I provide services to organizations that require assurance that their operations, suppliers, significant service outsourcers, partners, and third parties are compliant with contractual requirements and regulations.
I understand the importance of compliance and risk management, and my services are tailored to ensure that organizations adhere to regulatory requirements and best practices while mitigating risks and enhancing control. My services cover a broad range of areas, including due diligence, risk assessments, compliance requirements, cybersecurity, and audit readiness programs.
One of my key services is managing the ongoing due diligence of suppliers, significant service outsourcers, partners, and third parties. I help organizations to ensure that their suppliers are compliant with contractual requirements and regulatory requirements, including anti-corruption, intellectual property, privacy, sanctions, export controls, anti-trust, government contracting, software licenses, and data ethics requirements.
I also can facilitate and report control assessments to define and revamp operational procedures. By designing processes and tools for compliance requirements, including the new EBA guidelines on outsourcing arrangements, the FSB guidance on arrangements to support operational continuity in resolution, and the General Data Protection Regulation, I ensure that organizations have the necessary controls and procedures to mitigate risks and enhance control.
In addition, I provide internal control systems to comply with US regulations such as FCPA, SOX, and Dodd-Frank. I can work closely with organizations to assess their information security, cybersecurity, cloud services, and IT risks and controls against industry best practices and regulatory requirements, such as ISO 27001, 27002, 27017, 27701, 27031, 37301, 37001, NIST 800-53, NIST 800-30, ISF Standard of Good Practice, PCI DSS, COBIT, ITIL, SOC 1, and 2.
I also facilitate and test the alignment of tasks and controls with policies and obligations, while updating and creating new procedures and training. This ensures that organizations have a comprehensive understanding of their controls and obligations and are fully prepared for audits and compliance reviews.
I perform due diligence on potential and current third parties, including background checks, internal investigations, attestations, and certificates. This helps organizations identify and manage any risks associated with third parties, ensuring that they have the necessary controls in place to mitigate risks.
As part of my services, I also manage audit and control readiness programs to certify SOX controls, information security, privacy, software development, and data management activities. This ensures that organizations are prepared for audits and are compliant with regulatory requirements.