Andrew Retrum

Managing Director

Andrew Retrum is a Managing Director and business-oriented leader within Protiviti’s Technology Consulting Practice. He currently has dual leadership roles, for both the Global Financial Services Security Practice and the US Security Programme & Strategy Practice. Andrew’s professional aspiration is to lead their talented practice in delivering true value by helping our clients better understand, communicate, and manage the evolving Cyber Threat landscape.
Andrew has led Cyber Programme Offices for several large institutions as part of broader business transformation efforts. He is an advocate for the adoption of the quantitative and advanced IT Risk measures, currently on the Advisory Board of the FAIR Institute, fostering improved risk management practices across the security landscape. He is a thought leader on recent cybersecurity regulatory matters and acts as Protiviti’s primary liaison for associations across the financial sector on cyber and resilience matters.

Prior to joining Protiviti as a founding member in 2002, Andrew spent his career at a “Big 5” Public Accounting firm in the Technology Risk Consulting practice. Andrew is a graduate of University of Illinois in Urbana-Champaign with an undergrad degree in Management Information Systems.


Cybersecurity Transformation

  • Led a multi-year transformational effort to assist a global telecommunications company in advancing their security posture to meet the changing threat landscape.
  • Led a multi-year relationship with a large insurance company to support the security and information risk function as the enterprise went through a client first transformation. Areas of focus included Application Security, Identity Management, Cloud Security, Vendor Management, IT Risk Management, and GRC.
  • Led a “security reset” engagement at a global institution to establish agreed upon risk priorities, and future state operating model, and the formal roadmap to meet “reset” objectives.
  • Assisted client in prioritizing and planning key infrastructure and security activities for $300M merger programme.

Cybersecurity Advisory

  • Led an engagement to help a company prepare for New York Department of Financial Services (NY DFS) Cybersecurity Attestation, including specific efforts to complete an enterprise-wide risk assessment in line with requirement 500.09.
  • Oversaw General Data Protection Regulation (GDPR) readiness review and compliance roadmap for a global technology and communications organization.

Evolving Technologies

  • Led engagement to assist organization in technology review of Internet of Things (IoT) devices ranging from smart locks to connected showers to medical devices.
  • Leveraging and Agile, and other similar frameworks, to help both our clients and our engagement delivery clear value more efficiently and effectively.


  • IT Strategy Alignment
  • IT Portfolio, Project, & Programme Management
  • IT Privacy Risk Management
  • IT Security Risk Management


  • Financial Services
  • Healthcare
  • Professional Services


  • Security Programme & Strategy
  • Cybersecurity Transformation
  • Operational Resilience 
  • Information Technology Risk 
  • Evolving Technologies


  • B.S. Management Information Systems, University of Illinois in Urbana-Champaign
  • Executive M.B.A., The Wharton School (2023)
  • FAIR Institute, Advisory Board Member (2021)


  • Member, ISACA
  • Member, ISC2
  • Member, IAPP