Managing third party risks in a complex landscape and leveraging industry innovations
Vendor & Third Party Risk USA
8th Annual | June 7-8 | New York City

GLOBAL REGULATIONS
Identifying regulatory expectations on a global level and integrating requirements under a unified framework
CRITICAL THIRD PARTIES
Identifying critical third parties and ensuring compliance with contract set
EXIT PLANNING
Developing and testing exit plans in the event of a planned exit
THIRD PARTY RISK PROGRAM
Maturing the third party risk management program to bring efficiency and value to the business
CYBER SECURITY
Reviewing current cyber threats posed and mitigating these down the supply chain
COLLABORATION
Increasing collaboration and visibility between internal teams and vendors and utilizing technology to mitigate risks
DATA PRIVACY
Ensuring visibility of data privacy with an increase of global regulations
CONTRACT MANAGEMENT
Reviewing contracts are being governed and adhered to by third parties after onboarding


Michael Steinhoefel
Director Operational Risk Management
Barclays

Donald Mones
Director Third Party Risk Management
MUFG

James McPherson
Director & Counsel
Credit Agricole

Rodney Campbell
Head of Third Party Risk Management
Valley Bank

Nate Vanderheyden
Director, US Banks Cyber & Information Security
Morgan Stanley

Melissa Mellen
Head of Third Party Risk Management
Federal Reserve Bank of New York

Courtnee Smith
Vice President, Enterprise Supplier Management
Capital One

Krystelle Bilodeau
Senior Director, Banking Operations & Risk
Bank of Canada

Luis Grisales
Head of Vendor Risk Management & Vendor Onboarding
Blackstone

Olga Voytenko
Managing Director of Operational Resilience
Silicon Valley Bank






CAN YOUR ORGANIZATION CONTRIBUTE?
Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact chris.simou@cefpro.com or call us on +1 888 677 7007 ext. 207 where a member of the team will be happy to tailor the right package for you.
.

8:00 Registration and breakfast
8:50 Chair’s opening remarks
CONTRACT MANAGEMENT – PANEL DISCUSSION
Session details
- Ensuring contractual leverage when security events arise
- Conducting annual due diligence
- Reviewing the vendors once the contract is signed
- Leveraging technology to assess vendors
- Investing prior to a breach occurring
- Implementing appropriate follow ups when identifying risk
- Incorporating an audit clause into the contract when onboarding
- Incorporating non-compliance triggers
- Obtaining evidence that vendors have remediated
Rodney Campbell, Head of Third Party Risk Management, Valley Bank
Krystelle Bilodeau, Senior Director, Banking Operations & Risk, Bank of Canada
Melissa Mellen, Head of Third Party Risk Management, Federal Reserve Bank of New York
James Mcpherson, Director & Counsel, Credit Agricole
CRITICAL THIRD PARTIES
Session details
- Reviewing critical third parties to comply with contract set
- Monitoring and auditing terms and conditions from contract owner
- Testing critical third parties to be in compliance with contract
- Prioritizing compliance with the terms and conditions of critical third parties
- Preparing an exit plan when a critical third party is in financial distress
- Substituting a third party for minimal disruption
- Prioritizing critical third parties
- Understanding what contingency plans look like for critical vendors
- Defining criticality for vendors
Tausif Khan, Associate Director, Third Party Risk, DTCC
Michael Rivas, Head of Third Party Risk, DTCC
10:20 Morning refreshment break and networking
MITIGATION
Session details
- Reviewing the evolution of the geopolitical landscape and disruption to third parties
- Increased importance of ESG
- Precipitation of evolution into supply chain risk management
- Reviewing best practices and industry trends
- Looking into the future of third party risk management
Wes Loeffler, Product Manager, Archer
FOURTH PARTIES – PANEL DISCUSSION
Session details
- Creating a fourth party inventory
- Understanding controls with fourth parties
- Performing continuous monitoring on fourth parties
- Managing and mitigating risks brought from fourth parties
- Defining risk tolerance with fourth parties
- Understanding when subcontractors controls have changed
- Ensuring third parties have control on their subcontractors
- Reviewing the expectation from regulators
- Managing and tracking access to data
Michael Steinhoefel, Director Operational Risk Management, Barclays
Courtnee Smith, Vice President, Enterprise Supplier Management, Capital One
Gregory Goldstein, Vice President, Strategic Global Partner Management, Prudential Financial tbc
Javier Cubano, VP, Third Party Risk Oversight, BNY Mellon
EXIT PLANNING
Session details
- Application of exit planning
- Testing exit plans
- Allowing testing for stressed exit plans
- Designing the exit plan
- Including the right components when drafting the exit plan
- Testing the value of exit plan with teams
- Analyzing the weakest point of the exit plan
Olga Voytenko, Managing Director of Operational Resilience, Silicon Valley Bank
12:45 Lunch break and networking
A series of informal roundtable discussions, chaired by industry professionals, which are optional and outside of the event structure. Engage with peers on a topical subject of your choice over lunch.
Horizontal versus vertical management of third party risks
Led by Michael Steinhoefel, Director Operational Risk Management, Barclays
Reviewing global regulatory expectations
Led by Donald Mones, Director Third Party Risk Management, MUFG
Overcoming biggest hurdles to a successful TPRM deployment
Led by Mike Yaffe, CMO, Prevalent
Setting appropriate risk appetite
Led by Jing Zhao, Director Third Party Data and Analytics, USAA
AUTOMATION
Session details
- Managing vendors in an ever-changing regulatory environment
- Staying ahead the curve
- Leveraging big data
- Automating processes
- Validating assessments and managed services
Peter Pernebo, Managing Director, Global Head of Third Party Risk Management Solutions, KY3P®, S&P Global
Luke Nordlie, Executive Director and Global Head of Vendor Due Diligence, KY3P®, S&P Global
TECHNOLOGY
Session details
- Process
improvementreduction - Realizing human potential
- Maximizing the value of data
- Reducing hidden risk
- Continuous
monitoringassessment - Transitioning from survival to innovation
Brian Shaw, Director of Financial Services, Mirato
STRATEGY
Session details
- Reduce duplicative work with more efficient and aligned automated processes
- Increase cross-team data sharing and build time-saving dynamic workflows
- Improve communication with greater accountability throughout the third-party lifecycle
Matthew Moog, General Manager, Third-Party Risk Management, OneTrust
3:30 Afternoon refreshment break and networking
ESG – PANEL DISCUSSION
Session details
- Setting risk appetite for ESG when onboarding third parties
- Integrating ESG processes without disrupting TPRM programs
- Monitoring climate risk impact by third parties
- Reviewing ESG compliance down the supply chain
- Capturing and reporting metrics for diverse suppliers
- Balancing approach to all proposed regulations
- Expanding TPRM program to cover elements of sustainability
- Getting value from the invest in ESG reporting and management
- Incorporating ESG into vendor risk assessments
Luis Grisales, SVP – Head of Vendor Risk Management & Vendor Onboarding, Blackstone
Ken Wolckenhauer, VP Vendor Management, Nordea Bank
THIRD PARTY RISK PROGRAM
Session details
- Designing a third party risk management program
- Engaging the correct teams
- Performing due diligence
- Creating an efficient cost effective program
- Utilizing technology to ensure an effective TPRM program
- Having effective processes in place
- Measuring cost savings brought through efficiency
- Shifting from traditional due diligence questionnaires into real time monitoring
- Ability to keep up with business and client demand
- Having strategic relationships to help advance goals
Shamial Afzal, Head of Supplier Management Governance, Legal & General Investment Management
5:20 Chair’s closing remarks
5:30 End of day one and drinks reception


8:00 Registration and breakfast
8:50 Chair’s opening remarks
Day Two moderator: Peter Pernebo, Managing Director, Global Head of Third Party Risk Management Solutions, KY3P®, S&P Global
CYBER SECURITY – PANEL DISCUSSION
Session details
- Handling potential data breaches
- Notifying employees
- Mitigating risk exposure that arises from data leaks
- Knowing when to cut off vendors after multiple cyber breaches
- Coordinating outreach to a vendor once an attack occurs
- Working with vendors to mitigate cyber risks
- Understanding how third and fourth parties are impacted by cyber breaches
- Getting responses from fourth parties to understand exposure in a timely manner
- Leveraging technology to keep up with the pace of change from attacks
- Creating automated responses once a breach occurs
- Understanding how vendors protect data from breaches
Nate Vanderheyden, Director, US Banks Cyber & Information Security, Morgan Stanley
Andrew Egoroff, Senior Cybersecurity Specialist, ProcessUnity
Madiha Fatima, Executive Director – Operational & Outsourcing Risk, JP Morgan
CYBER INSURANCE
Session details
- Understanding the value of cyber insurance
- Leveraging the value of your cyber coverage during data breaches
- Implementing continuous monitoring
- Knowing your options if cyber insurance is reduced or removed
- Evaluating supplier cyber insurance coverages and their limits
- Appreciating the contractual interplay between indemnification, insurance, and Limitation of Liability
Andrew Moyad, Chief Executive Officer, Shared Assessments
10:20 Morning refreshment break and networking
CYBER
Session details
Session details to come.
Senior Executive, Bitsight
AI & TPRM
Session details
- Collaborate with vendors to drive a trusted third-party risk management program
- Leverage trusted security data to make faster and smarter decisions about their vendors
- Proactively engage with third parties who have poor cybersecurity posture to prevent breach
Michelle Koestani, Solutions Engineering Manager, SecurityScorecard
12:00 Lunch break and networking
A series of informal roundtable discussions, chaired by industry professionals, which are optional and outside of the event structure. Engage with peers on a topical subject of your choice over lunch.
Managing a TPRM program when going through M&A process
Led by Hugo Ramirez, SVP Director of Corporate Assurance, Internal Audit, BBVA
The “contract checklist”: risk vs regulatory expectations
Led by James Mcpherson, Director & Counsel, Credit Agricole
Affiliate reviews – when you vendor isn’t 3rd party
Led by Carolyn Handley, Head of Vendor Due Diligence & Monitoring – NA Investments, Global Investment Center, Aon
Managing reputational risk of third parties
Led by Thomas Brandt, Chief Risk Officer/Director, Office of Planning and Risk, Federal Retirement Thrift Investment Board
GLOBAL REGULATIONS – PANEL DISCUSSION
Session details
- Integrating all upcoming regulation into TPRM program
- Staying abreast of all changes
- Ensuring third parties have appropriate controls to comply with regulations
- Interpreting guidance from NY DFS
- Reviewing core requirements
- Demonstrating compliance
- Producing a TPRM program to align with all regulatory bodies
- Leveraging internal teams to identify and comply with regulations
- Responding to the upcoming inter-agency guidance
- Keeping pace and staying compliant with the evolving world of banking
- Utilizing fintechs & open banking
Donald Mones, Director Third Party Risk Management, MUFG
Shamial Afzal, Global Head Strategic Supplier Oversight, Legal & General Investment Management
Stuart Hoffman, Governance & Operational Risk Policy Analyst, OCC
Cyril Korenbeusser, Chief Resilience Officer, BNP Paribas CIB
DATA PRIVACY
Session details
- Understanding regulators priorities
- Understanding where data is and who has it
- Reviewing the jurisdiction that the data sits in
- Offshoring data appropriately
- Managing increased data exposures with people working globally
- Systematically managing data privacy laws and ensuring vendors comply
- Balancing resources working from home and complying with global data regulations
- Complying with regulations when dealing with cross-border transactions
- Advances with the data privacy act
2:20 Afternoon refreshment break and networking
FINTECH
Session details
- Dealing with fintechs without compromising banks security risk
- Regulated banks Vs unregulated fintechs
- Implementing US regulations when onboarding global fintechs
- Approaches to onboarding and managing fintechs
- Understanding the balance between onboarding fintechs and risk appetite
- Enforcing regulations to fintechs
- Conducting appropriate due diligence on fintechs
- Mitigating potential risks by educating fintechs
- Staying mindful of services fintechs provide
Eli Enav, Director – Third Party Risk, Internal Audit, American Express
COLLABORATION
Session details
- Utilizing internal and external tools without being disjointed
- Collaboration internally and externally to operate on same platforms
- Ensuring communication from front to back office
- Managing risk between both sides
- Operationalizing internal teams effectively
- Tying together siloed activities
- Understanding what stakeholders are involved to decision make
- Allowing transparency and visibility when contracting
- Gaining buy in from stakeholders
- Aligning with TPRM and procurement teams
Olga Baldwin, VP, Vendor Management, Axiom Bank
M&A
Session details
- Reviewing challenges brought with M&A’s
- Managing TPRM programs when going through M&A process
- Building a plan for the transition
- Increased scalability of vendors and performing risk assessments
- Increased reliance on outsourcing post-covid
- Manage current vendors and incorporating new vendors from M&A
- Increase in concentration risk
Hugo Ramirez, SVP Director of Corporate Assurance – Internal Audit, BBVA
4:35 Chair’s closing remarks
4:45 End of Congress


Shamial Afzal
Global Head Strategic Supplier Oversight
Legal & General Investment Management

Olga Baldwin
VP, Vendor Management
Axiom Bank

Krystelle Bilodeau
Senior Director, Banking Operations & Risk
Bank of Canada
With over 25 years financial services experience, Shamial has worked in insurance, banks and now investment management firm leading the strategic supplier oversight agenda globally.
Shamial has a passion to build inclusive and diverse teams which have been demonstrated through his various roles which have included operations, change and supply chain management.
Shamial continues to challenge the status quo and drive the supplier oversight agenda forward as critical part of any firm dealing with third parties.
“Olga Baldwin is a VP, Vendor Management at Axiom Bank with over 13 years of experience in third party risk management. Currently she is responsible third-party risk management program development, improvements, and implementation to ensure a proper oversight of the bank third parties is conducted in accordance with regulatory requirements including vendor selection, risk assessment, due diligence, ongoing monitoring, and terminations. Prior to this role, Olga held a position of a Director, Vendor Risk Management at Sterling National Bank overseeing Vendor Risk Management Program.
Krystelle Bilodeau is Senior Director, Banking Operations & Risk at the Bank of Canada. Krystelle has worked in the financial sector for over 20 years with 16 years at Canada’s central Bank. Throughout her career, Krystelle has established herself as a versatile professional holding leadership positions in a broad range of areas including Director of Retail and Wholesale Debt Administration responsible for large and complex outsourced operations; as Director of Awareness and Education in the Currency Department during Canada’s successful transition from paper-based to polymer-based currency; As Adviser on Third Party Risk having designed and implemented the Bank’s Third party risk management program; and as Senior Director for the Bank of Canada’s critical Banking Operations and risk during the COVID crisis
Krystelle is a member of the Faculty for Third Party Risk Institute and its delivery partner SIG University’s “Certified Third Party Risk Management Professional” program; Vice President of the Board of Directors of the EBO Financial Education Centre; Chair of the Ottawa chapter of the Dean’s Advisory Council for the Lazaridis School of Business & Economics, and a member of the Strategic Direction Committee for the Bank of Canada’s women’s leadership network – PotentiELLE. Krystelle is also the recipient of the Future of Sourcing Awards ‘Rising Star’ award for 2018 and shortlist candidate for the Women in Finance awards ‘Outstanding Achievement’ award in 2019.
Krystelle holds a BA in Communications and a Master’s in Business Administration from Wilfrid Laurier University.

Thomas Brandt
Chief Risk Officer/Director, Office of Planning and Risk
Federal Retirement Thrift Investment Board

Leah Campbell
Senior Counsel
Bradley Arant Boult Cummings LLP

Rodney Campbell
Head of Third Party Risk Management
Valley Bank
Tom Brandt is a risk management practitioner in the federal government. With nearly three decades of federal service, he is currently the Chief Risk Officer (CRO) and Director of Planning and Risk for the Federal Retirement Thrift Investment Board. He previously served as CRO for the IRS. He is a fellow with the National Academy of Public Administration, a past president of the Association for Federal Enterprise Risk Management (AFERM), and also served as chair of the OECD Forum on Tax Administration’s ERM Community of Interest from 2018–2021.
Leah Campbell is a Senior Attorney in Bradley’s Charlotte office. Leah has significant experience representing financial services and insurance company clients in both federal and state courts, as well as before state regulators. Leah has provided intellectual property guidance in M&A and corporate structuring matters and advised on GDPR implementation and cross-border encryption issues. Leah currently advises banks on payment systems technology and licensing, data privacy, address confidentiality programs, and emerging risk issues.
Prior to joining Bradley, Leah served as Senior Counsel in the Cyber/Intellectual Property/Information Technology group for Deutsche Bank AG in New York. Leah was responsible for negotiating outsourcings, software license agreements, SaaS agreements, consulting services agreements, commercial leases and construction agreements.
Rodney Campbell is a recognized industry leader in Third-Party Risk Management (TPRM) framework, Relationship Management, Contract Management & Performance Management. Rodney is a business champion, dedicated to empowering organizations and business leaders with industry insights and best practices to establish both regulatory compliance and operational success. Experienced in developing global programs, processes, cross-functional teams from the ground up and leading projects spanning Asia-Pacific, Latin America, United Kingdom and North America regions, Rodney creates a high-impact, collaborative environment that eliminates silos and cross borders.Additionally, Rodney serves on Seton Hall University Customer Experience Program Advisory Council and The Board of Directors for HANDS Housing and Neighborhood Development.

Javier Cubano
VP, Third Party Risk Oversight
BNY Mellon

Andrew Egoroff
Senior Cybersecurity Specialist
ProcessUnity

Eli Enav
Director – Third Party Risk, Internal Audit
American Express
Biography coming soon.
Andrew is the Senior Cybersecurity Specialist at ProcessUnity. He has more than 30 years’ international experience providing cybersecurity advisory and consulting services across a wide variety of industry verticals in Australia, the UK and the USA.Andrew is responsible for keeping up to date with all the latest cybersecurity trends and advancements, as well as evangelizing the use of the ProcessUnity Cybersecurity Risk Management service offering for customers across the globe.
Biography coming soon.

Madiha Fatima
Executive Director – Operational & Outsourcing Risk
JP Morgan

Gregory Goldstein
Vice President, Strategic Global Partner Management
Prudential Financial tbc

Luis Grisales
SVP – Head of Vendor Risk Management & Vendor Onboarding
Blackstone
Madiha Fatima is a Director and Head of Third Party Risk Management where she is responsible for development of Third Party Risk Management Framework while enabling businesses to achieve their strategic objectives from utilizing vendors. She oversees the firmwide Third Party Risk Management Program including vendor cyber, technology, business continuity and data security assessments. Prior to joining Angelo Gordon, Madiha Fatima served as Head of Third Party Risk Governance & Oversight at DTCC. Madiha is a Certified Third Party Risk Professional (CTPRP). Madiha earned a Bachelors of Science degree in Financial and Capital Markets from Rutgers Business School.
Greg Goldstein is Vice President, Head of Third Party Risk Management at Prudential Insurance Company of America and he is responsible for enabling businesses and functions to achieve objectives from using third parties including improved profitability, faster time to market, competitive advantage and decreased costs by providing a framework to manage reputational, legal & regulatory, operational and information security risks. Previously, Greg was Vice President of Actuarial Internal Controls where he designed, developed and implemented a global program to increase the awareness, accountability and transparency of risks and enhance the risk and control culture.
Greg joined Prudential from Equitable, where he held numerous finance and risk management roles. He has deep insurance industry experience complimented by an extensive management consulting/public accounting background that includes Ernst & Young and Deloitte.
Greg is a graduate of the University of California, Los Angeles, with a Bachelor of Arts degree in Economics and Business. He is Certified Public Accountant (CPA), a member of the American Institute of Certified Public Accountants (AICPA) and a member of the New York State Society of CPAs. Greg is also a Certified Third Party Risk Professional (CTPRP), Fellow of the Life Management Institute (FLMI) and Six Sigma Black Belt.
Biography coming soon.

Carolyn Handley
Head of Vendor Due Diligence & Monitoring – NA Investments, Global Investment Center
Aon

Stuart Hoffman
Governance & Operational Risk Policy Analyst
OCC

Tausif Khan
Associate Director, Third Party Risk
DTCC
Carolyn Handley is the Head of Vendor Due Diligence and Monitoring for NA Investments, in Aon’s Global Investment Center. She joined Aon in 2013 as the Finance Lead for NA Investments, previously holding lead roles in financial, analytical and business decision support for top-tier companies such as PepsiCo, Walmart Stores Inc., and GE Capital. Carolyn holds an MBA in International Business, BS in Accounting, and an active CPA license.
Stuart is a Policy Analyst with the OCC’s Bank Supervision Policy division, specializing in governance and operational risk policy. He is also a Bank Information Technology examiner, specializing in cybersecurity and information technology risk / information security. He supports international efforts as the OCC’s interim representative to the Basel Committee on Banking Supervision (BCBS) Operational Resilience Group. Stuart joined the OCC as an industry hire in June of 2013. Prior to joining the OCC, Stuart held IT risk management related positions at Citigroup, Cisco, and GE. His career also includes management consulting experience at Deloitte. He has substantial experience in regulatory examinations, technology audits, IT certification efforts, and cross-border initiatives from both the regulatory and business perspectives. Stuart completed his BA and MBA at NYU and holds several industry-recognized credentials, including the CISA, CISSP, and CRISC.

Michelle Koestani
Solutions Engineering Manager
SecurityScorecard

Cyril Korenbeusser
Chief Resilience Officer
BNP Paribas CIB

Wes Loeffler
Product Manager
Archer
Michelle Koestani is a solutions engineering leader at SecurityScorecard. She has experience working on third party risk management with many of the largest global financial organizations, specifically on how cybersecurity data can be incorporated to drive better decisions. A California native living in NYC, you can find her geeking out on the latest tech, in a pilates class, or dining out in the city!
Biography coming soon.
Wes has been with Archer for over five years and serves as the product manager for Third Party Risk Management, Business Resilience, and Operational Resilience. Prior to joining product management, he worked as a product owner and solutions engineer where he developed offerings for Third Party Risk Management, IT & Security Risk Management, and integrations with AWS Security Hub and RiskRecon. Prior to joining Archer, Wes worked for 10 years in the financial services industry as a relationship manager and risk analyst.

James Mcpherson
Director & Counsel
Credit Agricole

Melissa Mellen
Head of Third Party Risk Management
Federal Reserve Bank of New York

Donald Mones
Director Third Party Risk Management
MUFG
James McPherson is Director & Counsel at Credit Agricole Corporate and Investment Bank in New York. He is a member of the Regulatory Group and his work includes reviewing and negotiating a broad range of commercial agreements for the Bank, including contracts for a variety of technology and trading related services. He also participates in various steering committees related to the procurement and ongoing monitoring of the Bank’s various service providers and outsourcing initiatives, including the Bank’s Vendor Management Committee.
Melissa J. Mellen is an Officer within Procurement Value Management, leading the Policy, Analytics, & Vendor Strategy team. In this capacity, Melissa is responsible for overseeing Procurement Policy related compliance, and advisory client driven services. She also manages the Federal Reserve Bank of New York’s Vendor Management, and Supplier Diversity Program.
Prior to joining the Federal Reserve Bank of New York, Ms. Mellen spent fifteen years in the private sector, focused on Procurement, Supplier Diversity and Vendor Risk Management for firms such as: MUFG Union Bank, JP Morgan Chase, OppenheimerFunds, and Mizuho Bank, Ltd.
Ms. Mellen received her bachelor’s degree in Philosophy from SUNY Albany and holds an MBA with a concentration in Risk Management from Saint Peter’s University. She earned a Professional Certificate in Diversity & Inclusion from Cornell University. Melissa is currently a Doctoral Candidate at Pace University, with a focus in Consumer Psychology and Marketing.
Melissa lives in Hoboken New Jersey with her husband Kevin, and Pitbull puppy Viggo. She is a certified yoga instructor affiliated with both the Dharma Yoga Center of New York City, as well as National Yoga Alliance.
Biography coming soon.

Matthew Moog
General Manager
OneTrust

Andrew Moyad
Chief Executive Officer
Shared Assessments

Luke Nordlie
Executive Director and Global Head of Vendor Due Diligence
KY3P®, S&P Global
Matthew Moog serves as the General Manager, Third-Party Risk at OneTrust, the category-defining enterprise platform to operationalize trust. In his role, Matthew advises companies throughout their third-party risk management implementations to help meet requirements relating to relevant standards, frameworks, and laws. Prior to joining OneTrust, Matthew spent 18 years at EY where he led their Global Third-party Risk offering for Financial Services and their Third-party Risk Managed Service offering for the Americas. Moog is a CISA and has a BS in Management Information systems from Rensselaer Polytechnic Institute in Troy, NY.
Andrew Moyad is the Chief Executive Officer of Shared Assessments.
Andrew is an accomplished leader and trailblazer in third party risk management. As a practitioner and a senior risk management executive, he has driven a culture of accountability and diligence in safeguarding information. Andrew has more than 25 years in risk management and information security. He has contributed greatly to the transformation and advancement of risk management as a strategic function that intersects with and helps guide all aspects of organizations.
Most recently, Andrew served as Senior Vice President, Vendor Risk Management at Blackstone, where he led a team of risk professionals responsible for overseeing all phases of the vendor lifecycle at the firm, including risk assessments, control diligence, contract reviews, financial checks, performance monitoring, issue tracking, and management reporting. Prior to Blackstone, he served as a director and global head of vendor risk management and BlackRock and Senior Vice President for Citigroup, where he was a Business Information Security Officer in Global Fixed Income and led third party risk assessments for several years.
Andrew holds a Bachelor of Arts Degree in Natural Sciences from Harvard University and a Master of Science Degree in Information Systems from the Stevens Institute of Technology.
Biography coming soon.

Peter Pernebo
Managing Director, Global Head of Third Party Risk Management Solutions
KY3P®, S&P Global

Michael Rivas
Head of Third Party Risk
DTCC

Hugo Ramirez
SVP Director of Corporate Assurance – Internal Audit
BBVA
Peter Pernebo is the Global Head of Third Party Risk Solutions for KY3P, S&P Global Market Intelligence, where he is leading the commercial, strategy and client delivery of third-party risk management solutions. KY3P is designed in close cooperation with large financial institutions to provide efficiencies and standardization to the third-party due diligence process.
Before joining S&P Global, Peter spent eight years leading various engagements within Goldman Sachs third party risk management office, establishing vendor management policies, procedures and infrastructure to support the firm’s program.
Prior, he was recruited to head the US NE region for Totality, a silicon valley technology upstart providing operational support for major ecommerce clients. His responsibilities included sales, client service delivery and consulting. As part of the executive leadership team, Peter was responsible for product and growth strategies. Totality was acquired by Verizon Business and he led the integration of Totality services.
Before joining Totality, Peter was a senior Director at Accenture, leading global supply chain projects for clients in the US, Canada, Japan, UK, Sweden and many other locations.
Peter holds a BSc in Business and Strategy from Lund University as well as minors in History and Sociology. He is also ITIL certified.
Biography coming soon.
Hugo Ramirez has over 33 years of internal audit experience in three countries (US, Mexico, and Puerto Rico) providing assurance on governance effectiveness Risk management and control practices.
Professional Experience and Responsibilities
Hugo Ramirez joined BBVA Internal Audit in February 1993.
During his time at BBVA, Ramirez has held audit positions at five BBVA entities in three different countries. Ramirez has held the title of Chief Audit Executive at BBVA Bancomer USA (2006) and BBVA Puerto Rico (2012). Before joining the audit team of BBVA New York, Ramirez served as Director of the Internal Audit Fraud Division and subsequently he was appointed as Corporate Assurance Director for Internal Audit, focusing on the enactment of a three line of defense integrated structure for all BBVA entities in the US.
As a part of the Solutions Development team in BBVA New York (Agile Methodology), Ramirez is focused on audits related to Operations, and Third-Party Risk Management, although his experience in auditing covers almost all areas of the banking industry as a result of the diversity of his functions throughout his wide-ranging banking career. Notable audits worked on/led include Retail Banking Sales Incentives, Forensic investigations, Volcker Rule Compliance, Vendor Risk Management, Operational Risk, Consumer Deposits, Governance, IT & Data Security, and Lending reviews.
Professional and Community Activities
Ramirez holds a Certification in Risk Management Assurance, designation by the IIA and is a Certified Regulatory Vendor Program Manager. He is a member of the Institute of Internal Auditors and the Association of Certified Fraud Examiners. He has experience as college professor and conference speaker on financial subjects.
Education
Ramirez holds a Master’s degree in Financial Engineering with concentration in Mergers and Acquisitions and a Bachelor’s degree in International Trade both from the Universidad de Guadalajara in Mexico. He has also completed executive training in Leadership and Senior Management at recognized business schools in Texas, Guadalajara (MX) and Mexico City.

Brian Shaw
Director of Financial Services
Mirato

Michael Steinhoefel
Director Operational Risk Management
Barclays

Courtnee Smith
Vice President, Enterprise Supplier Management
Capital One
Brian has worked in business process automation targeting risking and compliance for over 25 years, supporting hundreds of Fortune 500 and mid-market firms across all industries. Since 2011 Brian has focused on Third-Party Risk, Compliance and Performance Management for the Financial Services Industry, as well as Master Data Management and Know Your Customer (KYC) challenges. At Mirato, Brian serves as Director of Financial Services Sales, responsive for sales to financial services firms in North America and Europe.
Michael Steinhoefel is a Director of Operational Risk Management at Barclays responsible for Connecting Risk in the Supply Chain. Prior to this Michael was at BNY Mellon Global Markets and 20 years with Citi, the Swiss Stock Exchange, and Credit Suisse in roles in Internal Audit and in first line Risk & Control and Business Process Reengineering in the US, LATAM and EMEA. Michael worked several years as external auditor. He holds a Master of Political Science from the Johannes Gutenberg University in Germany and an MBA from the Institute of Management Development (IMD)
Biography coming soon.

Nate Vanderheyden
Director, US Banks Cyber & Information Security
Morgan Stanley

Olga Voytenko
Managing Director of Operational Resilience
Silicon Valley Bank

Ken Wolckenhauer
VP Vendor Management
Nordea Bank
Nate Vanderheyden is an Executive Director on Morgan Stanley’s U.S. Banks Cybersecurity and Information Security Team.Mr. Vanderheyden is responsible for the evaluation and evolution of banking systems to enhance cyber resiliency and defensive measures. He started at the firm in 2018 on the Wealth Management Cybersecurity team in direct support of Global Banking Technology and the Private Bank.Prior to joining Morgan Stanley, Mr. Vanderheyden served for 11 years in the U.S. Marine Corps and was deployed to Iraq and Afghanistan. His last six years of duty were spent at the National Security Agency (NSA), where he conducted and led a team performing computer network operations, advised senior government officials, and authored multiple policy documents shaping cyberspace operations in support of the U.S. Intelligence Community and national security objectives.
Olga Voytenko is a Managing Director of Operational Resilience with Silicon Valley Bank. She is responsible for building the global operational resilience program and supporting resolution and recovery planning. In her role, she is regarded as the operational risk and resilience expert who promotes the importance of sound operational resilience practices and supports her financial organization in the timely and effective build and execution of operational risk and resilience management programs and processes. Prior to this role, Ms. Voytenko was the Global Head of Third Party Risk Management with State Street Corporation, where she was responsible for building the Third Party Risk Management program and managing third party risks, including operational resilience and cyber security risks. Ms. Voytenko’s extensive experience across financial and non financial risk domains includes serving as Vice President within Treasury leading the Global Liquidity Risk Management team, as well as, leadership roles in Recovery Resolution Planning, Valuation & Analytics, and Corporate Audit. Ms. Voytenko also contributed to Sun Life Financial, where she held a leadership position in the Investment Finance and Security Valuation team.
Olga holds a Master of Science in Business Administration from Suffolk University and a Bachelor of Science in Accounting and Finance from Boston University.
Ken Wolckenhauer is the Head of Vendor Management at Nordea Bank’s New York branch. Leading up to this position, Ken was as a subject matter expert, trainer, solutions provider, and consultant for FIS, the world’s largest global provider dedicated to banking and payments technologies. With FIS, Ken specialized in financial industry regulatory risk and compliance, mostly in the area of anti-money laundering and watchlist compliance. Nordea Bank leveraged Ken’s risk and compliance knowledge to build out the vendor management program for the New York branch, developing a program that would properly manage risk as well as gaining acceptance to the US regulators. The success of the US program is now being used to advise Nordea’s European branches on enhancements to its TPRM program. Ken is a graduate of Bucknell University and is a Certified Anti-Money Laundering Specialist.

Mike Yaffe
CMO
Prevalent

Jing Zhao
Director Third Party Data and Analytics
USAA
Michael Yaffe brings more than 20 years of experience at organizations ranging from start-ups to Fortune 100 companies to his position as Chief Marketing Officer. He has a significant record of achievement in developing strategic and tactical marketing programs for information security companies that deliver revenue. He possesses a strong set of skills in lead generation, public and analyst relations, product marketing, partnership development, positioning and branding.
Jing Zhao oversees USAA’s Third Party Data and Analytics (TPDA) team which is accountable for the delivery of Procurement and Third Party risk data, reporting and analytics, including Third Party Risk Appetite Metrics, Key Risk / Performance Indicators, Board of Director reporting, Data and Analytics Strategy, Pricing Analytics, and other intelligence supporting the Third Party program.
Jing’s professional career has been centered around Supply Chain Management and Third Party Risk Management. Jing is experienced in the logistics field and he was a previous entrepreneur. Prior to USAA, Jing provided seven years of leadership through setting strategic direction, implementing emerging technology such as AI and RPA, and process design in the Procurement / Third Party Risk Management division at Bank of America.
Jing received his bachelor’s degree & MBA focused on Supply Chain Management, Operations, and Strategy from Purdue University at West Lafayette, IN. Boiler Up!
Jing enjoys spending his free time with his wife, Lindsay, and 2 sons, Wade (2018) and Luke (2020) playing the piano and guitar, and binge watching basketball. He currently reside in Charlotte, NC.

WHY SHOULD YOU ATTEND A CEFPRO CONFERENCE?
HEAR FROM PAST ATTENDEES AND SPEAKERS…

PANEL DISCUSSIONS
Interactive panel discussions are designed to include attendees by running a live Q&A throughout the session

PRESENTATIONS
Hear industry experts provide detailed insights on a range of vendor risk issues, challenges and opportunities

NETWORKING BREAKS
Networking opportunities including breakfast, lunch and refreshment breaks on both days, access to all streams and sessions.

MEET THE SPEAKERS
Continue discussions beyond the auditorium and interact with speakers and attendees after their session.


CyberGRX is a data company that helps organizations manage third-party risk and reputation through cyber risk intelligence. CyberGRX’s revolutionary approach empowers enterprises to make rapid, data-informed decisions, reducing cyber risk across an entire vendor ecosystem. Due to the extensive depth and breadth of cyber risk data collected via the CyberGRX Exchange platform, the company is able to provide customers with both attested and predicted data in the form of actionable insights into the impact of evolving threats. For organizations operating as third parties, CyberGRX helps manage cybersecurity reputations in a collaborative, efficient, and business-enabling way.
CyberGRX first emerged as the market’s first global cyber risk exchange to help organizations work with their vendors to identify and reduce shared risk. As a two-sided Exchange, the company connects both the consumers of cyber risk data, primarily CISOs and their security teams, and the providers of cyber risk data, primarily the vendors themselves, via cyber risk assessments as well as other data feeds. The initial go-to-market approach was to populate the Exchange with as much data as possible before the company started charging participants for the value they received. Since then, CyberGRX has experienced significant growth scaling to over 225,000 companies on the Exchange.
S&P Global (NYSE: SPGI) provides essential intelligence. We enable governments, businesses and individuals with the right data, expertise and connected technology so that they can make decisions with conviction. From helping our customers assess new investments to guiding them through ESG and energy transition across supply chains, we unlock new opportunities, solve challenges and accelerate progress for the world. We are widely sought after by many of the world’s leading organizations to provide credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help the world’s leading organizations plan for tomorrow, today. For more information, visit www.spglobal.com.

Archer, an RSA company, is a leader in providing integrated risk management solutions that enable customers to improve strategic decision making and operational resiliency. As true pioneers in GRC software, Archer remains solely dedicated to helping customers understand risk holistically by engaging stakeholders, leveraging a modern platform that spans key domains of risk and supports analysis driven by both business and IT impacts. The Archer customer base represents one of the largest pure risk management communities globally, with over 1,500 deployments including more than 90 of the Fortune 100.
BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums. For more information, please visit www.bitsighttech.com or follow us on Twitter (@BitSight).
While traditional TPRM solutions automate workflow, Mirato automates the remaining manual work. Using natural language processing (NLP) and advanced artificial intelligence(AI), Mirato contextualizes the information in your TPRM evidence and data sources and completes your assessments for you, validating and documenting the controls in the process and automating the audit trail. It streamlines your entire operation’s data into one smart platform. The overall result is a significant reduction in money and time spent on the manual effort, workflow, and monitoring (cuts up to 60% of assessment costs). It also ensures improved accuracy, process integrity, and TPRM effectiveness. Mirato TPRM INTELLIGENCE allows you to assess new risks instantly and provide true continuous monitoring and true concentration risk. As Mirato is configured to your program, using your current platforms, data sources, and partners, it allows you to maximize the value of your existing technology, subscription, and service provider investments.
As society redefines risk and opportunity, OneTrust empowers tomorrow’s leaders to succeed through trust and impact with the Trust Intelligence Platform. The market-defining Trust Intelligence Platform from OneTrust connects privacy, GRC, ethics, and ESG teams, data, and processes, so all companies can collaborate seamlessly and put trust at the center of their operations and culture by unlocking their value and potential to thrive by doing what’s good for people and the planet.
SecurityScorecard is the global leader in cybersecurity ratings and the only service with millions of organizations continuously rated.
Our mission is to make the world a safer place by transforming the way organizations understand, improve, and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard’s patented rating technology is used by thousands of organizations for enterprise cyber risk management, third-party risk management, board reporting, cyber insurance underwriting, and regulatory oversight to meet compliance mandates; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their externally facing digital- footprint. SecurityScorecard is the only provider of instant risk ratings that automatically map to vendor cybersecurity questionnaires and the largest ecosystem of integrations, providing a true 360-degree view of risk. But we don’t stop there. Through a customer- centric, solution-based commitment to our partners, we are transforming the digital landscape building a path toward resilience.

Bradley is a national law firm with a reputation for skilled legal work, exceptional client service, and impeccable integrity. Our 10 offices are located in Alabama, Florida, Mississippi, North Carolina, Tennessee, Texas, and the District of Columbia, giving us an extensive geographic base to represent clients on a regional, national, and international basis. We frequently serve as national coordinating counsel, regional counsel, and statewide counsel for clients in various industries. Clients rely on Bradley for innovative legal services that reflect a deep understanding of their business objectives

MorganFranklin Consulting’s cybersecurity practice offers a hands-on approach that provides the right blend of experience and expertise to successfully deliver, execute, and manage your cybersecurity needs. We offer end-to-end cybersecurity services that provide a comprehensive approach to solving our clients’ most critical cybersecurity needs. From advisory and management consulting to managed services and project resourcing, we identify risks, develop and mature cybersecurity programs, and implement solutions that support and meet your organization’s business goals. Our team of professionals brings deep expertise in helping organizations design and implement cyber strategies across all cybersecurity domains
Prevalent takes the pain out of third-party risk management (TPRM).
Companies use our software and services to eliminate the security and compliance exposures that come from working with vendors, suppliers and other third parties. Our customers benefit from a flexible, hybrid approach to TPRM, where they not only gain solutions tailored to their needs, but also realize a rapid return on investment. Regardless of where they start, we help our customers.

CeFPro Connect aims to connect industry experts through thought leadership content and timely news, written for the industry, by the industry. Gain unlimited access to CeFPro’s unparalleled library of resources including iNFRont Magazine, market intelligence reports, filmed presentations, insights Q&A’s, and much more.
Sign up for free.
iNFRont Magazine is a unique publication providing regular insight on the operational and non-financial risk (NFR) sector. Featuring contributions provided by leading industry figures and experts from around the world, iNFRont Magazine touches on the most critical themes and challenges currently affecting financial professionals.
Available to download for free.


SHARE YOUR THOUGHT LEADERSHIP

SHARE YOUR EXPERTISE

GET YOUR BRAND SEEN

CONNECT WITH SENIOR LEADERS

CAN YOUR ORGANIZATION CONTRIBUTE?
Please contact the Center for Financial Professionals today to discuss how we can deliver your thought-leadership at the event, help you generate leads, and provide you with unique networking and branding opportunities. For more information on what we can offer, please contact chris.simou@cefpro.com or call us on +1 888 677 7007 ext. 207 where a member of the team will be happy to tailor the right package for you.

360 Madison Avenue | etc.venues
Madison Avenue
Midtown Manhattan
New York NY 10017
There is no accommodation available at the venue, however there are plenty of hotels available nearby. To view nearby accommodation based on recommendations by etc.venues, click here.

Yes, the Center for Financial Professionals are happy to discuss speaking opportunities at the Vendor & Third Party Risk USA Congress. For further information on this please contact alice.kelly@cefpro.com or call us on +1 888 677 7007.
Business attire is requested. The Congress is a formal opportunity to network with like-minded professionals and to gain knowledge from the industry’s finest risk management experts.
We offer incentives for ‘early bird’ registrants of the Congress, as outlined on our pricing structure. Registration includes breakfast, refreshment breaks, lunches, the cocktail reception at the end of the day, full access to the sessions and exhibition area. Presentations from the sessions are also available, subject to speaker approval.
All registered attendees will receive an email with access to documentation and speaker presentations after the Congress*. We will work with our presenters to include as many presentations as possible on our App during the Congress.
* Please note that our speakers often have to gain permission from their relevant compliance departments to release their presentations. On rare occasions compliance may not allow presentations to be distributed.
Yes. As with all of our events, the Center for Financial Professionals will be providing brilliant coffee, breakfast, lunch, refreshments, and smaller bites during the networking breaks.
There are ample opportunities for networking and interaction throughout the Congress, such as:
- Breakfast, lunch and refreshment breaks
- Cocktail reception at the end of the day (subject to confirmation)
- Q&A, panel discussions and audience participation technology
Yes there are plenty of opportunities for the Center for Financial Professionals to share thought-leadership to the attendees of Vendor & Third Party Risk USA Congress and our wider risk professionals community. At the event we can distribute your material to the attendees, offer you an exhibition booth, and provide speaking opportunities so that you may enjoy a more prominent presence at the Congress. Visit the Sponsor tab for further information or contact sales@cefpro.com / +1 888 677 7007
Yes. As part of a media partnership we can offer a variety of options to increase the branding and awareness of your association, company, certificate, publication or media. We are flexible with what we can offer however we usually:
- Provide a discounted rate to attend
- Place your logo and profile on the Congress website
- Place your logo on promotional content where applicable
- Distribute your media/marketing at the Congress
- Promote through social media channels
To discuss this further please contact Ellie.dowsett@cefpro.com or call +1 888 677 7007.
If you are unable to attend the Congress due to national/Covid restrictions, CeFPro would be more than happy to offer you a refund, credit note or the option to transfer the ticket to a colleague who is able to attend.
Yes, CPE Credits are available for the Vendor & Third Party Risk USA Congress.

Representing a financial institution or government body – (E.g. Bank, Insurance company, Asset Manager, Regulator)
LAUNCH
RATE
$599
Save $500
Before March 31
SUPER EARLY
BIRD RATE
$699
Save $400
Before April 28
EARLY BIRD
RATE
$899
Save $200
Before May 26
STANDARD
RATE
$1,099
After May 26
Representing an information/service provider (E.g. Consultant, Vendor, Executive Search Firm, Law Firm)
LAUNCH
RATE
$1,299
Save $800
Before March 31
SUPER EARLY
BIRD RATE
$1,499
Save $600
Before April 28
EARLY BIRD
RATE
$1,699
Save $400
Before May 26
STANDARD
RATE
$2,099
After May 26
PLEASE NOTE: To qualify for the preferential ‘early bird’ rates, registration must be received by the close of the ‘early bird’ working day, and payment can be made at the time of registering, or up to a week after registration is made an invoice sent. CeFPro reserves the right to increase rates should payment be delayed significantly. For Group Rates to be valid, the whole group must register at the same time, though names can be changed at any time up to the event at no additional cost. Should a delegate register at a rate that is inaccurate, CeFPro reserves the right to issue an additional invoice for the outstanding amount.

REGISTER BY EMAIL
CONTACT US DIRECTLY
DOWNLOAD PDF REGISTRATION FORM
Simply email us with your
Full name
Job title
Company & address
Contact number
Email: marketing@cefpro.com
Call us on +1 888 677 7007
Click here to complete the form and submit by email




