Where risk management meets strategic advantage. Explore innovative solutions and breakthrough insights with your Connected Enterprise GRC across Cyber Risk, TPRM, MRM, EUC Management and IT Risk. Turn regulatory complexity into business opportunity.  

Who owns third-party risk? If your answer is “vendor management,” that’s the first blind spot. Fragmented workflows across legal, compliance, risk, and procurement let issues slip through the cracks—turning isolated gaps into organization-wide incidents. Cross-department collaboration isn’t optional; it’s the control.

In this session, legal and risk experts Liz Lugones and Madeline Reigh will explore how to break down silos between departments, build a unified strategy, and strengthen your organization’s ability to anticipate, manage, and respond to third-party threats.

Key Discussion Points:
- The ripple effect of risk: Why third-party incidents create consequences across legal, compliance, and business operations.
- Legal’s role in vendor risk: From contract enforcement to breach response, how legal is central to third-party governance.
- Breaking silos for better outcomes: Practical steps to align teams, improve visibility, and strengthen incident response.
- Technology as the connector: How automation and data-driven insights can bridge gaps across departments.

Beyond the Breach: Uniting Legal, Risk & Compliance Against Third-Party Threats

Interconnected risks are no longer just a concept - they're a daily reality.
From cybersecurity and compliance to third-party and operational threats, today’s organizations face a web of risks that don’t sit neatly in silos. Navigating this demands more than just isolated controls - it calls for strategic alignment, real-time visibility, and cross-functional collaboration.

Join Mitratech and ACI Worldwide for a live webinar exploring how leading companies are rethinking their risk strategies and using modern technology to connect the dots.

What You’ll Learn
- How overlapping risks are emerging across compliance, cyber, operational, and third-party domains
- Why managing risks in silos is no longer sustainable - and what to do instead
- Real-world examples of integrated risk strategies in action
- How to use technology and automation to break down barriers and drive smarter decisions
- Practical insights into building a unified risk culture across teams and regions

Discover how to build a smarter, more connected approach to managing today’s complex risk landscape.

Interconnected Risks: Moving from Concept to Action

Artificial intelligence is transforming the landscape of risk and compliance offering both extraordinary opportunities and unprecedented challenges. 

In this thought-provoking session, Laura Jacobus, Strategic Advisor in Integrated Risk Management at Mitratech, explores how compliance and risk leaders can harness AI responsibly to elevate their programs, streamline operations, and anticipate emerging regulatory expectations.

Drawing from her extensive experience leading corporate compliance functions and advising global enterprises, Laura discusses how AI is already reshaping policy management, investigations, monitoring, and reporting. She highlights real-world use cases where AI drives efficiency and insight  as well as common pitfalls organizations face when governance and oversight lag behind adoption.

Participants will gain practical guidance on:
- Establishing robust AI governance frameworks aligned with DOJ guidance and enterprise risk management principles.
- Assessing and mitigating third-party and vendor AI risks.
- Preparing for the evolving roles of Chief AI Officers and cross-functional oversight committees.
- Balancing innovation with privacy, ethics, and human oversight to ensure compliance integrity.

Whether you’re an AI enthusiast eager to modernize your compliance program or a cautious leader navigating the risks of automation, this session will equip you with strategies to lead confidently into the next era of compliance excellence.

The Future of AI for Compliance Champions

Artificial Intelligence (AI) has revolutionized how businesses get work done, offering enhanced efficiency and streamlined decision-making. However, AI usage in third-party relationships introduces a host of governance challenges, from ethical considerations and compliance risks to data security and accountability concerns.

Watch Michael Rasmussen, GRC Pundit and principal analyst at GRC 20/20, and Henry Umney, managing director of GRC strategy at Mitratech, as they delve into the complexities of managing AI within vendor ecosystems.

In this on-demand webinar, Michael and Henry:

Examine real-world case studies on the successes and pitfalls of AI governance in third-party contexts.
Navigate the regulatory landscape of AI in third-party engagements.
Review strategies for balancing innovation with ethical responsibility.
Identify best practices for establishing security, accountability, and transparency in AI-powered tools.

How to Govern the Use of AI in Third-Parties with Michael Rasmussen of GRC 2020

The Third-Party Risk Ecosystem is Under Pressure. Are You Positioned to Withstand It?

From regulatory upheaval to resource strain, third-party risk management (TPRM) is facing a watershed moment.

In this exclusive session in partnership with OCEG, GRC visionary Michael Rasmussen and Mitratech’s Henry Umney unpack the current state of the TPRM ecosystem - its pressures, imbalances, and opportunities through the lens of new research and deep industry experience.

Grounded in insights from Rebalancing the Risk Ecosystem: The 2025 Mitratech TPRM Study, this conversation dives into a risk environment where the canopy is expanding, but the roots remain undernourished.

What You’ll Learn:
- Why nearly 70% of TPRM programs remain understaffed, managing less than half their vendor base
- How increasing regulatory scrutiny is reshaping the role of compliance in third-party risk
- Where organizations are struggling with manual tools and fragmented oversight
- How AI adoption is gaining cautious momentum and what early adopters are doing differently
- What resilient TPRM looks like in 2025 and how to start rebalancing your own ecosystem

This is your chance to hear directly from two of the most respected voices in the space as they explore what’s next for organizations navigating a complex, evolving, and deeply interdependent risk environment.

The State of Third-Party Risk Management in 2025

In today’s unpredictable landscape, chaos is inevitable — but disruption doesn’t have to derail your business. "Getting Through the Chaos: Why Business Continuity Planning Matters" explores the critical steps organizations must take to stay resilient when incidents strike. From the first-hour response and role alignment to supply chain risks, vendor recovery, and crisis communications, our experts break down what it takes to keep operations running when it matters most.

Getting Through the Chaos: Why Business Continuity Planning Matters

As we move through 2025, organizations are navigating a rapidly changing landscape of technological advancements, regulatory updates, and evolving risks. Now is the time to evaluate how these developments are shaping third-party vendor and supplier risk management (TPRM) strategies.

Join TPRM experts Alastair Parr and Sophie Pothecary as they reflect on recent industry shifts and explore the trends driving TPRM programs throughout 2025.

In this webinar, Alastair and Sophie discuss:
- Regulatory Changes: Key regulations influencing third-party risk strategies and compliance requirements this year.
- Technology Integration: How AI and machine learning are transforming risk assessments and decision-making processes.
- Supply Chain Vulnerabilities: The latest impacts of global supply chain disruptions and strategies to mitigate related risks.
- Cybersecurity Landscape: Emerging cyber threats and their implications for third-party relationships and risk exposure.
- Best Practices for Adaptation: Actionable strategies for evolving risk management frameworks to meet today’s challenges and prepare for what’s ahead.

Third-Party Risk Management: What to Expect in 2025

In the time it takes to drink your morning coffee, discover how retailers across Europe and the UK can strengthen business continuity in the face of today’s most pressing threats. From cyberattacks and supply chain disruption to shifting consumer behaviors and regulatory pressures, resilience is becoming the new competitive advantage.


In this fast-paced episode, you will learn:

- Why continuity planning must go beyond traditional disaster recovery.
- The top modern threats facing EU/UK retail today.
- Practical steps to safeguard operations and customer trust.
- How to align continuity strategies with evolving EU and UK regulations.

The GRC Morning Coffee Show | Retail in Crisis: Building Continuity Planning in the Face of Modern Threats

As organizations rely on an increasingly complex network of vendors and suppliers, risks from third parties are also becoming more complicated. However, emerging artificial intelligence (AI)-related technologies offer new opportunities to streamline third-party risk management (TPRM) processes and keep pace with the constantly evolving risk landscape.

In this webinar, Michael Rasmussen, The GRC Pundit & Analyst at GRC 20/20 Research, dissects the top five ways you can leverage AI in your TPRM program.

Join Michael as he:

* Explores the impact of AI on TPRM processes
* Provides strategies to identify and mitigate risks with AI-driven analytics
* Examines how to streamline your existing program and free up valuable time
* Reveals how TPRM teams can use AI to address regulatory mandates
* Demonstrates how AI technology can ensure long-term TPRM sustainability

AI technologies offer unparalleled opportunities to manage a rapidly changing third-party risk landscape. Register for this webinar to learn how AI can benefit you.

How to Use AI in Third-Party Risk Management

In the time it takes to drink your morning coffee, discover why End-User Computing (EUC) from traditional spreadsheets to more modern technologies like Python remains one of the biggest hidden risks in global organizations. Explore why Digital transformation projects don't eliminate all EUCs and with AI adoption users can now create ever more complex EUCs and how renewed regulatory attention and posing significant compliance risks.

In this fast-paced episode, you will learn:
- Why EUC risks are resurging on the global risk agenda.
- The hidden dangers of unmanaged spreadsheets and user-built tools.
- How regulators are signaling closer scrutiny of EUC governance.
- Practical steps to bring transparency and control to your EUC environment.

Don’t miss this essential coffee break for risk leaders who need to regain control over hidden EUC risks.

The GRC Coffee Morning Show - Why EUC Is Relevant Now More Than Ever

The EU Digital Operational Resilience Act (DORA) introduced a new regulatory framework designed to strengthen the resilience of financial entities against ICT-related incidents and third-party risks. How prepared is your organization to address DORA requirements with the impending January 2025 compliance date?

Join our expert speakers, Gareth Stinton, Cyber Security Specialist, and Connor Conlan-Coke, Cyber Security Consultant at Toro Solutions, as well as Alastair Parr, SVP of Global Products & Services at Prevalent, as they delve into the third-party risk management intricacies of DORA and offer actionable strategies to ensure compliance and safeguard your organization against ICT risks.

In this webinar, our experts share:
- A comprehensive roadmap to achieving and maintaining compliance with DORA, highlighting key requirements and timelines.
- Best practices for identifying, assessing, and managing risks associated with third-party vendors and service providers.
- Insights into the evolving ICT threat landscape and how to defend against them.
- Real-world case studies showcasing successful DORA TPRM strategies.

A well-structured TPRM program puts your organization on a path to DORA compliance. Don't miss this opportunity to stay ahead of emerging threats and regulatory requirements.

Navigating DORA and TPRM: Ensuring Compliance and Operational Resilience

In the time it takes to drink your morning coffee, discover how your financial institution may already be exposed to unmonitored AI - and what you can do about it.

AI is rapidly spreading through vendor ecosystems in financial services, often without full visibility or oversight. From algorithmic trading partners to outsourced customer analytics, your third parties could be using AI in ways that increase your regulatory, operational, and reputational risk.

In this fast-paced episode, Henry Umney and Sam Lee break down:
- Where hidden AI risk lives in your vendor ecosystem
- Why traditional third-party due diligence and model risk reviews are falling behind
- What the SEC, EU, and UK regulators expect on AI accountability
- How leading firms are starting to map and govern AI exposure across their supply chain

If you touch TPRM, model risk, compliance, or enterprise risk in financial services, this episode delivers focused insight and clear next steps - no fluff.

The GRC Coffee Morning Show - Unknown AI, Known Risk: Managing AI Exposure in the Financial Services Vendor Ecosystem

The EU's NIS2 Directive introduces new cyber security requirements to enhance the resilience of critical sectors against growing cyber threats.

Join Toro Solutions and Mitratech risk and compliance experts as they explore the key provisions of NIS2, focusing on risk assessment, incident reporting, and third-party risk management requirements.

In this webinar, our experts share: 
- The key essential requirements of NIS2 and the practical steps your organization can take to meet them.
- Best practices for managing cyber security risks and securing supply chains
- Insights into the evolving cyber threat landscape and how to protect your organization

Mastering Third-Party Risk Management Compliance Requirements in NIS2

AI has transformed how organizations conduct their work. But for every improvement in productivity that AI delivers comes risk - data security, transparency, bias and more. How can organisations understand the types of risk exposures arising from AI and its growing and pervasive application across industries?

In this webinar, risk management experts from 3VRM and Mitratech will examine how to ensure your third parties have the proper controls over their usage of AI. 

The webinar will:
- Identify tools to integrate AI as a risk domain.
- Review the impact of the EU AI Act and other AI-related legislation in determine third-party preparedness.
- Examine the roles involved in managing AI risk: Who owns AI risk, who is responsible for managing it.

Clarify oversight and risk management mechanisms required to ensure AI governance.

This webinar will deliver the guidance and best practices necessary to ensure third party AI usage aligns with your organization's governance standards.

How to Manage the Rise of AI in Third-Party Risk Management

As organizations wake up to the looming threats posed by third-party entities, security and risk management teams are beginning to realize that a truly effective third-party risk management (TPRM) program requires more than just fancy tech - it hinges on seamless internal communication and bulletproof processes. Yet, for most organizations, the conversation still often starts with tech.

Join Eric Brown, CISO at Cytokinetics, for a lively Q&A-style webinar as he examines the key steps in transforming TPRM into a business conversation easily understood across the enterprise.

Eric in this session:

- Explains how he creates awareness of third-party risks throughout the organization, including quantifying the potential impact of an incident to operations

- Diagrams key processes and program mechanics, including attributes used for vendor and supplier profiling and tiering, risk dispositioning, and escalation

- Discusses how to maintain ongoing engagement with the board, compliance, legal, and other executive teams by transforming third-party risk into a business conversation

Whether establishing a new TPRM practice or maturing an existing program, this webinar will help you think about the non-technical attributes of a well-managed program.

CISO Interview: How to Build a Business Case for TPRM

Organizations are rapidly increasing their use of artificial intelligence (AI) to strengthen third-party risk management (TPRM). AI offers powerful capabilities to enhance efficiency, drive innovation, and automate risk assessments. However, concerns remain about whether AI-driven assessments provide sufficient due diligence and depth in evaluating third-party risks.

Join TPRM experts from TBDCyber & Mitratech as they discuss the fear, optimism, and realities of integrating AI into risk management programs.
 
This webinar will:
- Explore the history and evolution of third-party risk management
- Discuss how AI can improve efficiency without impacting the quality of your TPRM program
- Consider how various security frameworks alongside AI capabilities can help you meet compliance requirements
- Identify best practices for establishing security, accountability, and transparency in AI-powered tools

AI and Governance in Third-Party Risk Management: Balancing Efficiency, Innovation and Compliance

The Shared Assessments Standard Information Gathering (SIG) questionnaire is a key component in many companies' vendor risk management programs, serving as an industry benchmark for assessing third-party controls across 21 risk domains in four key control areas, including Governance & Risk Management, Information Protection, IT Operations & Business Resilience, and Security Incident & Threat Management. Now that the 2025 update is available, what do you need to know?

In this webinar, compliance experts Thomas Humphreys and Sophie Pothecary review key changes and updates to the SIG 2025 questionnaire and share how to leverage new mappings to standards and regulations such as NIST CSF 2.0, NIS2, DORA, and more.

Join Thomas and Sophie as they:
- Introduce the SIG questionnaire and its risk domains.
- Review the top changes and how it compares to 2024.
- Demonstrate how to maximize its value for third-party risk management.
- Recommend steps your TPRM team should take now.

Third-Party Risk Assessments: Updates to SIG 2025

The AICPA SOC 2 has become an industry-standard framework that third-party vendors and suppliers can use to supplement a risk assessment. So, how do you interpret and mitigate risks identified in a vendor SOC 2 report in a way that's consistent with your third-party risk management (TPRM) program?

In this webinar, Bob Wilkinson, CEO of Cyber Marathon Solutions and former CISO at Citigroup, explores the intersection of SOC 2 and TPRM, focusing on how to align SOC 2 audits with your program.

Join Bob as he examines:

- The "when" and "why" for using a SOC 2 report as part of a risk assessment.
- Best practices for mapping SOC 2 controls into common vendor risk and security frameworks.
- Tools and techniques for effective vendor risk assessment and monitoring.

SOC2 Best Practices

Although the AICPA SOC 2 report has become a go-to for third-party vendors and suppliers to submit as a risk assessment, the reports themselves can be complex, time-consuming, and confusing. So, what do you need to know?

Join compliance experts Thomas Humphreys and Sophie Pothecary in this interactive session as they answer the top questions we've received surrounding SOC 2 and third-party risk management (TPRM).

In this webinar, Thomas and Sophic will answer:
- Who is required to have a SOC 2 report?
- How do you know the SOC 2 report includes the scope relevant to your TPRM program?
- Are there any drawback to using a SOC 2 report?
...and more!

SOC 2 & TPRM: Your Questions Answered

SOC 2

The AICPA SOC 2 report has become a go-to standard for organizations to assess their IT controls that vendors can submit as a risk assessment. At the same time, interpreting the reports can be complex, time-consuming, and inconsistent with how other vendors are assessed. So, can you simplify the process of analyzing SOC 2 reports – and break them down into consistent and actionable metrics?

Join compliance experts Sophie Pothecary and Thomas Humphreys as they explore how to use SOC 2 reports in your third-party risk management (TPRM) program and discuss strategies to analyze and leverage the reports to measure your program's success.

In this interactive webinar, Sophie and Thomas will:
- Deconstruct a typical SOC 2 report
- How to map SOC 2 report control exceptions into risks in a common vendor risk and security framework
- Examine ways to translate this framework into actionable key performance indicators (KPIs) and key risk indicators (KRIs)

With more third-party vendors and suppliers providing SOC 2 reports in place of complete risk assessments, this webinar will help you understand how to use these reports in your TPRM program effectively.

SOC 2 Reports to Create TPRM KPI & KRIs

Risk Management

TPRM

Third Party Risk Management

Vendor Risk

SOC2

AICPA SOC 2

IT controls

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

SOC 2 Reports to Create TPRM KPI & KRIs

Presented by

About this talk

Mitratech Risk & Resilience