In this episode of the Third Party Risk Institute Podcast, Linda Tuck Chapman speaks with Elina Moshkovich, an independent Governance, Risk, and Compliance (GRC) advisor based in Dubai, about one of the most overlooked areas of modern risk management risk governance systems.

While many organizations invest heavily in risk frameworks, tools, and compliance programs, they often fail to address the governance structures that determine how decisions are made and how risks are escalated.

Drawing on experience as a Chief Risk Officer and GRC advisor, Elina shares practical insights into how companies can design governance systems that actually work.

In this conversation, we explore:

• Why risk governance frameworks often fail inside organizations
• The connection between operational risk, third-party risk, and organizational strategy
• How governance gaps can create major risk exposures
• A real-world example of a vendor failure that could have been prevented with better governance
• Why risk culture and escalation practices are critical for protecting organizations
• The growing importance of third-party risk management in an interconnected economy
• The difference between principles-based regulations and prescriptive regulations like DORA
• How companies should start thinking about AI governance and acceptable AI use policies
• Skills and career advice for professionals entering risk management, compliance, and GRC roles

This episode is particularly valuable for professionals working in:

• Risk Management
• Governance, Risk & Compliance (GRC)
• Third-Party Risk Management (TPRM)
• Operational Risk
• Cybersecurity Risk
• Regulatory Compliance

As organizations become more dependent on external vendors, digital systems, and AI tools, effective governance is becoming the foundation of resilient risk management programs.

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

DORA is now in force, and the first full year of implementation (2025) revealed what’s working and where firms are still struggling. In this episode, Third Party Risk Institute breaks down the current state of DORA in 2026 with global takeaways for third-party risk, ICT risk management, incident reporting, resilience testing, and oversight of critical technology providers.

We cover what organizations across financial services, tech, healthcare, and consulting did in 2025 to meet expectations, what best practices are emerging, and how risk professionals are adapting through stronger governance, better vendor visibility, contract upgrades, and more realistic testing programs.

If you work in TPRM / vendor risk, operational resilience, cyber risk, procurement, compliance, or audit, this is a practical, high-level briefing you can apply immediately.

Topics include:

• DORA pillars explained: ICT risk, incident reporting, testing, third-party risk, info sharing
• What “good” looks like in 2026 (and what still breaks under pressure)
• Critical vendor oversight and subcontractor / fourth-party visibility
• Common implementation gaps and how teams are closing them
• Tools, operating models, and skills risk professionals are leaning on

If you are in DORA or are responsible for DORA, you can now get Certified via Certified DORA Practitioner (CDP) live stream training from Third Party Risk Institute. More details here: https://thirdpartyriskinstitute.com/dora/

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

2025 reshaped how organizations view third-party cyber risk. In this deep-dive episode, we analyze the real incidents that caused operational shutdowns across healthcare, aviation, manufacturing, and financial services.

You’ll hear how:

• The Change Healthcare ransomware attack exposed up to 190 million records and triggered a multi-billion-dollar disruption
• Jaguar Land Rover suffered a six-week global production halt due to a vendor cyber incident
• Airlines faced airport gridlock after a single IT supplier failure
• Cloud misconfigurations leaked millions of healthcare records
• Stolen credentials and MFA bypass techniques accelerated account takeovers
• CLOP ransomware exploited zero-day vulnerabilities in file transfer and ERP systems
• Regulators enforced DORA and NIS2 accountability for vendor risk
• AI-driven cyber attacks are emerging as the next threat wave

This episode connects cyber risk directly to business continuity, operational resilience, regulatory compliance, and vendor governance, critical insights for risk leaders, CISOs, compliance teams, procurement professionals, and third-party risk practitioners.

🎧 Listen to understand why vendor ecosystems now represent the single largest source of enterprise risk and what organizations must prioritize going into 2026.

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com