BA from Claremont McKenna College along with certifications: CISSP, CCNA, CIPM, ITIL. He is the author of the book “Cybersecurity and Third Party Risk: Third Party Threat Hunting” published by Wiley, written several online articles for major publications, and is a frequent speaker at forums and conferences on related topics. He has five kids and a wife who is also a cybersecurity professional. Rasner was in the USMC and was co-chair for the Truist Veterans and First-Responders Business Resources Group. Greg created the cybersecurity program at Johnston Community College, is a board member on the Technology Advisory Board, and teaches there part-time at JCC. Fun for him is camping and traveling with his family. Examination Outline The examination is a 150-question, multiple choice assessment. Questions will include a variety of formats, such as scenario-based, true or false, and choose the best response. Time limit is 3 hours. The examination will be taken in-person at a PearsonVue tesing facility. PearsonVue offers over 5,000 test facilities worldwide and is ADA compliant. If you have a special request for an accomidation needed, please contact Julie Gaiaschi at julie@tprassociation.org. The examination is a closed book assessment that will be monitored via an assigned proctor. The examination will cover the following domains: Cybersecurity and Third Party Risk Management Basics Pre-Contract Due Diligence Continuous Monitoring Physical Validation Disengagement Due Diligence Cloud Due Diligence Reporting and Analytics Practitioner Ethics You must receive an 80% or higher score to pass the TPCRA examination. Examinations may be scheduled at a day/time that suits you via a PearsonVue location. Once the exam and/or training and exam bundle is purchased and approved by TPRA, you will receive an email with a link to register for your exam via the PearsonVue system. Following purchase, you have one (1) year to take your examination. Certification Renewal In order to maintain certification status, earners must participate in 40 hours of Continuing Professional Education (CPE). On an annual basis, certified individuals will be required to renew their certification and submit evidence of their CPE credits earned. A process is coming soon for submitting CPE evidence and renewing your Certification. Renewal Cost TPRA Standard, Vendor, & Non-Members: $100 TPRA Premium Practitioner Members: $85 Registration To register for the certification, please follow the below steps: Review the Code of Practitioner Conduct agreement. (You will be able to provide a signature noting your agreement to the Code of Conduct within the TPCRA Application form Complete and submit the TPCRA application using the links below. Please allow up to two weeks for your application to be reviewed. Submit your certification processing fee. Receive an email noting your application has been received, as well as next steps. Evidence your related full-time work experience and/or approved substitution alternative. Upload here. (The "TPCRA Work Experience Form", as well as the link to upload your form will also be noted within your application confirmation email.) You will receive email confirmation once your application is approved or if additional information is required. You do not need to have an "Approved" application before you sit for your exam. You do need to have an "Approved" application, as well as a passing grade on the examination, to receive the TPCRA designation. You will receive an email with links to register for your training and/or examination dates. Register Now! Back Third Party Risk Association's Third Party Cyber Risk Assessor (TPCRA) Certification The TPCRA Certification is a specialized qualification designation which will: Confirm your understanding & skill in the assessment of third party cyber security controls and processes. Validate your competency in the creation, execution, & management of third party cyber risk assessments. Authenticate & add credibility to your expertise as a third party cyber risk assessor. Evidence your proficiency with various cyber security & information technology assessment terms & techniques. The TPCRA Certification is foundational to achieving success as a third party risk management practitioner. Who the TPCRA is For The TPCRA is the standard of achievement for those who assess, monitor, and review third party cyber security and information technology controls, as well as identify and mitigate risk related to said controls. Such roles may include, but not be limited to: Third Party Risk Management Practitioners Procurement Specialist Vendor Managers Auditors Information Security Professionals Privacy or Compliance Specialists Legal Professionals ​ Click on the sections below to learn more! Register Now! Register TPCRA Certification FAQs Submit Work Experience Credly Digital Credentials " I thought the training was fantastic. I've been a TPRM practitioner for nearly 7 years now and still walked away with new knowledge and insight. I am so proud of the TPRA and honored to be a part of the board! " Nicole Makinney Product Owner, Third Party Risk | McKesson TPCRA Training Attendee