Michelle is a Third-Party Risk Management (TPRM) and Outsourcing Manager at Santander Corporate and Investment Bank (SCIB) where she manages the maintenance of a comprehensive Third-Party Risk policy framework in accordance with the Bank’s Risk Appetite, wider Group and Regulatory requirements. She has 7+ years’ experience in defining and implementing robust TPRM governance framework to meet regulatory expectations.

Michelle’s career spans across a range of risk management disciplines, including BC, Crisis Management and Operational Controls. She made significant contribution in supporting the establishment of a firm wide TPRM framework for the newly formed Banco Santander S.A London Branch, and now leads programmes that support maturing of the framework.

Outside of work, Michelle enjoys gardening, and has a passion for empowering young people. She holds a first class in International Business from Middlesex University, London Campus.

Ros Aryee is recognised as a thought leader on Operational Resilience and Third-Party Risk Management. Coming from an Engineering background, she has over 20 years’ experience in defining and transforming governance frameworks to mitigate operational risks. Her career has spanned various financial organisations including the Bank of England, Lloyds Banking and Standard Chartered Bank where she has held senior management roles both locally and internationally across BCM, TPRM, IT SCM, Crisis Management, Operational Risk and Compliance.
In her current role, as an Executive Director at the Santander London branch, she heads up the TPRM & Outsourcing and Operational Resilience functions and is accountable for embedding a framework to meet both EU and UK regulatory expectations.
Ros is a Certified Third-Party Risk Professional and holds a BSc in Electrical and Electronic Engineering, and a post graduate diploma in BCM. Outside work she serves as a committee member on the City of London Police Advisory Group and on the steering board for the on the TPRM Shared Assessment PSC to support and provide thought leadership. She also works with local church groups in her community to mentor disadvantaged youth in the BAME Community.

Lukky Ahmed’s got more than a decade of international banking experience with leading institutions, covering risk management, regulatory change, stress testing and consultancy. Never one to shy away from the big problems, he went into the rabbit hole of understanding how climate change would impact the world’s financial stability.

Ros Aryee is recognised as a thought leader on Operational Resilience and Third-Party Risk Management. Coming from an Engineering background, she has over 20 years’ experience in defining and transforming governance frameworks to mitigate operational risks. Her career has spanned various financial organisations including the Bank of England, Lloyds Banking and Standard Chartered Bank where she has held senior management roles both locally and internationally across BCM, TPRM, IT SCM, Crisis Management, Operational Risk and Compliance.
In her current role, as an Executive Director at the Santander London branch, she heads up the TPRM & Outsourcing and Operational Resilience functions and is accountable for embedding a framework to meet both EU and UK regulatory expectations.
Ros is a Certified Third-Party Risk Professional and holds a BSc in Electrical and Electronic Engineering, and a post graduate diploma in BCM. Outside work she serves as a committee member on the City of London Police Advisory Group and on the steering board for the on the TPRM Shared Assessment PSC to support and provide thought leadership. She also works with local church groups in her community to mentor disadvantaged youth in the BAME Community.

Joe runs Procurement, Supplier Management and Supplier Risk for Metro Bank, having set up the team six years ago.  He has a broad range of previous experience across sectors including engineering, construction, consulting, education and design.

I obtained a degree in Law with the dream to bring change, drive innovation and argue my views. After completing law school, I realised that was certainly not the career for me. I signed up to an internship programme in New York and worked on the world’s largest trading floor – UBS Stamford Connecticut. This is where I found my passion for Banking. Following this I worked at Barclays, KPMG and joined HSBC 6 years ago. In these 6 years I have developed specialist knowledge in Vendor management, Third Party Risk and now focusing on building a Supplier Management framework for the Bank. The Supplier landscape is forever changing, but what interests me the most is how we can leverage our relationships to better advance our Sustainability goals. I am actively involving in a number of coaching and mentoring programmes as well as running a Diversity and Inclusion working group.

Biography coming soon.

Originally a big 4 cyber risk consultant Haydn experienced the day to issues that came with running a supply chain assurance programme. He found that current programmes actively caused clients and their suppliers’ headaches. These pain points led him to found Risk Ledger. Risk Ledger is a technology platform that combines a security governance platform with a secure social network. In the last couple of years, Risk Ledger has gone from strength to strength, receiving 2.1 million in seed funding, winning the Cyber Den/Most Innovative Cyber Company Award and being named as one of Forbes’ Tech Champions of 2022.

Matthew joined Direct Line Group in 2016 as Head of IT Third Party Oversight
where he oversees activities of the Third Party Assurance and PCI Compliance teams. Third Party Assurance focusses on ensuring the operational resilience and security  of DLG’s supply chain and the PCI Compliance team ensures DLG maintains daily compliance to PCI Data Security Standard and conducts the annual PCI DSS assessment.Previously Matthew was a Qualified Security Assessor at Gemserv Ltd, where, as Principal Consultant, he delivered Cyber Security consultancy and PCI assessments for merchants and service providers in a variety of industries.

An Alumni of De Monfort University & London Metropolitan University, Demond is a seasoned Third-Party Risk Management Lead as well as a specialist in Supplier Relationship Management. He has worked both in the Public and Private sectors gaining foundational experience at London Underground over a 17 year career. He has also worked for Deutsche Bank, HSBC and now with Barclays.

With over twenty years experience in procurement and supply chain within the Financial Services sector, Dan has successfully led the strategy, transformation and operation of third party risk management across three global banks in the last 14 years (Barclays, HSBC and Deutsche Bank). Now an advisory consultant on the topic, Dan continues to support both FS and non-FS clients with establishing sustainable solutions across both first and second lines of defence.

Mike is Head of UK&I Third Party Management at RSA Insurance. Joining in March 2017 to focus on identifying and unlocking global IT Procurement opportunities and increasing collaboration between regions on procurement initiatives, he moved into Third Party Management in 2019 to implement a new programme and has subsequently run the function since. Mike is currently running the TPMv2 project to enhance the processes and frameworks to meet the new regulatory requirementsPrevious to joining RSA Mike has held senior IT Procurement and Third Party Risk roles across a number of sectors, including roles at Zurich Insurance, EY, Morgan Stanley, Inmarsat and O2. He was the European lead for setting up the global Morgan Stanley Supplier Risk process in 2009/10Mike is married with three children but still finds time to enjoy playing football and cricket – the rest of his time is spent on family crowd control.

Alex is Head of Supply Chain Risk for Lloyds Banking Group (LBG), responsible for ensuring that the supplier onboarding & management frameworks drive effective risk management and regulatory compliance. Alex has worked with LBG for 10 years, and has over 20 year experience in Sourcing and Supply Chain Risk.

With over 20 years banking and risk management experience working across the financial industry, including Bank of Scotland, Barclays and currently with the NatWest Group, Joanne is an industry expert on all aspects of Third Party Risk Management and Outsourcing regulatory requirements. In her current role she is the Risk lead for NatWest on all outsourcing matters working with external and internal outsourcing central teams on their business strategy, processes and control environment to ensure they operate within the bank’s risk appetite and meet regulatory expectations. As a purpose-led business NatWest fosters strong relationships with all key stakeholders across their supply chain.

Penny has over 20 years of experience in third party management and outsourcing. She has helped a number of large international Banks, investment management and insurance firms stand-up, operationalise, or streamline existing programs to increase value or remove cost.

Penny has also led the build out of our full TPRM capability across both advisory and execution managed services (EMS). Penny has a wealth of experience of both Third Party Risk and transitioning the management of complex, global services and supply chains.

Will Gray has 18 years experience in Security and Risk Management, primarily focused on bringing emerging technologies to market.
Having joined SecurityScorecard in 2018, when Cyber Risk Ratings was a nascent industry, he has seen a rapid rise in adoption of the concept which now underpins board reports, risk management discussions, supply chain security assessments and cyber insurance underwriting for 1000’s of organisations globally.

Hasintha Gunawickrema is currently the Chief Control Officer for HSBC UK Wealth and Personal banking. Over her 17-year career in Financial Services, she has worked with markets across Europe and Asia. She is currently reading for an Executive Leadership program with Harvard Business School and is also a qualified accountant.
Hasintha has led large scale business, digital and culture transformational programs to deliver better customer outcomes, improve operational excellence and drive effective risk management.
Hasintha is passionate in coaching and mentoring and has a large mentee base across Europe and Asia. She is back in the UK after a successful stint in India as the COO for Wealth and Personal Banking for HSBC. During her time in India, Hasintha was engaged in supporting charities that are focused on educating less privileged girls.  She is passionate in supporting colleagues and customers who are disadvantaged due to their physical abilities, mental health challenges and neurodiversity. She is the Diversity and Inclusion Ability lead for Global Wealth and Personal Banking in HSBC.
Hasintha leads the ‘Data driven risk management’ agenda to support businesses deliver sustainable growth and meet customer needs effectively.

Sundeep leads PA Consulting’s Third Party Risk Management capability for Financial Services. With over 20 years experience, Sundeep has significant experience in working with boards and executive committees, bringing deep experience in delivering programmes against evolving regulatory expectations.

Ameet Jugnauth is an experienced Cyber and Technology leader within the Financial Services sector. With over 15 years of experience across insurance and banking, Ameet has led global information security initiatives, large scale risk and control transformation programmes and recently led risk oversight for strategic transformation at a large banking group. Ameet joined Capital One in 2022 as the Cyber Governance and Risk Director, responsible for third party management, cyber risk and compliance, developing thought leadership across both UK and US teams. Appearing at events regularly in the UK and Europe, he shares his insights into resilience best practices, innovation and is a strong advocate for diversity and inclusion as a lever to organisational success.

Edit König-Bihari is a business strategist with 20 years of experience combining sustainability, strategic sourcing and compliance mindset in the financial industries. Currently working at Danske Bank Group, Edit is responsible for building up the Group’s sustainable supply chain focusing on ESG risk, sourcing strategies and change management which enables the transformation. Edit holds an MBA from Technology University in Budapest and a master education in sustainability from the Norwegian BI Business School.

Since CyberVadis creation Thibault Lapédagne has been at the heart of the cybersecurity assessment department. Having his professional background in consulting (Wavestone) he created the CyberVadis reference model and the processes to assess a company’s cybersecurity performance. Today he manages an international team of cybersecurity experts responsible for all assessment operations. Thibault Lapédagne participates in cybersecurity events as a keynote speaker to raise awareness on the importance of third-party cybersecurity risk assessments and CyberVadis methodology.

Merlin Linehan is a Risk Manager at the European Bank for Reconstruction & Development (EBRD), working across Crisis management and business resilience. Merlin has supported the Bank through a number of major geopolitical and IT events including Covid, Ukraine and Log4j. Merlin is also a regular contributor to publications such as Frontera, PRMIA and Risk Screen and others covering geopolitics, risk and technology. He has also appeared in various media outlets including the FT, BBC and Global Capital commenting on China’s global role and emerging markets

Biography coming soon

Biography coming soon.

Anne is Head of IT Supplier Management , Governance and Risk at Lloyds Banking Group (LBG), leading a team of 35 Supplier Managers to support the delivery of the Group’s Technology Strategy.

Previously, as the Lead of LBG’s central Assurance Team, Anne successfully shaped the framework and delivered the assurance plan for suppliers across the various business divisions. This was during the backdrop of the pandemic when she moved on-site assurance to virtual.

An accomplished risk professional, Anne has extensive experience in senior roles in Third Party Risk Management and Management roles across Insurance and Retail channels.

Andrew Moyad is the Chief Executive Officer of Shared Assessments.
Andrew is an accomplished leader and trailblazer in third party risk management. As a practitioner and a senior risk management executive, he has driven a culture of accountability and diligence in safeguarding information. Andrew has more than 25 years in risk management and information security. He has contributed greatly to the transformation and advancement of risk management as a strategic function that intersects with and helps guide all aspects of organizations.
Most recently, Andrew served as Senior Vice President, Vendor Risk Management at Blackstone, where he led a team of risk professionals responsible for overseeing all phases of the vendor lifecycle at the firm, including risk assessments, control diligence, contract reviews, financial checks, performance monitoring, issue tracking, and management reporting. Prior to Blackstone, he served as a director and global head of vendor risk management and BlackRock and Senior Vice President for Citigroup, where he was a Business Information Security Officer in Global Fixed Income and led third party risk assessments for several years.
Andrew holds a Bachelor of Arts Degree in Natural Sciences from Harvard University and a Master of Science Degree in Information Systems from the Stevens Institute of Technology.

Anders Norremo is an entrepreneur and company builder. He currently serves as the VP of Third Party Risk Products at Bitsight. He previously was the founder and CEO of ThirdPartyTrust, a third-party risk management SaaS, and led the company into a successful merger with Bitsight.

Anders has over 15 years of experience in information security and technology. His expertise in identifying trends and building solutions has contributed to solving the industry problem of a vulnerable supply chain by streamlining third-party risk assessments and security reviews for enterprises and their vendors.

In his role as Regulatory Compliance Solutions Lead, Wayne manages NCC Group’s relationships with the global financial services regulators. This involves co-writing NCC Group’s consultation paper responses relating to third-party risk management, supply chain risk and operational resilience, as well as ensuring its products meet global regulatory requirements. Much of Wayne’s time is spent advising systemic financial institutions and their suppliers on how to build “demonstrably successful stressed exit plans” as instructed by the PRA.

Brian has worked in business process automation targeting risk and compliance for over 25 years, supporting hundreds of Fortune 500 and mid-market firms across all industries. Since 2011 Brian has focused on Third-Party Risk, Compliance and Performance Management for the Financial Services Industry, as well as Master Data Management and Know Your Customer (KYC) challenges. At Mirato, Brian serves as Director of Financial Services Sales, responsible for sales to financial services firms in North America and Europe.

Biography coming soon.

Gemma has worked in a variety of third-party management roles over 15 years including procurement transformation and IT portfolio management. Currently leading the group strategy for third party risk management which includes the risk policy, third party governance framework, and a GRC solution for automated risk management & reporting. Gemma and her team have spent the last 18mths implementing a globally consistent framework and system across 37 countries. A lean black belt with a passion for implementing efficient operating models and using IT solutions to simplify and automate third party risk management.

Biography coming soon.

Shabbir is an Operational Risk Control professional with a blend of Risk management and Digital Transformation experience. He currently leads the second line’ oversight of Technology, Information Security Risk and Internal Controls Frameworks at Handesbanken plc and in the past he has worked with KPMG for close to 11 years in their Risk & Control Transformation practices across UK, India and Southern Africa. He is passionate about simplifying risk management and actively champions use of technology to enhance risk processes within the organisation using GRC and advanced technologies. Shabbir is an IT Engineer by qualification and holds professional certifications Certified in Operational Risk Management (CORM), Certified Information Systems Auditor (CISA), ISO 27001, Privacy Lead Auditor and PRINCE2 professional.

Simon is the Executive Chairman of Thomas Murray. Before co-founding Thomas Murray in 1994, Simon trained as a chartered accountant at Coopers & Lybrand. He also worked at S.G. Warburg and KPMG Management Consultants, and was an Executive Director of Davis International Banking.

Eustathios is the Commercial Lead for KY3P data, framework and regulatory initiatives. He joined S&P Global from the Prudential Regulation Authority – part of the Bank of England where he was the Head of Integrated Operational Risk & Resilience in the Supervisory Risk Specialists Directorate.

He has experience in leading multidisciplinary teams across financial and operational resilience responsible for policy design, implementation and regulatory operationalisation, which includes the UK’s Operational Resilience policy. In addition, Eustathios has led the PRA’s risk modelling and analytics teams having developed the first concurrent stress test and having led numerous modelling and data initiatives for supervisory and financial stability purposes. Eustathios has in-depth exposure to regulation, central banking, retail and wholesale banking having worked in Europe and North America.

Eustathios holds an Executive MBA from the University of Exeter (UK), a Master’s degree in Finance and Econometrics from Concordia University (Montreal, Canada) following an honours Economics Bachelor’s degree from Carleton University (Ottawa, Canada).

S&P Global (NYSE: SPGI) provides essential intelligence. We enable governments, businesses and individuals with the right data, expertise and connected technology so that they can make decisions with conviction. From helping our customers assess new investments to guiding them through ESG and energy transition across supply chains, we unlock new opportunities, solve challenges and accelerate progress for the world.

At PwC, we’re working to build trust, deliver sustained outcomes and help clients solve their most important problems by combining human ingenuity and understanding with the right technology.

Globally, our network employs nearly 328,000 people working in 152 countries advising and managing services for 191,000 private and public sector clients of all sizes and sectors.

From building teams with diverse perspectives, experiences and expertise to investing in our skills and technologies, we take a human-led, tech-powered approach, working alongside our clients to deliver results that make the difference.

The Most Reliable Security Ratings
Manage your third party risk worldwide with evidence-based assessments
CyberVadis is a cost-effective and scalable solution for third party cybersecurity risk assessments. Our methodology maps to all major international compliance standards including NIST Cybersecurity, ISO 27001, GDPR and several business specific frameworks. Our solution combines the speed of automation with the accuracy and effectiveness of a team of infosecurity experts, providing evidence-based assessments.

Mirato’s TPRM intelligence platform elevates existing TPRM programs and tools by streamlining an entire operation’s data into one smart platform. Using natural language processing (NLP) and advanced artificial intelligence (AI), Mirato validates and enriches this data, turning it into actionable insights. What was previously multi-destination, manual-intensive labor is now replaced by the Mirato platform and is easily managed from one dashboard. This saves time and money (up to 60% of assessment cost) while increasing an organization’s ability to mitigate risk in an ever-evolving risk landscape.

As society redefines risk and opportunity, OneTrust empowers tomorrow’s leaders to succeed through trust and impact with the Trust Intelligence Platform. The market-defining Trust Intelligence Platform from OneTrust connects privacy, GRC, ethics, and ESG teams, data, and processes, so all companies can collaborate seamlessly and put trust at the center of their operations and culture by unlocking their value and potential to thrive by doing what’s good for people and the planet.

Shared Assessments is a global membership organization dedicated to developing the best practices, education and tools to drive third party risk assurance. We are creators of the industry standard third party risk toolkit, used by over 15,000 organization’s worldwide.

Thomas Murray is a global risk intelligence company. We help our clients to understand and manage the risks facing their businesses and organisations in today’s highly interconnected environment. From third-party risk to cyber security, decision makers use our risk, advisory and technology solutions every day to build secure and resilient organisations.

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.

Bitsight’s universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight’s integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

Bitsight is on a mission to free the global economy from the material impact of cyber incidents. For more information, visit bitsight.com.

Climate X’s climate risk data and analytics platform, Spectra, is a multi-award-winning SaaS solution that helps organisations become more resilient to the impacts of climate change by quantifying the probability and severity of weather events decades before they happen. With the latest regulatory requirements in mind, firms around the world trust Spectra to provide explainable and understandable data to strengthen their climate financial risk disclosures and plans for ICAAP, stress testing, origination and TCFD reporting.

Spectra delivers location-specific risk ratings, EPC ratings for transition risk and climate-adjusted loss estimates between now and 2100 under multiple climate emission pathways via an easy-to-use SaaS platform or integrated API.

To learn more about Climate X and the work we do, visit our website for a personalised demonstration: https://www.climate-x.com

With over 30 years’ experience, NCC Group is a world-leading Software Resilience provider ensuring the continued availability of outsourced business-critical software and data through our Escrow and Verification services. Our Software Resilience services enable businesses to easily prepare for, respond to and recover from disruption to third-party services, strengthening operational resilience and satisfying business continuity planning, regulatory compliance and supply chain risk management requirements.

‘We believe in the power of ingenuity to build a positive human future.

This idea unites and inspires us as we partner with passionate, forward-thinking leaders. We combine innovative thinking and breakthrough technologies, delivering end-to-end innovation. Our clients adapt and transform, and together we achieve enduring results.’

More here in our ‘about us’ page: Bringing Ingenuity to Life. | PA Consulting

Did you know 60% of organisations have suffered a security breach through a third party? It’s understandable – the traditional processes are broken. Organisations face a burden of ineffective, inefficient admin. ‘Point in time’ cybersecurity assessments make for poor-quality data that goes out of date fast, offering little protection. Risk Ledger helps organisations get their cybersecurity risk assessment tasks done in hours, not days and scale their supplier coverage from 5% to 95% so they can spot more vulnerabilities at just 10% of the cost.

The NHS used Risk Ledger to identify a situation where several third-party suppliers were all dependent on the same fourth-party supplier. They then worked with those third parties to first understand that risk, and then take action to mitigate it.

With help from insights like this, many of our customers have improved their supplier contracts. Interested in learning more? Visit https://riskledger.com/.

CeFPro Connect aims to connect industry experts through thought leadership content and timely news, written for the industry, by the industry. Gain unlimited access to CeFPro’s unparalleled library of resources including iNFRont Magazine, market intelligence reports, filmed presentations, insights Q&A’s, and much more.
Sign up for free.

iNFRont Magazine is a unique publication providing regular insight on the operational and non-financial risk (NFR) sector. Featuring contributions provided by leading industry figures and experts from around the world, iNFRont Magazine touches on the most critical themes and challenges currently affecting financial professionals.
Available to download for free.