Agenda

    Workshops
    Apr,8 Apr,9
  • Monday
  • Tuesday
  • Summit
    Apr,10 Apr,11
  • Wednesday
  • Thursday
  • Certification
    Apr,12
  • Friday
  • Monday,April 8
    Workshops
    7:00 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 am – 5:00 pm
    Optimizing Your Third Party Risk Management Program Pre-Summit Workshop

    You have a third party risk management program but you’re not so sure as to how to optimize it. You are being asked by your Board of Directors and C-level management “How are we doing compared to (fill in company)?” With so much focus on the various challenges of third party risk assessment like assessments, continuous monitoring, partnering with organizations both internal and external, many organizations miss the critical process steps that must be in place for a successful and sustainable Third Party Risk Management Program (TPRMP).

    This workshop will cover the key elements of maintaining a sustainable and focused enterprise Third Party Risk Management Program, and provide more meaningful insight into how good a job organizations are doing in evaluating their own third party risk management processes. This will be done by previewing and discussion some of the results of the recently released 2018 Vendor Risk Management Maturity Study with this group. We will address such topics as: Policy, Process and Practices; Inventory, Contracts; Risk Tiering and Assessments; Ongoing Oversight and Monitoring; Technology Platforms; Regulatory Considerations; Issue tracking and Remediation; and Enterprise Program Metrics. Participants will engage in enhancing sustainable programs in response to different industry considerations and sharing solutions. This workshop will be useful to all TPR professionals regardless of industry vertical or regulatory requirements for a specific business.

    CPE CREDITS: 8 CPE credits can be earned for completion of this Workshop.

  • Tuesday,April 9
    Workshops
    7:00 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 am – 12:00 pm
    Toolkit Training: SIG Optimization Workshop

    Attendees will demonstrate they have mastered all aspects of utilizing the Shared Assessments Program Standardized Information Gathering (SIG) questionnaire, including the creation and use of a Master SIG; the scoping of a vendor assessment; utilization of the SIG Management Tool (SMT) and all its functionality. Additionally, attendees will demonstrate an understanding of utilizing documented best practices upon receiving a completed SIG and supporting artifacts within the due diligence processes of a third party risk governance program. Attendees will receive a Shared Assessments Program Toolkit Training Course Completion Certificate for the 2019 Tool Release.

    8:00 am – 12:00 pm
    Data Management and Third Party Risk Pre-Summit Workshop

    Good data management and hygiene are essential components of organizational performance, but the trend toward more outsourcing in today’s environment complicates a set of already challenging set of administration requirements. Customer data, sensitive proprietary organizational data, financial data and the data we use to manage third party risk all demand an increased level of practice maturity as the risk and regulatory environments evolve. This workshop will focus on new and emerging best practices for data access, data governance, data integration, data integrity, data confidentiality, data aggregation, data preparation, and data security. It will consider challenges associated with the increased use of external data in managing third party risk programs through continuous monitoring activities which often generate significant quantities of data. Upon analysis, only a subset of this data may be material and actionable in identifying potential risks. Join your colleagues for an important discussion of data management challenges and solutions.

    1:00 pm – 5:00 pm
    Toolkit Training: SCA Implementation Workshop

    Attendees will demonstrate a thorough understanding of the Shared Assessments Program Standardized Control Assessment (SCA) procedures risk control framework, sampling parameters and testing procedures. They will also have demonstrated the ability to use the SCA as a self-assessment tool to evaluate their own company’s risk control environment. Synergies between SIG scoping and SCA testing will be shared. Attendees will receive a Shared Assessments Program Toolkit Training Course Completion Certificate for the 2019 Tool Release.

    1:00 pm – 5:00 pm
    Cybersecurity and Continuous Monitoring Workshop

    This session will share best practices and techniques in the continuous third party risk monitoring ecosystem and will benefit those just starting their TPRM programs as well as those who are keen to focus their limited resources and enhance their programs. The session will offer best practices from leading experts and hands on exercises, which will focus on expectations, techniques and solutions being used to continuously monitor controls in cybersecurity, cyber hygiene, financial viability, negative news, geopolitical events and resiliency risk areas. As we move through an ever increasing risk and threat environment, we need to be considering continuous monitoring solutions, which provide an uninterrupted, real-time (or near real-time) risk management technique, and are designed to improve an organization’s awareness of changes to controls that could indicate potential weaknesses.

    CPE CREDITS: 4 CPE credits can be earned for completion of each of the 1/2 day Workshops.

  • Wednesday,April 10
    Summit
    7:30 am – 8:30 am
    Breakfast and Opening of Registration
    8:30 am – 9:00 am
    Welcome and Opening Remarks

    Catherine A. Allen, Chairman and CEO
    The Santa Fe Group

    9:00 am – 9:30 am
    Keynote Speaker: Perspective From a CISO Pioneer on Information Security Practices

    Steven Katz, Owner
    Security Risk Solutions, LLC

    9:30 am – 10:15 am
    What CISO’s are Facing Today and in the Future

    MODERATOR
    Joyce Brocaglia, President & CEO
    Alta Associates

    PANELISTS
    Steven Katz, Founder and President
    Security Risk Solutions, LLC

    Kevin Gowen, CISO
    Synovus Financial Corporation

    Devon Bryan, EVP and CISO
    The Federal Reserve System

    10:15 am – 10:45 am
    Exhibitor Networking Break
    10:45 am – 11:30 am
    Managing a New Area of Risk: Convergence of Operation Technology (OT) & Information Technology (IT)

    MODERATOR
    Atul Vashistha, Chairman and CEO
    Neo Group

    PANELISTS
    Gary Bruner, CIO
    El Paso Electric

    Sam Kassoumeh, Co-Founder and COO
    SecurityScorecard

    11:30 am – 12:00 pm
    Sponsored Case Study presented by BitSight

    Performing Third Party Risk Assessments in an Agile Culture

    Presenters
    Jake Olcott, Vice President
    BitSight Technologies

    Frank Roppelt, Sr. Manager, Security Policy and Vendor Risk
    TD Ameritrade

    12:00 pm – 12:45 pm
    Luncheon Buffet
    12:45 pm – 1:30 pm
    Reputational Risk and Crisis Communications in Third Party Risk

    MODERATOR
    Dan Chmielewski, Principal
    Madison Alexander PR, Inc.

    PANELISTS
    Davia Temin, President and CEO
    Temin Communications

    Tom Davis,
    Susan Davis International

    Jesse Bryan, CEO
    Belief Agency

    1:30 pm – 2:00 pm
    Innovation in Regulation

    Jo Ann Barefoot, CEO
    Barefoot Innovation Group

    2:00 pm – 2:45 pm
    Innovation in Regulation Panel Cybersecurity and Data Protection

    MODERATOR
    Renee Forney, Senior Director of Cyber Assurance
    Capital One

    PANELISTS
    Jo Ann Barefoot, CEO
    Barefoot Innovation Group

    Jing de Jong Chen, Senior Associate
    Center for Strategic and International Studies (retired former General Manager of Global Cybersecurity Microsoft Corporation)

    Patrick Kelly, Director for Critical Infrastructure Policy
    Office of the Comptroller of the Currency (OCC)

    2:45 pm – 3:15 pm
    Exhibitor Networking Break
    2:45 pm – 3:15 pm
    Solutions Showcases (1 of 2)

    Solutions Showcases: (Showcases will run from 2:50 – 3:10)

      Presented by: ProcessUnity – Diplomat Room 1st Floor

    3:15 pm – 3:45 pm
    Solutions Showcases (2 of 2)

    Solutions Showcases: (Showcases will run from 2:50 – 3:10)

      Presented by: Aravo – Ambassador Room 1st Floor

    3:15 pm – 4:00 pm
    AI, Robotics and Machine Learning: Impact on Third Party Risk

    MODERATOR
    Holly Dockery, Deputy VP International, Homeland, and Nuclear Security
    Sandia National Laboratories

    PANELISTS
    Neha Joshi, Director Security and Innovation
    Accenture Security

    Srinivas Mukkamala, CEO
    Risk Sense, Inc.

    Miguel Villareal, Founder and CEO
    Villa-Tech, Inc.

    4:00 pm – 5:00 pm
    Financial Technology (FinTech) Discussion

    MODERATOR
    Bob Maley Chief Security Officer
    NormShield, Inc.

    PANELIST
    Eric Piscini, CEO
    Citizens Reserve

    Bruce G. Schneider, Principal, Client Due Diligence & Third Party Risk
    Finastra

    Glen Sarvady, Managing Principal
    154 Advisors

    5:00 pm – 6:30 pm
    Networking Reception

    Plaza Ballroom – 2nd Floor

  • Thursday,April 11
    Summit
    7:30 am – 8:30 am
    Breakfast Buffet and Opening of Registration
    8:00 am – 8:30 am
    Breakfast Case Study-From GDPR to California Privacy: Managing Vendor Risk

    Kabir Barday, FIP, CIPP/E, CIPP/US, CIPM, CIPT
    Chief Executive Officer, OneTrust

    8:30 am – 9:00 am
    Keynote Speaker: Board Oversight of Disruptive Risks

    James Lam, President
    James Lam & Associates

    9:00 am – 9:45 am
    Risk Framework and Risk Appetite

    MODERATOR
    Brenda Ferraro, Senior Director – Networks
    Prevalent, Inc.

    PANELISTS
    Tammy Rambaldi, Director, Third Party Risk Management
    Johnson & Johnson

    Annie Searle, Lecturer
    University of Washington

    Jack Jones, Executive VP Research & Development, Co-Founder
    RiskLens, Inc / FAIR Institute

    9:45 am – 10:30 am
    A Global Risk Perspective: National Homeland Security views on Cybersecurity and Risk

    Congressman Lou Correa
    United States House of Representatives

    10:15 am – 11:00 am
    In Boards We Trust Examines How Boards are Looking at Risk

    MODERATORS
    Joe Prochaska, Board Member
    Synovus Financial Corporation

    PANELISTS
    Charles “Chuck” Yamarone, Board Chair, El Paso Electric Company;
    Chief Corporate Governance & Compliance Officer
    Houlihan Lokey

    Shamla Naidoo, Global CISO
    IBM Corporation

    11:00 am – 11:45 am
    Exhibitor Networking Break
    11:30 am – 12:00 pm
    Sponsored Case Study

    Sponsored Case Study presented by: NormShield, Inc.

    PRESENTERS
    Bob Maley Chief Security Officer
    NormShield, Inc.

    Shaun Khalfan, CISO
    Freddie Mac

    Candan Bolukbas, CTO
    NormShield, Inc.

    12:00 pm – 12:45 pm
    Luncheon Buffet
    12:45 pm – 1:30 pm
    Shared Assessments Program Update

    PRESENTERS
    Robin Slade, EVP and COO
    The Santa Fe Group, Shared Assessments Program

    Jonathan Dambrot
    Shared Assessments Advisory Board Member

    Emily Irving, VP of Third Party Risk
    BlackRock, Inc.
    2019 Shared Assessments Program Vice-Chair

    1:30 pm – 2:00 pm
    Global Risk: A CISO’s Perspective

    Shamla Naidoo, VP, IT Risk and CISO
    IBM Corporation

    2:00 pm – 2:45 pm
    Global Issues in Third Party Risk Management

    MODERATORS
    Linnea Solem, Founder and CEO
    Solem Risk Partners, LLC

    PANELISTS
    Matt Moog, Principal
    EY

    Kabir Barday, Founder and CEO
    OneTrust

    Jack Key, SVP, Chief Information Security Officer
    TSYS

    Abhijeet Karle, Senior Information Security Officer
    International Monetary Fund

    2:45 pm – 3:15 pm
    Solutions Showcases (1 of 2 Showcases)

    Showcases will run from 2:50 – 3:10
    Presented by: OneTrust – Diplomat Room 1st Floor

    2:15 pm – 2:45 pm
    Solutions Showcases (2 of 2 Showcases)

    Showcases will run from 2:50 – 3:10
    Presented by: SecurityScorecard – Ambassador Room 1st Floor

    3:15 pm – 4:00 pm
    Third Party Risk Research Update

    MODERATORS
    Gary Roboff, Senior Advisor
    The Santa Fe Group, Shared Assessments Program

    PANELISTS
    Paul Kooney, Managing Director
    Protiviti, Inc.

    Rocco Grillo
    Shared Assessments Steering Committtee Member

    Charlie Miller, Senior Advisor
    The Santa Fe Group, Shared Assessments Program

    Larry Ponemon, Chairman and Founder
    Ponemon Institute

    4:00 pm – 4:30 pm
    Closing Remarks

    Catherine A. Allen, Chairman and CEO
    The Santa Fe Group

    4:30 pm – 6:30 pm
    Closing Reception

     
    CPE Credits: 15.5 CPE Credits can be obtained by completion of the two day Summit
     

  • Friday,April 12
    Certification
    7:30 am – 8:00 am
    Breakfast and Opening of Registration
    8:00 am – 5:00 pm
    CTPRP Workshop

    The Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments Program validates that expertise, providing professional credibility, recognition and marketability. This workshop will examine best practice management of the vendor lifecycle, vendor risk identification and rating as well as knowledge of the fundamentals of vendor risk assessment, monitoring and management.

    *Note that this is for the CTPRP Workshop course only. The exam will be taken online on a TBD date.

    8:00 am – 6:00 pm
    CTPRA Workshop

    The Certified Third Party Risk Assessor (CTPRA) designation from the Shared Assessments Program validates knowledge within specific IT risk control domains that an individual will need in order to perform a thorough IT risk evaluation of a third party during an assessment.

    *Note that this is for the CTPRA Workshop course only. The exam will be taken online on a TBD date.

    CPE CREDITS: CPE Credits will be granted as follows:
    7 CPE Credits* will be offered for completion of the the Shared Assessments CTPRP workshop.

    10 CPE Credits* will be offered for completion of the the Shared Assessments CTPRA workshop. A sign-in sheet will be provided at each registration table. Please note that you must sign in each day to receive the credits.

    *In accordance with the standards of the National Registry of CPE sponsors, credits are based on a 50-minute hour.