Charlie Wood | PCI QSA, CISA, CRISC, CISM, CCSFP
Charlie is an Executive Vice President with FoxPointe Solutions Information Risk Management Division of The Bonadio Group.
- Data privacy
- Vulnerability identification and remediation
- Controls optimization and compliance
- Disaster recovery and business continuity
What do you focus on?
My years of experience in the information technology industry have included a focus on security hardening, data privacy, vulnerability identification and remediation, internal and external auditing, controls optimization and compliance, system administration, disaster recovery, and business continuity and impact analysis, as well as general project management.
IT Security / Systems Performance Assurance
Prior to joining FoxPointe/Bonadio, I worked with the Systems Performance Assurance group at a Big 4 firm, obtaining extensive enterprise risk management experience with respect to IT security reviews in support of critical business processes for clients in a variety of industries. I identified critical business processes and specific IT threats, and recommended controls to mitigate those threats to ensure that clients maintained stable and efficient computer/business environments. I have performed compliance reviews for a variety of complex organizations, including both public and privately held companies across all lines of service. I have reviewed, tested, and assisted with the implementation of large scale ERP solutions, including Oracle, SAP, and IBM mainframes and AS/400 products.
Expertise in Control Regulations / Regulators and Frameworks
- Statement on Standards for Attestation Engagements (SSAE 18)
- Payment Card Industry Data Security Standards (PCI DSS)
- Health Information Trust Alliance (HITRUST)
- Committee of Sponsoring Organizations (COSO)
- Control Objectives for Information Related Technologies (COBIT)
- Sarbanes-Oxley Act (SOX404)
- Health Insurance Portability and Accountability Act (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- ISO 27001/2
- Family Educational Rights and Privacy Act (FERPA)
- General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
- Federal Information Security Management Act (FISMA)
- Federal Financial Institutions Examination Council (FFIEC)
- Federal Deposit Insurance Corporation (FDIC)
- Office of the Comptroller of the Currency (OCC)
- State, Federal, and international data privacy and security laws
- Frequent contributor to bonadio.com and webcpa.com, among other websites
- Certified Information Services Auditor (CISA)
- PCI Qualified Security Assessor (PCI QSA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- HITRUST Certified Common Security Framework Practitioner (CCSFP)