Bridging compliance and innovation through AI governance and IT risk expertise.

• Twitter
• GitHub
• LinkedIn
• Email

• About
• Case Studies
• Services
• Credentials
• Contact

A regional utility firm

We supported a regional utility provider in designing and implementing baseline cybersecurity controls for patching automation and access management. Using the NIST Cybersecurity Framework and ISO 27001 as guidance, we developed scalable processes to improve visibility, consistency, and accountability across IT and operational technology environments. The project established a sustainable control baseline, streamlined remediation tracking, and positioned the client to maintain ongoing compliance through automated monitoring and clear ownership structures.

A nationwide life insurance company

We addressed systemic gaps in data loss prevention, logging, monitoring, and audit readiness. Drawing on experience leading ITGC, SOC 2, and cybersecurity control programs across regulated industries, we conducted a full control assessment and aligned remediation to NIST CSF and NAIC model requirements. We built a prioritized roadmap, clarified control ownership, and established repeatable evidence collection processes that improved coordination between cybersecurity, audit, and risk teams. The result was measurable reduction in control exceptions and faster audit cycles with clear regulatory alignment.

A regional health insurance company

A regional health insurance company- The initiative integrates AI risk assessment, policy design, and control implementation across multiple business units. Responsibilities include designing the governance framework, establishing intake and oversight processes, and aligning AI activities with regulatory expectations from NIST, NAIC, and internal enterprise risk standards. The program provides a scalable foundation for transparent, compliant AI adoption within a highly regulated environment.

AI Governance and Risk Management

We help organizations design practical frameworks for managing AI responsibly. Services include AI risk assessments, policy development, and alignment with NIST AI RMF and NAIC model guidance. Our goal is to build trust and transparency into AI adoption without slowing innovation.

IT Compliance and Control Testing

We evaluate and strengthen IT controls across access, change management, and operations. From SOC 2 and SOX readiness to ongoing ITGC testing, we ensure controls are designed effectively and supported by clear evidence and ownership structures.

Audit Readiness and Remediation

We guide businesses through audit preparation and issue remediation. This includes assessing control gaps, designing corrective action plans, and streamlining evidence collection to meet regulator, auditor, and stakeholder expectations. The result is a smoother, faster audit process with fewer surprises.

"I worked directly with Michael for more than a year on one of his contracts. He did a great job quickly understanding the complexities of the company and the issues he was brought in to address. Michael has a great understanding of IT Audits and IT compliance having worked for a leading consulting firm in the past. His expertise in this area proved to be useful more than once. He also does an awesome job at creating dashboards and reports for technical and executive levels. Michael is a quick learner, creative, and isn't afraid to try new things or put in long hours when necessary. His experience in PowerBi and his general Excel wizardry would be a great addition to any team."- Lead Cyber Security Engineer

"I worked with Michael on IT Compliance work. He was incredibly knowledgeable in my teams asks and was quick to provide us the materials we needed. He used his wide range of knowledge to direct his colleagues to the information we were requesting and walked us through exactly what we were looking for. He has a wide range of knowledge on a variety of subjects and was extremely helpful. He offered his support throughout the duration of our working relationship and our team greatly appreciated it!"- Senior Manager, EY