Michael Kim

Director

Michael is a Managing Director in the Security & Privacy practice based out of the Los Angeles office. He has over 18 years of experience providing consulting and internal audit services to multi-national companies including some of the largest hospitality and gaming companies. His primary areas of focus include Privacy Program, Information Security, Financial Controls, Compliance and Regulatory Assessments, and Payment Card Industry – Data Security Standard (PCI DSS).

Major Projects

Managed NIST CSF maturity assessments for clients in various industries and size including benchmarking their maturity against industry peers, outlining a cybersecurity roadmap in order to improve their maturity across the NIST CSF domains, and prioritizing managements’ remediation efforts.
Led numerous PCI validation assessments, gap assessments, and PCI remediation projects for various sizes companies and environments.
Led numerous Privacy projects including two large gaming and hospitality companies including a current state CCPA compliance assessment along with developing a roadmap to compliance including major milestones. Assisted clients with remediation efforts including the development of a privacy program, operationalising their privacy rights processes, and implementation of OneTrust.
Lead assessor for an FTC Consent Order Independent Assessment for a large social media company. Assessed the company’s Privacy Program against the FTC consent order and validated the effectiveness of the program to ensure covered information is protected as required by the FTC consent order
Led the execution of numerous internal audit projects (e.g., application controls, change management, system development lifecycle, business continuity, project management, IT risk assessment, cybersecurity, etc.) for various financial institutions and public companies.

Areas of Expertise

Data Privacy
Cybersecurity
Payment Card Industry - Data Security Standard (PCI-DSS)
Technology Internal Audit

Industry Expertise

Hospitality & Gaming
Retail
Manufacturing
Technology
Healthcare

Education

BS/BA – Management Information Systems. The University of Arizona

Professional Memberships and Certifications

Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
PCI Qualified Security Assessor (PCI-QSA)
ISO 31000 Certified Internal Controls Risk Analyst
Member, Information Systems Audit and Control Association (ISACA)