EPISODE · May 29, 2026 · 54 MIN
The Future of Third-Party Risk Management: AI, Resilience, Cyber Risk, and What Comes Next with Matthew Moog
from The Third Party Risk Institute Podcast · host Linda Tuck Chapman
Third-party risk management is changing fast. For years, many organizations have relied on questionnaires, point-in-time assessments, manual workflows, and fragmented ownership across procurement, cyber, compliance, resilience, privacy, model risk, and business teams. But with AI, cyber ratings, data ecosystems, shared assessments, trust centers, regulatory pressure, and operational resilience expectations becoming more important, the future of TPRM is moving beyond traditional vendor due diligence.In this episode of the Third Party Risk Institute Podcast, Linda Tuck Chapman speaks with Matthew Moog, Principal of Risk Managed Services at EY, about where third-party risk management is heading and what risk professionals need to understand now. Matt shares lessons from his career across EY, TrueSight, and OneTrust, including the challenges of standardizing assessments, building shared third-party risk utilities, using data before sending questionnaires, and rethinking how organizations assess, monitor, and respond to supplier risk.This conversation explores some of the biggest issues facing risk, procurement, cybersecurity, compliance, and operational resilience teams today, including: Why traditional third-party risk assessments are no longer enough How AI and automation may change vendor risk management workflows Why the future of TPRM depends on better data, not more questionnaires The role of cyber ratings, trust centers, attestations, certifications, and standardized data How organizations can reduce fragmented third-party risk processes Why operational resilience, fourth-party risk, and dependency mapping are becoming critical How DORA, regulatory expectations, and global financial services guidance are shaping TPRM Why human judgment still matters in an AI-enabled risk environment What risk professionals should focus on to build a stronger career in TPRM Matt also shares practical career advice for professionals entering or growing in third-party risk management, operational risk, cyber risk, vendor risk, and governance roles.This episode is essential listening for anyone working in third-party risk management, vendor risk management, supplier risk, operational resilience, cybersecurity risk, regulatory compliance, procurement, financial services risk, AI governance, fourth-party risk, or enterprise risk management.🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.📬 Have a question or topic you'd like us to cover? Email us at: [email protected]
What this episode covers
Third-party risk management is changing fast. For years, many organizations have relied on questionnaires, point-in-time assessments, manual workflows, and fragmented ownership across procurement, cyber, compliance, resilience, privacy, model risk, and business teams. But with AI, cyber ratings, data ecosystems, shared assessments, trust centers, regulatory pressure, and operational resilience expectations becoming more important, the future of TPRM is moving beyond traditional vendor due dil...
NOW PLAYING
The Future of Third-Party Risk Management: AI, Resilience, Cyber Risk, and What Comes Next with Matthew Moog
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m