Dan is a Managing Director in Protiviti's IT Consulting Practice and leads the Security & Privacy practice in the San Francisco Bay Area. He has over 16 years of IT process and risk management experience and has led numerous IT engagements, focusing on information security, outsourced and co-sourced internal audit support, Payment Card Industry (PCI) assessments, disaster recovery and business continuity services and SSAE16/SOC readiness assessments.
- Managed the IT compliance, audit, and risk activities at a multi-billion dollar pharmaceutical retailer. This multi-year engagement included the following activities:
- SOX IT: Project focused on ensuring the proper functioning of key general and application level controls as applied to the client's financial applications.
- Payment Card Industry Data Security Standard (PCI DSS): Effort included quarterly scans, annual penetration tests, the required annual review, and remediation activities.
- IT Internal Audit: Audits focused on information security, HIPAA, laptop data protection and encryption, privacy, segregation of duties and application development.
- Business Continuity/Disaster Recovery: Led the development of the BC/DR program and oversaw yearly maintenance actives on a year-to-year basis.
- Executed a detailed Risk Assessment and Business Impact Analysis for a multi-billion dollar software developer highlighting potential threats to the organization and key recoverable business processes. Further developed a BC plan framework including Crisis Management and Crisis Communication elements
- Led an extensive business continuity / disaster recovery review for a multi-billion dollar networking provider
- Led the disaster recovery plan implementation for a multi-billion dollar staffing service. Performed a detailed BIA then executed an extensive selection process to identify an appropriate recovery approach and architecture. Subsequently, oversaw the implementation of the selected solution
- Established the disaster recovery program for a billion dollar plus consumer products company. As part of the effort executed a Risk Assessment / Business Impact Analysis, assisted in identifying viable recovery strategies, and integrated the final strategy approach into a detailed Disaster Recovery plan
- Managed the outsourced IT Audit and SOX IT efforts at a multi-billion dollar natural foods distributor and retailer. In addition to executing an annual IT Risk Assessment, audit efforts focused on change control, Asset Lifecycle Management (ALM), Payment Card Industry (PCI), business continuity and disaster recovery, Data Loss Prevention, privacy and information security and data warehouse analytics.
- Currently helping clients in multiple industries align with the PCI Data Security Standard, HIPAA Security rule, NIST 800-53, NIST CSF and Sarbanes-Oxley.
AREAS OF EXPERTISE
- Security & Privacy
- Business Continuity
- Information System Audit Services
PROFESSIONAL MEMBERSHIPS AND CERTIFICATIONS
- B.S. – Management Information Systems, Brigham Young University