Dan has over 25 years of experience in IT operational and risk management functions in both private industry and leading CPA firms. Dan leads the Information Risk Management Services practice at HA&W which serves leading national and international tech based businesses to provide services such as:
- Service Organization Controls including readiness and audits/attest reports: SOC 1 (SSAE 16), SOC 2.
- Cyber security risk assessments and guidance on risk management strategies and tactics.
- Security and privacy compliance risk management, e.g., PCI, GLBA, BSA/AML and other banking regulations, HIPAA/HITECH, and EU Safe Harbor, ISO 27001, NIST 800-53.
- Resiliency planning and assessment services including design and deployment of Business Continuity and Disaster Recovery Planning functions.
- Governance and CIO services such as enterprise IT risk management program definition and deployment, application and service provider due diligence, vendor management, business performance improvement, such as business process and workflow assessment and design, technology alignment, scorecard and performance evaluation systems
Dan is a member of the American Institute of Certified Public Accountants (AICPA), the Georgia Society of CPAs, the New Jersey Society of CPAs, the Information Systems Audit and Control Association (ISACA), the Institute of Internal Auditors (IIA), and the International Association Privacy Principles (IAPP) and the American Bar Association (ABA). Dan is the immediate past chairperson of the AICPA Information Technology Executive Committee and currently the chairperson of the AICPA Privacy Task Force. He received his MBA with honors from the University of Dayton, and a BA in Accounting from Morehead State University. Dan also serves on the Metro Atlanta Chamber of Commerce Transaction Processing Subcommittee, and the Steering Committee of FinTech Society of the Technology Association of Georgia (TAG).
Dan’s 12-year tenure with NCR Corporation included management roles in several operations and corporate positions, including Supply Chain Performance Evaluation and Benchmarking, and Supply/Demand Alignment. For six years Dan worked with a leading provider of mid-market ERP solutions, RF Data Collection applications, and EAI (i.e., intelligent middleware) where he assisted dozens of mid- and large-sized companies in their implementation of key enabling technologies.
Dan is a frequent speaker and author on IT risk management subjects including SOC/SAS 70, security, privacy, cloud computing.