Michael Kim


Michael is a Managing Director in the Security & Privacy practice based out of the Los Angeles office. He has over 18 years of experience providing consulting and internal audit services to multi-national companies including some of the largest hospitality and gaming companies. His primary areas of focus include Privacy Program, Information Security, Financial Controls, Compliance and Regulatory Assessments, and Payment Card Industry – Data Security Standard (PCI DSS).

Major Projects

  • Managed NIST CSF maturity assessments for clients in various industries and size including benchmarking their maturity against industry peers, outlining a cybersecurity roadmap in order to improve their maturity across the NIST CSF domains, and prioritizing managements’ remediation efforts.
  • Led numerous PCI validation assessments, gap assessments, and PCI remediation projects for various sizes companies and environments.
  • Led numerous Privacy projects including two large gaming and hospitality companies including a current state CCPA compliance assessment along with developing a roadmap to compliance including major milestones. Assisted clients with remediation efforts including the development of a privacy program, operationalizing their privacy rights processes, and implementation of OneTrust.
  • Lead assessor for an FTC Consent Order Independent Assessment for a large social media company. Assessed the company’s Privacy Program against the FTC consent order and validated the effectiveness of the program to ensure covered information is protected as required by the FTC consent order
  • Led the execution of numerous internal audit projects (e.g., application controls, change management, system development lifecycle, business continuity, project management, IT risk assessment, cybersecurity, etc.) for various financial institutions and public companies.

Areas of Expertise

  • Data Privacy
  • Cybersecurity
  • Payment Card Industry - Data Security Standard (PCI-DSS)
  • Technology Internal Audit 

Industry Expertise

  • Hospitality & Gaming
  • Retail
  • Manufacturing
  • Technology
  • Healthcare 


  • BS/BA – Management Information Systems. The University of Arizona 

Professional Memberships and Certifications

  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • PCI Qualified Security Assessor (PCI-QSA)
  • ISO 31000 Certified Internal Controls Risk Analyst
  • Member, Information Systems Audit and Control Association (ISACA)