Phil is a Principal in the CLA Specialized Advisory Services Group. Phil has over a decade of professional experience providing assurance, consulting, and advisory services. He has been the lead project manager for System and Organization Controls (SOC) engagements for various signed organizations and has an in depth understanding of the SOC reporting requirements. In addition to his work in the SOC world, Phil performs consulting and advisory services including information security reviews and risk assessments, which involves evaluating current security programs against industry standards and maturity models, providing mitigating and monitoring follow up action recommendations, and implementing risk management processes throughout organizations.
Technical experience:
- Lead project manager for SOC 1 and SOC 2 engagements. SOC 2 engagements have included all five Trust Service Principles as well as SOC 2+ engagements with additional criteria including the HIPAA Security Rule, New York State DFS Cybersecurity Regulation, and self-defined criteria. Industries for these SOC 1 and SOC 2 engagements have included healthcare technology, medical claims processors, data analytics, financial institutions, mortgage servicing, financial technology startups, state governments, and government agencies.
- Lead project manager for HITRUST Validated Assessment engagements and HITRSUT readiness assessment engagements including helping first year clients through to draft internal control wording and system descriptions. Experience working with a variety of clients from mature organizations to startups in order to align current controls with HITRUST requirements and report on gaps.
- Experience with IT audit engagements, which include risk based planning techniques, evaluating business process and IT general controls, and reporting to executive management. He has completed IT audit projects related to Enterprise Resource Planning (ERP) system conversions and system upgrades, business continuity and disaster recovery planning, vulnerability assessments, virtualization, logical access and security, system and application change management, physical access and environmental controls, backup and recovery processes, and policy/compliance reviews.
Professional involvement:
Phil has presented at regional and national conferences for organizations such as the Institute of Internal Auditors, Association of Government Accountants, ISACA’s Rocky Mountain Information Security Conference, and various others. Topics have included SOC Reporting, Cybersecurity, Risk Assessments, and Vendor Management. Additionally, He is a member of the Maryland Association of Certified Public Accountants, American Institute of Certified Public Accountants, and Information Systems Audit and Control Association.