David Nowacki


David is a Director with the CLA Cybersecurity group, with over 20 years of combined experience in cybersecurity, IT controls, enterprise risk management, internal audit and management consulting. He is a strategic thinker and problem solver who has helped financial institutions, manufacturers, government entities, higher education, and various other private businesses in setting strategies, reviewing and assessing: operations, governance and enterprise risk management practices, project and program management practices, cybersecurity programs and identifying process improvement opportunities. 

Technical Experience

  • Enterprise Risk Management
  • Process Improvement
  • Strategic Planning
  • Organizational Transformation
  • Cybersecurity Program Development
  • Department of Defense (DFARs)
  • Cybersecurity Compliance (CMMC)
  • NIST Cybersecurity Framework
  • NIST SP800-171
  • CIS Controls
  • GLBA and FFIEC Cybersecurity Frameworks
  • IT General Controls
  • IT Audit and Information Security
  • SOC-1 and SOC-2
  • Internal Audit
  • Governmental Auditing


  • Bachelor of science in information systems from the University of Montana.
  • Certified Information Security Auditor (CISA)
  • Certified Internal Auditor (CIA)

In the community

  • Information Systems Audit and Control Association
  • The Institute of Internal Auditors