On Demand Events

Missed a recent webinar or Member Forum Call? Catch our previous virtual sessions here. We now offer CPEs from most of our on-demand offerings. To earn CPEs, please submit your information and codes in the form linked below. Note: our on-demand recordings work best when viewed in the Chrome browser.

RECEIVE CPES Contact Us

All On-demand Events

Webinar

Top 5 Tips to Scale Your Third-Party Security Risk Program

The “cloud-first” strategy at many companies today translates into an ever-increasing number of third-parties, and even greater number of risks. While cybersecurity technology is better than ever, in a world where so much of every business operation is outsourced, your third-parties’ attack surface is your attack surface -- and your existing cyber stack may not help you. This webinar will explore the top 5 tips to effectively scale a third-party cyber risk management program in order to manage the mounting number of third-parties
Speakers:
  • Colleen Milazzo
    SVP of Third Party Risk Software Products, Shared Assessments
    Colleen leads the TPRM software team in the development of software products/tools for third party-risk assurance. Colleen has over 20 years of experience within the financial services industry and consulting. She has led programs associated with risk management, procurement/contract negotiation, mergers and acquisitions, and business process reengineering. She has regulatory and global experience executing portfolios to meet the corporate strategy.
    View full bio
  • Dov Goldman
    Director of Risk and Compliance, Panorays
    Dov has years of experience in the third-party risk and compliance field, as well as a long history as a serial entrepreneur, software and network engineer. Dov focuses on the evolving best practices and industry standards in third-party management and regulatory compliance. Previously, Dov was VP of innovation at Opus, director of product marketing at Navigant, and founder and CEO of Cognet Corp and Dynalog Technologies. Dov has spoken at industry events around the world and has been quoted in numerous industry press articles, as well as The Wall Street Journal, about information security and privacy.
    View full bio
Register to Watch

Member Forums

Shared Assessments Update

In this member forum call, we'll look back at 2022, and into what 2023 holds for Shared Assessments members and committees. We'll cover 2022 highlights, and move onto 2023 goals, plans, targets, and newly proposed risk domains.
Speakers:
  • Andrew Moyad
    CEO, Shared Assessments
    Andrew is an accomplished leader and trailblazer in third party risk management. As a practitioner and a senior risk management executive, he has driven a culture of accountability and diligence in safeguarding information. Andrew has more than 25 years in risk management and information security. He has contributed greatly to the transformation and advancement of risk management as a strategic function that intersects with and helps guide all aspects of organizations.
    View full bio
Become a Member to Watch

Webinar

Diverging Paths in ESG Regulation?

We’ll discuss:

  • • Why ESG matters to third party (and Nth party) risk management
  • • EU and German Supply Chain Due Diligence Regulations (environment and human rights) and what sets them apart from other ESG regulations
  • • Newly approved EU Corporate Sustainability Reporting Regulation and SEC Climate Reporting proposal
  • • ESG and the U.S. 2024 election’s impact on regulations
  • • ESG Standards consolidation – ISSB
  • • Proposed New York State Department of Financial Service Guidance for New York State Regulated Banking and Mortgage Institutions Relating to Management of Material Financial Risks from Climate Change and existing Insurance industry guidance
  • • Bank of England observations on climate related risks

And more!

Speakers:
  • Gary Roboff
    Senior Advisor, Shared Assessments
    Gary Roboff is a Senior Advisor to Shared Assessments where he focuses on payments, risk management, mobile financial services, and information management. Gary has almost four decades of experience in financial services planning and management, including 25 years at JP Morgan Chase where he retired as Senior Vice President of Electronic Commerce. Gary has worked extensively in electronic payments, payments fraud, third party risk management, privacy, and information utilization, as well as business frameworks and standards for electronic commerce applications.
    View full bio
  • Colleen Milazzo
    SVP of Third Party Risk Software Products, Shared Assessments
    Colleen leads the TPRM software team in the development of software products/tools for third party-risk assurance. Colleen has over 20 years of experience within the financial services industry and consulting. She has led programs associated with risk management, procurement/contract negotiation, mergers and acquisitions, and business process reengineering. She has regulatory and global experience executing portfolios to meet the corporate strategy.
    View full bio
Register to Watch

Webinar

Determining the Risk of Critical Third Parties

Leveraging third parties can lead to significant efficiencies, but it is not without risk. This session will explore criteria used to establish inherent risk and provide approaches for assessing a critical third-party relationship.

Panelists will share the results of a recent Shared Assessments Critical Third-Party Survey covering TPRM processes including: Risk Tiering Techniques; Inherent Risk Criteria; Critical Third Party Criteria; Number of Critical Third Parties and Assessment Timeframe Approvals. Additionally, panelists will highlight work being done by Shared Assessments members on an Inherent Risk Product.

Note: You can review our Corporate Due Diligence blog and download our responses to regulation enhancements requested by:

  • • Prudential Regulatory Authority - Operational Resilience: Critical Third Parties to the UK Financial Sector;
  • • NYS- Department of Financial Services - Cybersecurity Requirements;
  • • Security Exchange Commission - Rule on Outsourcing by Investment Advisors
Speakers:
  • Charlie Miller
    Senior Advisor, Shared Assessments
    Charlie Miller is a frequent speaker and a recognized expert in third-party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.
    View full bio
  • Colleen Milazzo
    SVP of Third Party Risk Software Products, Shared Assessments
    Colleen leads the TPRM software team in the development of software products/tools for third party-risk assurance. Colleen has over 20 years of experience within the financial services industry and consulting. She has led programs associated with risk management, procurement/contract negotiation, mergers and acquisitions, and business process reengineering. She has regulatory and global experience executing portfolios to meet the corporate strategy.
    View full bio
  • Hannah Ford
    Risk Manager - Supply & Third Party Risk Intelligence, Supply Wisdom
    Hannah is a Certified Third Party Risk Professional with over a decade of experience in the field of risk analysis, management, and mitigation. As a manager on the Supply Wisdom Risk & Resilience team, she uses her experience as a practitioner and manager of risk assessment and mitigation processes to help her team optimize the future of active, continuous risk management.
    View full bio
Register to Watch

Member Forums

How to Operationalize the California Privacy Rights Acts Requirements

The California Privacy Rights Acts, (CPRA) which expands on the California Consumer Privacy Act (CCPA), went into effect on January 1 2023. This session will examine the top operational impacts and provide strategies on how to prioritize and address in concert with requirements from other key privacy regulation such as GDPR. This includes the new provisions for data security, data minimization and data retention as well as expanded rights for California residents.
Speakers:
  • Charlie Miller
    Senior Advisor, Shared Assessments
    Charlie Miller is a frequent speaker and a recognized expert in third-party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.
    View full bio
  • Evelyn deSouza
    Trust, Privacy and Compliance Leader, Oracle Fusion Cloud Applications
    Evelyn de Souza is head of privacy operations for the Oracle Cloud Applications LOB. She is focused on building in privacy versus bolting privacy on after the fact and harmonizing regulations to alleviate audit fatigue. She is a passionate speaker on data privacy who seeks to be an advocate for community banks and non profits in the wake of emerging privacy regulation. She has previously served as the Co-Chair of the Cloud Security Alliance Cloud Controls Matrix and the chair of the Data Governance Group and then more broadly as an advisor to the Cloud Security Alliance. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and Silicon Business Valley Journal's Woman of Influence in 2015 for her innovations in data security. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable". When not working, Evelyn is an accomplished classical pianist who enjoys performing in her community.
    View full bio
Become a Member to Watch

Webinar

Top 5 Ways to Make your Business More Resilient in 2023

A year marked by an increase in supply chain disruptions, 2022 left many organizations reeling in its aftermath. The New Year offers a chance for companies to prepare for a new wave of disruption and threats to business resiliency from economic headwinds, supply chain shortages, geopolitical events, and increased regulatory scrutiny.

This webinar will explore the top ways risk professionals can improve resiliency. Participants will learn practical ways to identify and manage threats posed by Nth Parties, understand and prepare for heightened ESG regulations, and identify cascading risk events that could signal a looming cyber-related disruption.

Speakers:
  • Jenna Wells
    Global Head Of Customer Experience, Supply Wisdom
    A Boston native, Jenna graduated from Purdue University as a Distinguished Military Graduate. Upon graduation she was commissioned as an Officer in the United States Marine Corps and went on to serve on active duty as a Signals and Ground Electronic Intelligence Officer. Jenna trained at the Navy and Marine Corps Intelligence Training Center at Dam Neck, Virginia and at the National Security Agency in Baltimore, Maryland before deploying to Afghanistan in support of Operation Enduring Freedom. After transitioning from active duty, Jenna joined Wellington Management, where she was an AVP, Manager, Third Party Risk Management. While at Wellington, Jenna oversaw a 24/7 Global Command Center and managed their global risk command and third-party assessment process. Jenna then joined Iron Mountain as their Director of Third-Party Risk Management, where she was responsible for overseeing the implementation, regulation, and global management of their third-party ecosystem, which is across 50 plus countries.

    Jenna manages the Customer Success and Risk & Resilience teams at Supply Wisdom and is a Certified Third-Party Risk Professional.

    View full bio
  • Tom Garrubba
    Director, TPRM Professional Services, Echelon Risk + Cyber
    Tom Garrubba is an internationally recognized subject matter expert, lecturer, writer, and blogger on third-party risk, and is the head instructor for the Certified Third-Party Risk Professional (CTPRP) certification program. He is a contributor to Future of Sourcing, blogged for the Huffington Post’s Business section, and for Government Health IT, ISACA, Risk.net, and numerous eGRC websites.
    View full bio
Register to Watch

Webinar

Best Practices for Effective Third-Party Security Risk Management

InfoSec, IT risk and digital supply chain management professionals know the key to minimizing the risk of third-party breaches: implementing a comprehensive and efficient third-party security risk management (TPRSM) process. This webinar will explore the challenges surrounding third-party security and provide steps for efficient and effective TPSRM.

This session will cover:

    • Why third-party information security is more challenging now than before
    • Essentials in the third-party security risk management process and what common gaps
    • Guidance for CISOs to ensure third parties comply with regulatory requirements
    • Automation of third-party security (Is it possible to assess a third party’s attack surface with an automated platform?)
    • Communication with vendors to remediate cyber gaps
    • Onboarding new suppliers securely
Speakers:
  • Andrew Moyad
    CEO, Shared Assessments, Shared Assessments
    Andrew is an accomplished leader and trailblazer in third party risk management. As a practitioner and a senior risk management executive, he has driven a culture of accountability and diligence in safeguarding information. Andrew has more than 25 years in risk management and information security. He has contributed greatly to the transformation and advancement of risk management as a strategic function that intersects with and helps guide all aspects of organizations.
    View full bio
  • Dov Goldman
    Director of Risk and Compliance, Panorays
    Dov has years of experience in the third-party risk and compliance field, as well as a long history as a serial entrepreneur, software and network engineer. Dov focuses on the evolving best practices and industry standards in third-party management and regulatory compliance. Previously, Dov was VP of innovation at Opus, director of product marketing at Navigant, and founder and CEO of Cognet Corp and Dynalog Technologies. Dov has spoken at industry events around the world and has been quoted in numerous industry press articles, as well as The Wall Street Journal, about information security and privacy.
    View full bio
Register to Watch

Member Forums

Third-Party Risk Briefing And 2023 TPRM Trends

Using current industry metrics and feedback from Shared Assessments members, Shared Assessments subject matter experts will discuss third party risk trends as we head into 2023.
Speakers:
  • Charlie Miller
    Senior Advisor, Shared Assessments
    Charlie Miller is a frequent speaker and a recognized expert in third-party risk. His key responsibilities include expanding the Shared Assessments Third-Party Risk Management membership-driven program, facilitating thought leadership, industry vertical strategy groups, continuous monitoring / operational technology working groups, and loT research studies.
    View full bio
  • Andrew Moyad
    CEO, Shared Assessments
    Andrew is an accomplished leader and trailblazer in third party risk management. As a practitioner and a senior risk management executive, he has driven a culture of accountability and diligence in safeguarding information. Andrew has more than 25 years in risk management and information security. He has contributed greatly to the transformation and advancement of risk management as a strategic function that intersects with and helps guide all aspects of organizations.
    View full bio
  • Colleen Milazzo
    SVP of Third Party Risk Software Products, Shared Assessments
    Colleen leads the TPRM software team in the development of software products/tools for third party-risk assurance. Colleen has over 20 years of experience within the financial services industry and consulting. She has led programs associated with risk management, procurement/contract negotiation, mergers and acquisitions, and business process reengineering. She has regulatory and global experience executing portfolios to meet the corporate strategy.
    View full bio
  • Gary Roboff
    Senior Advisor, Shared Assessments
    Gary Roboff is a Senior Advisor to Shared Assessments where he focuses on payments, risk management, mobile financial services, and information management. Gary has almost four decades of experience in financial services planning and management, including 25 years at JP Morgan Chase where he retired as Senior Vice President of Electronic Commerce. Gary has worked extensively in electronic payments, payments fraud, third party risk management, privacy, and information utilization, as well as business frameworks and standards for electronic commerce applications.
    View full bio
  • Nasser Fattah
    Senior Consultant, Shared Assessments
    Nasser has 20+ years as a Cybersecurity, Supply Chain, and IT leader. With a focus on customer-first and team-building approaches, Fattah is able to align programs to support company strategies, regulatory requirements, and growth initiatives. He drives cybersecurity, supply chain, and IT as enablers for enterprise-wide transformation initiatives. He partners with executives to identify and select strategic external partners to deliver essential IT and cybersecurity services to the business. Nasser worked with global parent companies and subsidiaries to establish technology standards to maximize investments and operations efficacy to best support business needs and growth. Nasser has a strong, consistent record working successfully with Business and IT executives, regulators, auditors, and risk partners. Nasser also teaches cybersecurity at several colleges and is the chair for North America Shared Assessments – an industry best practices for the supply chain.
    View full bio
Become a Member to Watch

Trainings

AI In Third-Party Risk Management: What Is AI? (Session #1)

Dive into the fundamentals of Artificial Intelligence in this engaging panel discussion. Our subject matter experts unravel the complexities of AI, exploring its origins, benefits and transformative potential in the world of Third Party Risk Management (TPRM). Whether you're a beginner or looking to deepen your understanding, this recorded session provides valuable insights into the technology shaping our future. To earn CPE credit, please fill out this form and use code: GZEEDQ.

Additional Resources:
- Shared Assessments
- EU AI Act
- NIST AI Risk Management Framework
- MIT AI Risk Repository
- MITRE ATLAS
- OWASP Top 10 Guide
Register to Watch

Trainings

AI In Third-Party Risk Management: Managing AI Risks (Session #2)

Discover how organizations can address the risks posed by AI in third-party risk management (TPRM) in this thought-provoking panel discussion. Industry leaders discuss strategies for identifying, assessing, and mitigating AI-related risks, focusing on regulatory compliance and operational impacts. Learn about best practices for managing vendor relationships in an AI-driven landscape and gain actionable insights to strengthen your TPRM framework. To earn CPE credit, please fill out this form and use code: RTQWPN.

Additional Resources:
- Shared Assessments
- EU AI Act
- NIST AI Risk Management Framework
- MIT AI Risk Repository
- MITRE ATLAS
- OWASP Top 10 Guide
Register to Watch
1 6 7 8

About Us

Our Policies

Keep In Touch

Sign up to receive the latest information about upcoming events, releases, and offers for our risk management community.
© 2026 Shared Assessments LLC