Phillip has over a decade of professional experience providing assurance, consulting, and advisory services. He has been the lead project manager for System and Organization Controls (SOC) engagements for various signed organizations, and has an in depth understanding of the SOC reporting requirements. He has helped clients work through the standard changes from SAS70 to SSAE16 and now SSAE18.
In addition to his work in the SOC world, Phil performs consulting and advisory services including information security reviews and risk assessments, which involves evaluating current security programs against industry standards and maturity models, providing mitigating and monitoring follow up action recommendations, and implementing risk management processes throughout organizations.
- Lead project manager for SOC 1 and SOC 2 engagements. SOC 2 engagements have included all five Trust Service Principles as well as SOC 2 engagements with additional criteria including the HIPAA Security Rule, New York State DFS Cybersecurity Regulation, and self-defined criteria. Industries for these SOC 1 and SOC 2 engagements have included healthcare technology, medical claims processors, data analytics, financial institutions, mortgage servicing, financial technology startups, state governments, and government agencies.
- SOC readiness assessment engagements including helping first year SOC 1 and SOC 2 clients through to draft internal control wording and system descriptions. Experience working with a variety of clients from mature organizations to startups in order to align current controls with SOC 2 criteria and report on gaps, as well as developing and identifying key controls in business processes to be included in SOC 1 reports.
- Experience with IT audit engagements, which include risk based planning techniques, evaluating business process and IT general controls, and reporting to executive management. He has completed IT audit projects related to Enterprise Resource Planning (ERP) system conversions and system upgrades, business continuity and disaster recovery planning, vulnerability assessments, virtualization, logical access and security, system and application change management, physical access and environmental controls, backup and recovery processes, and policy/compliance reviews.
- Loyola University Maryland, Sellinger School of Business, Bachelor of Business Administration Degree in Accounting, Minor in Information Systems (SAS Business Intelligence Certificate)
- Loyola University Maryland, Selliger School of Business, Graduate Accounting Certificate Program
In the community
Professional involvement/speaking engagements
- Certified Public Accountant
- Certified Information Systems Auditor (CISA)
- Maryland Association of Certified Public Accountants
- American Institute of Certified Public Accountants
- Information Systems Audit and Control Association
- Phil has presented at regional and national conferences for organizations such as the Institute of Internal Auditors, Association of Government Accountants, ISACA's Rocky Mountain Information Security Conference, and various others. Topics have included SOC Reporting, Cybersecurity, Risk Assessments, and Vendor Management.
Resources and events
Webinar 1/26/2022FEI Baltimore Chapter - Cybersecurity Risk Landscape
Webinar 10/13/20212021 Texas Nonprofit and Governmental Virtual Conference
Media coverage 7/21/2021YOUR MONEY: SOC 2 or HITRUST - assessing your organization’s data security risk
Article 6/8/2021SOC 2 or HITRUST — Assessing Your Organization’s Data Security Risk
Webinar 3/24/2021PIM Smart Cafe: How to Gain Clients' Trust in Managing Their Data