Michal Drohomirecki, Author at Vendor & Third Party Risk Europe

Michal Drohomirecki

Head of Information and Cybersecurity Contract Support - Third Party Security Risk, Standard Chartered Bank

Standard Chartered Bank

Michal Drohomirecki is an information security and supply chain risk specialist with over 15 years of experience in vendor management and risk oversight, including more than 6 years focused specifically on cybersecurity risk.

He specializes in third-party risk assessments, supplier security audits, defining security requirements, and drafting contractual security clauses. Michal supports organizations in designing and strengthening third-party risk management (TPRM) processes, aligning them with evolving regulatory and industry frameworks.

4:20 pm - 4:55 pm

CONTRACT REMEDIATION UNDER REGULATORY PRESSURE: FROM GAP ANALYSIS TO EXECUTION

How firms are updating legacy contracts under regulatory pressure while balancing vendor resistance and operational continuity

Identifying gaps between legacy contracts and new regulatory requirements
Embedding audit rights, reporting obligations, and resilience clauses
Managing vendor pushback and negotiation constraints
Standardising remediation approaches across large contract portfolios
Balancing speed, compliance, and operational risk

3:30 pm - 4:05 pm

CONTRACT REMEDIATION

Updating legacy agreements under regulatory deadlines

Reviewing existing contracts to identify gaps against new regulatory requirements
Embedding mandatory clauses such as audit rights and breach notifications to align contracts with supervisory demands
Negotiating with vendors to manage resistance while addressing time pressures and constraints
Standardizing approaches across multiple agreements for consistent compliance

12:10 pm - 12:55 pm

CYBER RISK IN AN AI-DRIVEN ECOSYSTEM: EXPANDING ATTACK SURFACES ACROSS THIRD AND NTH PARTIES – PANEL DISCUSSION

How cloud, APIs, and AI are expanding cyber exposure across interconnected ecosystems and why traditional controls are no longer sufficient

How cloud connectivity, APIs, and AI workflows expand third- and Nth-party attack surfaces
The cyber and operational risks introduced by vendor AI adoption
The growing sophistication and professionalisation of threat actors
Failures driven by patching, updates, and configuration changes across third and fourth parties
Strengthening cyber resilience across interconnected vendor environments