Webinar

< Back to all webinars

The 2026 TPRM Playbook: Mastering SEC Disclosure & Third-Party Transparency

May 20 / IT GRC Forum
As the SEC’s Division of Examinations places vendor oversight at the center of its 2026 priorities, public companies and financial institutions are entering a period where a vendor’s cybersecurity failure becomes a direct legal, financial, and reputational exposure.

This webinar offers a practical roadmap for navigating the evolving SEC disclosure landscape and understanding how new rules reshape incident response, governance, and third‑party accountability. We move beyond the abstract notion of the four‑day reporting window and focus on the operational realities of Item 1.05 of Form 8‑K, including automation, cross‑functional coordination, and the heightened expectations regulators now apply to vendor‑originated incidents.

The session also examines the expanded obligations under the Amended Regulation S‑P, which becomes enforceable for smaller firms in June 2026 and introduces mandatory customer notification timelines and renewed pressure to re‑paper vendor contracts. Attendees will gain clarity on evaluating emerging “Agentic AI” risks within the supply chain, closing visibility gaps across N‑th parties, and producing audit‑ready documentation that demonstrates active Board oversight as required under Item 106 of Regulation S‑K. Finally, we address how organizations can use TPRM to meet overlapping state and global requirements, including California’s SB 253 and the EU’s CSRD.
Industry Leaders

About Our Experts

Colin Whittaker

Founder & Director at Informed Risk Decisions Ltd
Colin is a leading payments security expert with extensive experience shaping global risk strategy. A former PCI SSC Board of Advisors member, he drove major security and compliance initiatives at APACS and Visa Europe. Now an independent consultant, he advises diverse organizations and frequently speaks and publishes on cybersecurity and information risk.

Brian Shaw

VP, Head of North America, Certa
Brian has automated risk and compliance for over 25 years, supporting hundreds of Fortune 500 and mid-market firms across all industries. Since 2011, Brian has focused on Third-Party Risk, Compliance and Performance Management, Master Data Management and Know your Customer (KYC) At Certa, Brian serves as Vice President, Head of North America.

Shane Hasert

Director of Threat Research and Cyber Security Standards at ProcessUnity
Shane is the Director of Threat Research and Cyber Security Standards at ProcessUnity, brings 35 years of cybersecurity experience, including 18 years in third-party risk management. An Air Force veteran, he has led security programs across multiple industries and holds numerous certifications, including CISSP, CISA, CRISC, CDPSE, CTPRA, and CTPRP.

Elizabeth Dunsmoor

TPRM Principal
Elizabeth brings 15 years of practitioner experience designing holistic programs across cybersecurity, financial services, manufacturing, and healthcare. She excels at translating strategy into measurable plans, guiding cross‑functional risk initiatives, and training business leaders on program requirements, third‑party capabilities, and performance expectations.

Vrushali Lakhpati

Head of the Global Third Party Program at AmTrust Financial Services
Vrushali is a risk transformation leader with 15+ years of experience in the financial services industry. She drives strategic initiatives to enhance TPRM practices, ensuring alignment with business goals, regulatory standards and evolving risks associated with artificial intelligence (AI), cyber threats, information security, and operational risk. Previously, she spent 9 years at the big 4 consulting firms specializing in implementing TPRM frameworks, cybersecurity solutions, governance risk and compliance, and data privacy initiatives.