Tom is a Principal in the Business Advisory Group within the IT Risk Assurance & Advisory practice. He has over 16 years of experience in internal and external audit, with over four in a managerial capacity with a concentrated focus in Information Security. Tom's primary focus is on system and organizational control attestation engagements.
As a seasoned risk and control expert, Tom has performed assurance and audit services end-to-end beyond just technology including business operations, compliance, and legal engagements. Tom has had a diverse client base throughout his career which includes emerging start-ups as well as larger investment firms and financial institutions that operate on a global scale. His client’s industries include technology, software, financial services, healthcare, insurance and higher education. Tom also has experience and is well versed in international standards ISO/IEC 27001/27002 for Information Security.
As a Certified Information Systems Auditor and Certified Information Systems Security Professional, Tom recognizes the challenges and pressures faced by clients trying to assess and implement controls to secure their technology environments and data. His experience and knowledge in cybersecurity and the technology space have helped clients overcome obstacles by adding value through viable recommendations and identifying opportunities for efficiency.
Tom is a graduate of Bentley University with a Bachelor of Science in Finance including a minor in Behavioral Science. He also holds several industry-leading certifications including the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and AWS Certified Cloud Practitioner (AWS-CCP).
Information Systems Audit and Control Association Member