Services
IT and IS internal and external auditing
What do you focus on?
I have a focus on internal and external auditing of information technology and information security practices and controls. My experience includes auditing and consulting for organizations across all lines of service, executing programs predicated upon ensuring that client computer controls are functioning.
Expertise in Control Regulations / Regulators and Frameworks
- Statement on Standards for Attestation Engagements (SSAE 18)
- Payment Card Industry Data Security Standard (PCI DSS)
- HITRUST Common Security Framework (CSF)
- Health Insurance Portability and Accountability Act (HIPAA)
- National Institute of Standards and Technology (NIST)
- Sarbanes-Oxley Act (SOX)
- Committee of Sponsoring Organizations (COSO)
- Gramm-Leach-Bliley Act (GLBA)
- Federal Financial Institutions Examination Council (FFIEC)
- New York State Department of Financial Services (NY DFS)
Publications
- Co-authored article for Bonadio Insights regarding the New York Data Security Act
Certifications
- Certified Common Security Framework Practitioner (CCSFP)
Affiliations
- Information Systems Audit and Control Association (ISACA)
- Health Information Trust Alliance (HITRUST)