- Kevin started with Cadence in 2008, and leads the PCI (Payment Card Industry) compliance and SOC (Service Organization Control) Reporting (formally SAS 70) practices.
- As the primary PCI QSA (Qualified Security Assessor) for the company, Kevin is responsible for serving as Cadence's liaison to the PCI Security Standards Council, and oversees the operations of the PCI compliance clients, including QSA administration, PCI advisory services, PCI compliance audits, and PCI quality assurance.
- As the SOC Reporting lead, Kevin is responsible for leading the charge in the transition from the previous SAS 70 standards, and educating clients on the new framework. Kevin has provided multiple clients with SAS 70 attestations and advisory services, including many first-time issuers. During these engagements, he was able to develop, review, and assess the company’s internal control environment, resulting in audit reports that met the needs of customers and their auditors.
- Prior to joining Cadence, Kevin worked with Ernst & Young for over six years, primarily in their Risk Advisory Services practice. Kevin worked in the Houston (TX), and San Antonio (TX) offices, where he specialized in the delivery of Information Technology Risk Assurance and Advisory services including IT Security, ERP Integrity and Third-Party Reporting (SAS 70). While with Ernst & Young, he was involved in helping multiple Fortune 500 clients with Sarbanes-Oxley preparation, as well as external audit and Sarbanes-Oxley attestation engagements.
- Kevin is a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), a PCI Qualified Security Assessor (QSA), and is a member of ISC2 and ISACA.
- Project lead for PCI Gap Analysis projects for various merchants and service providers that transact with credit cards. These projects involve scoping the PCI environment, performing testing and analysis to identify gaps in PCI compliance, and providing recommendations on network segmentation, third-party contracts, and overall PCI compliance solutions.
- Project lead for PCI Assessment Report on Compliance (ROC) for a data center service provider. This project involved testing of the PCI Data Security Standard controls, documenting findings, working with the client on remediation activities, and issuing the Report on Compliance.
- Project lead for a SOC reporting engagement for an international call center service provider. This engagement involved transitioning the client from the former SAS 70 standards to the new SOC2 reporting framework.
- Project lead for a SOC reporting readiness project for a financial software company. For this first-time SOC issuer, the project involves identifying processes and controls, drafting control objectives and associated controls, and providing advisory services related to process improvements necessary for SOC 2 compliance.
- Project lead for a SAS 70 engagement for a leading international web hosting company. This project involved developing control objectives and controls as well as assisting with documenting narratives, evaluating all domestic and international data centers for effective design and execution of controls, and writing the final SAS 70 report.
- Project lead for a SAS 70 reporting readiness project for a financial software company. For this first-time SAS 70 issuer, the project involves identifying processes and controls, drafting control objectives and associated controls, and providing advisory services related to process improvements necessary for SOC 1 compliance and the issuance of the SOC 1 report.
- Project lead for Sarbanes Oxley IT audit engagement for international nutritional products company. This project involved scoping and performing IT audit procedures over Oracle Financials suite, as well as other customized systems and their supporting operating system and database layers.
- BS (Business Management, Information Systems Management) from Brigham Young University