Jeffrey Sanchez

Managing Director

Jeff is a Managing Director with nearly 30 years of experience in the data security and privacy risk fields. Working in the retail, healthcare, hospitality, and technology industries, he assists global clients with designing, implementing, and managing compliance to security and privacy regulations and standards.

He leads Protiviti’s Data Security and Privacy practice which includes all data focused security offerings including PCI, HIPAA/HITRUST, GDPR, and Vendor Security Assessments. Jeff has been a PCI PA-QSA and previously VISA QDSP since the initiation of each applicable program as well as being a HITRUST certified assessor. He has participated in technical consulting and audit projects primarily in the Healthcare, Retail, and Consumer Products industries and has conducted numerous technical training courses on Network Security, Privacy, PCI Compliance and Privacy. For the last 10 years, he has concentrated on information security and privacy consulting and remediation.


  • Assisted many large companies with achieving compliance to the Payment Card Industry Data Security Standard. As a global leader in Protiviti’s PCI practice, worked with a wide variety of companies around the world. Assisted in designing and implementing full production security architecture and infrastructure including DMZs, logging, encryption, and intrusion detection. Focus of many projects has been on implementation of strategies to reduce the scope and efforts of current and future compliance efforts.
  • As the product leader for Privacy services in the west, he has directed many projects to assess compliance with privacy regulations and best practices. The projects included developing security standards for all company-held customer information; assisting clients to align security and privacy functions to more optimally address customer and employee privacy concerns; working with companies to improve privacy programs, policies and activities to reduce the risk of breaching customer privacy commitments; and leading security risk assessments (NIST 800-30), compliance consulting projects, and audits at many large companies.
  • Performed an information security risk assessment for one of the world’s largest card brands. Focused on organizational structure, security governance and the process for selecting and evaluating security tools.


  • Bachelors of Science – Electrical Engineering
  • Masters of Business Administration

Professional Memberships and Certification

  • Certified Information Systems Auditor (CISA)
  • Certified Internal Auditor (CIA)
  • Qualified Security Assessor with Payment Applications (PA-QSA)
  • Certified Information Security Manager (CISM)
  • Certified Information Privacy Professional/US (CIPP/US)
  • Project Management Professional (PMP)
  • HITRUST CSF Assessor