The Third Party Risk Institute Podcast

Linda Tuck Chapman
  • 0.0 (0)
  • EDUCATION

Go beyond the headlines with The Third Party Risk Institute Podcast, the official podcast of Third Party Risk Institute. Each episode brings you into the room with top experts in third-party risk, cybersecurity, procurement, governance, and compliance. Hear how risk leaders tackle real-world challenges, share lessons learned, and stay ahead of evolving threats. We explore the strategies that work, the mistakes that teach, and the insights you won’t hear anywhere else. Perfect for risk professionals, procurement leaders, auditors, and decision-makers who want to lead with confidence. 🎧 Subscribe now, new episodes drop monthly on Spotify, Apple Podcasts, YouTube Music, and Amazon Music.

Episodes

  1. Why Most Risk Governance Systems Fail (And How to Fix Them) | GRC, Third-Party Risk & AI Risk

    MAR 12

    Why Most Risk Governance Systems Fail (And How to Fix Them) | GRC, Third-Party Risk & AI Risk

    In this episode of the Third Party Risk Institute Podcast, Linda Tuck Chapman speaks with Elina Moshkovich, an independent Governance, Risk, and Compliance (GRC) advisor based in Dubai, about one of the most overlooked areas of modern risk management risk governance systems. While many organizations invest heavily in risk frameworks, tools, and compliance programs, they often fail to address the governance structures that determine how decisions are made and how risks are escalated. Drawing on experience as a Chief Risk Officer and GRC advisor, Elina shares practical insights into how companies can design governance systems that actually work. In this conversation, we explore: • Why risk governance frameworks often fail inside organizations  • The connection between operational risk, third-party risk, and organizational strategy  • How governance gaps can create major risk exposures  • A real-world example of a vendor failure that could have been prevented with better governance  • Why risk culture and escalation practices are critical for protecting organizations  • The growing importance of third-party risk management in an interconnected economy  • The difference between principles-based regulations and prescriptive regulations like DORA  • How companies should start thinking about AI governance and acceptable AI use policies  • Skills and career advice for professionals entering risk management, compliance, and GRC roles This episode is particularly valuable for professionals working in: Risk ManagementGovernance, Risk & Compliance (GRC)Third-Party Risk Management (TPRM)Operational RiskCybersecurity RiskRegulatory ComplianceAs organizations become more dependent on external vendors, digital systems, and AI tools, effective governance is becoming the foundation of resilient risk management programs. 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover? Email us at: info@thirdpartyriskinstitute.com

    57 min
  2. DORA in 2026: What Changed in 2025 and What Third-Party Risk Teams Must Do Now

    FEB 2

    DORA in 2026: What Changed in 2025 and What Third-Party Risk Teams Must Do Now

    DORA is now in force, and the first full year of implementation (2025) revealed what’s working and where firms are still struggling. In this episode, Third Party Risk Institute breaks down the current state of DORA in 2026 with global takeaways for third-party risk, ICT risk management, incident reporting, resilience testing, and oversight of critical technology providers. We cover what organizations across financial services, tech, healthcare, and consulting did in 2025 to meet expectations, what best practices are emerging, and how risk professionals are adapting through stronger governance, better vendor visibility, contract upgrades, and more realistic testing programs. If you work in TPRM / vendor risk, operational resilience, cyber risk, procurement, compliance, or audit, this is a practical, high-level briefing you can apply immediately. Topics include: DORA pillars explained: ICT risk, incident reporting, testing, third-party risk, info sharingWhat “good” looks like in 2026 (and what still breaks under pressure)Critical vendor oversight and subcontractor / fourth-party visibilityCommon implementation gaps and how teams are closing themTools, operating models, and skills risk professionals are leaning onIf you are in DORA or are responsible for DORA, you can now get Certified via Certified DORA Practitioner (CDP) live stream training from Third Party Risk Institute. More details here: https://thirdpartyriskinstitute.com/dora/ 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover? Email us at: info@thirdpartyriskinstitute.com

    16 min
  3. Why One Vendor Can Shut Down Your Entire Business | A must know in 2026

    JAN 7

    Why One Vendor Can Shut Down Your Entire Business | A must know in 2026

    2025 reshaped how organizations view third-party cyber risk. In this deep-dive episode, we analyze the real incidents that caused operational shutdowns across healthcare, aviation, manufacturing, and financial services. You’ll hear how: The Change Healthcare ransomware attack exposed up to 190 million records and triggered a multi-billion-dollar disruptionJaguar Land Rover suffered a six-week global production halt due to a vendor cyber incidentAirlines faced airport gridlock after a single IT supplier failureCloud misconfigurations leaked millions of healthcare recordsStolen credentials and MFA bypass techniques accelerated account takeoversCLOP ransomware exploited zero-day vulnerabilities in file transfer and ERP systemsRegulators enforced DORA and NIS2 accountability for vendor riskAI-driven cyber attacks are emerging as the next threat waveThis episode connects cyber risk directly to business continuity, operational resilience, regulatory compliance, and vendor governance, critical insights for risk leaders, CISOs, compliance teams, procurement professionals, and third-party risk practitioners. 🎧 Listen to understand why vendor ecosystems now represent the single largest source of enterprise risk and what organizations must prioritize going into 2026. 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover? Email us at: info@thirdpartyriskinstitute.com

    15 min
  4. DORA 2026: Exposing Critical Gaps in Financial Third-Party Risk Management (TPRM)

    12/17/2025

    DORA 2026: Exposing Critical Gaps in Financial Third-Party Risk Management (TPRM)

    In this in-depth episode of The Third Party Risk Institute Podcast, we take a hard look at how the Digital Operational Resilience Act (DORA) is fundamentally changing expectations for third-party risk, cybersecurity, procurement, compliance, and governance teams. Rather than treating DORA as another regulatory checkbox, this episode focuses on what DORA will expose inside most third-party risk management programs including gaps that many organizations are not yet prepared to defend during regulatory inspections. This conversation goes beyond regulatory summaries. We break down the organizational, operational, and technical impact of DORA, and explain why many existing TPRM programs will struggle to meet the “prove it” resilience standard regulators are now enforcing. Together, we unpack: • Why DORA is not just an ICT regulation, but a resilience mandate • How third-party risk programs are being stress-tested for the first time • Where vendor oversight, incident response, and exit strategies fall short • Why policies alone will no longer satisfy regulators • How real third-party failures explain why DORA exists We also examine real-world third-party incidents and outages to show how concentration risk, fourth-party exposure, and untested recovery assumptions can quickly become systemic failures. What We Cover in This Episode • What DORA will expose in most third-party risk management programs • Why operational resilience is replacing checkbox compliance • How DORA reshapes expectations for vendor oversight and governance • The most common gaps in third-party risk, incident response, and resilience testing • Why dependency mapping and critical service identification are failing points • How vendor concentration and fourth-party risk are coming under scrutiny • What regulators expect organizations to prove, not just document • Why exit strategies and substitutability matter more than ever • Lessons from real-world third-party outages and cyber incidents • How organizations should prepare for DORA inspections and audits This Episode Is Essential For: • Chief Risk Officers (CROs) and Operational Resilience Leaders • Third-Party Risk and Vendor Risk Management Professionals • Cybersecurity and ICT Risk Teams • Procurement and Strategic Sourcing Leaders • Compliance and Governance Professionals • Executives accountable for regulatory readiness and resilience If your intrested in learning about DORA and getting certified check out our upcoming live class: https://thirdpartyriskinstitute.com/dora/ 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover?  Email us at: info@thirdpartyriskinstitute.com

    16 min
  5. From Algorithms to Enterprise Risk: How AI Is Reshaping Procurement & Third-Party Oversight

    11/27/2025

    From Algorithms to Enterprise Risk: How AI Is Reshaping Procurement & Third-Party Oversight

    In this landmark episode of The Third Party Risk Institute Podcast – The Executive Edge, we sit down with Nathan Spielberg, Co-Founder and Chief Technology Officer of Tamarin AI, for an in-depth and highly practical conversation on how artificial intelligence is truly built, trained, and deployed in enterprise procurement and third-party risk environments. With a PhD from Stanford University, a Master’s in Mechanical Engineering and Machine Learning, and an undergraduate degree from MIT, Nathan brings rare technical depth combined with real-world enterprise application experience. His work spans machine learning, autonomous systems, reinforcement learning, and AI-driven procurement intelligence. This episode goes far beyond surface-level AI discussions. Together, we unpack: How AI models are actually builtWhy data quality determines everythingHow algorithms, training, and evaluation really workWhere the biggest hidden enterprise risks liveWhy “AI inside your organization” does NOT automatically mean it is secureWe also explore how AI is reshaping procurement decision-making, where organizations are unknowingly exposed through fourth-party AI model dependencies, and why explainability and continuous validation are becoming regulatory and board-level concerns. What We Cover in This Episode • How AI models, algorithms, and data interact inside enterprise systems • The real difference between supervised, unsupervised, and reinforcement learning • Why most organizations underestimate AI risk inside their procurement and vendor platforms • How training, fine-tuning, retrieval, and model evaluation actually work • Why “garbage in, garbage out” is the single biggest AI failure point • The hidden fourth-party risk created by outsourced AI models • Why explainability remains one of the hardest unresolved challenges in AI • How organizations should think about continuous AI testing and performance drift • The growing importance of AI bills of materials and model transparency • Key public AI risk intelligence sources every risk leader should monitor This Episode Is Essential For: • Chief Risk Officers (CROs) and Chief Information Officers (CIOs) • Chief Procurement Officers and Strategic Sourcing Leaders • Third-Party Risk and Vendor Risk Management Professionals • Cybersecurity, Data Governance, and Model Risk Teams • Compliance Leaders preparing for AI regulatory expectations • Executives evaluating AI-enabled procurement and vendor platforms 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover? Email us at: info@thirdpartyriskinstitute.com

    55 min
  • 5 Episodes

About

Go beyond the headlines with The Third Party Risk Institute Podcast, the official podcast of Third Party Risk Institute. Each episode brings you into the room with top experts in third-party risk, cybersecurity, procurement, governance, and compliance. Hear how risk leaders tackle real-world challenges, share lessons learned, and stay ahead of evolving threats. We explore the strategies that work, the mistakes that teach, and the insights you won’t hear anywhere else. Perfect for risk professionals, procurement leaders, auditors, and decision-makers who want to lead with confidence. 🎧 Subscribe now, new episodes drop monthly on Spotify, Apple Podcasts, YouTube Music, and Amazon Music.

Information