System and Organization Controls reports (SOC) reports are critical for both organizations that service other organizations and those that are being provided a service. This session will explore why SOC reports are important and why you should either be getting one for your own organization, or requesting one from your vendors.
**1 CPE will be granted for attendance**
Upon registration, a Zoom link will be sent from seminar.lead@isacane.org to the email address used to register. Please check your Junk Folder if you do not see the registration confirmation.
Speakers:
Andrea Fernandez, Manager, and Scott Mahoney, Principal
Andrea Fernandez
Professional Experience
With over 7 years of professional experience, Andrea is a Manager within the System and Assurance Advisory Services practice.
Specializes in internal control assessments and consulting services relating to Sarbanes-Oxley Act (SOX) and service organization control (SOC) reporting.
Involved in the issuance of over 100 SOC reports, including a combination of SOC 1, SOC 2, and SOC 3 reports.
Credentials/Education
▪ Certified Information Systems Auditor (CISA)
▪ Certified Data Privacy Solutions Engineer (CDPSE)
▪ AICPA SOC for Cybersecurity Certificate
▪ AICPA Advanced SOC for Service Organizations Certificate
▪ Certified FullStack Web Development, Rutgers University
▪ BS, Accounting and Management Information Systems, Rutgers University
Memberships
▪ Information Systems Audit and Control Association (ISACA)
▪ American Institute of Certified Public Accountants (AICPA)
Scott Mahoney
Professional Experience
Selected by the AICPA to write and present the first ever Education Program for "Reporting on an Entities Cybersecurity Risk Management Program and Controls" to cybersecurity professionals obtaining SOC for Cybersecurity certification. This Program is the first of its kind, and as the author and presenter, Scott is one of the first in the U.S. to become certified.
With 20 years of experience, Scott is a Principal within Withum’s SOC Services practice.
Expertise lies within internal control assessments, risk assessments, SOC reporting (SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity), SOX 404 and internal audit cosourcing.
Credentials/Education
▪ Certified Information Systems Auditor (CISA)
▪ Certified Information Security Manager (CISM)
▪ Certified in Risk and Information Systems Control (CRISC)
▪ Certified Data Privacy Solutions Engineer (CDPSE)
▪ AICPA SOC for Cybersecurity Certificate
▪ AICPA Advanced SOC for Service Organizations Certificate
▪ Master of Business Administration, Bentley University
▪ BS, Accounting Information Systems, cum laude, Bentley University
Memberships
▪ Information Systems Audit and Control Association (ISACA)
▪ American Institute of Certified Public Accountants (AICPA)