OUR PEOPLE

Robert is a specialist in information privacy, audit, and control. As a Deloitte & Touche partner in Canada, Robert had responsibility for the Firm's Privacy and Business Continuity practices. He provided technology audit support for several key financial audit clients. He was a founding member of, and served for ten years on, the AICPA-CICA joint US – Canada Privacy Task Force. This committee developed and maintained Generally Accepted Privacy Principles. These principles provide a framework for assessing compliance with United States, Canadian, and global privacy legislation. Robert holds the CMC (Certified Management Consultant) and CRISC (Certified in Risk and Information Systems Controls) designations. He is a past International President of the Information Systems Audit and Control Association and the IT Governance Institute. He continues to serve with both organizations and be on the board of directors of the University of Waterloo Centre for Information Integrity and Systems Assurance.

Rick has performed numerous reviews of public retirement systems' governance, strategy, risk, operations, compliance, and control. He also provides related fiduciary consulting services and board and executive education. Rick created the concept of risk intelligence. He is the principal author of Surviving and Thriving in Uncertainty: Creating The Risk Intelligent Enterprise™, published by John Wiley & Sons in April 2010. In 2017, Rick was the principal author and editor of One of a Kind! A Practical Guide for 21st Century Public Pension Trustees. He is a frequent public speaker and has published numerous articles on fiduciary duty, governance, and risk intelligence. Rick has over forty years' experience in both the not-for-profit and for-profit sectors. Rick was the National Practice leader for Deloitte's Governance and Risk Oversight Services. In that capacity, he served many of Deloitte's largest domestic and global clients. He was responsible for the thought leadership that currently underpins Deloitte's global pre-eminent position in risk intelligence.

Jyotin has extensive experience in Information Security, Risk, Privacy, and technology. He has worked with a wide array of clients in varying verticals. Jyotin holds a CISSP certification. He has assisted clients as a virtual CISO, developing security strategy, managing deployment of technology, assisting with RFPs, developing penetration testing/vulnerability management, deploying a Security Operations Center, and various other aspects of cloud security. Jyotin has experience in Financial Services, Retail, Research and Development, Biotechnology/Pharmaceutical, Healthcare, and the Government sectors.  Jyotin has worked extensively with senior management and boards of directors to develop strategies, vision, and direction for their Information security programs. His current focus is on the data lifecycle within businesses and looking at each aspect of security from data creation to its destruction and disposal. Jyotin has developed frameworks to manage various aspects of their information security programs using NIST, ISO, HI-TRUST, CIS, and other standards and models. Jyotin has previously assisted clients while with recognized consulting firms such as Deloitte, Tivoli/IBM, and BMC Software. 

Harvey has almost two decades of Business Continuity experience, coupled with roughly twenty years in a former IT career. Harvey was involved in recoveries after both World Trade Center events (1993 and 2001) as a technical lead in corporate crisis management teams. Harvey has provided consulting assistance to many organizations in manufacturing, financial, health care, NGO, and non-profit arenas. He has presented at almost all national and regional BCP conferences at one time or another, published articles in Continuity Insights, Continuity Magazine (the BCI), and Disaster Recovery Journal served on a panel at Climate Change Conference (UN GAID) in United Nations Headquarters. He is an active member of the ACP and is on their Speaker List, having presented at ISACA and ACP chapters in NY, CT, PA, and Boston.

Sandra specializes in cybersecurity and business continuity consulting, with an international clientele. She is an internationally published author and lecturer on information systems security. Before full-time consulting, she completed a 5-year assignment at Citibank as Vice President and CISO responsible for developing the corporate information security program. She was also associated with Security Pacific National Bank for 15 years, where she created the Information Security function and served as Vice President and CISO. Sandra is the former Chairperson of the Board, Founder, and founding President of the Information Systems Security Association (ISSA). She has held a four-year term on the National Computer System Security and Privacy Advisory Board established by the Computer Security Act of 1987, and a six-year term on the NIST Information Technology Lab Assessment Board.

Brian’s career spans 40 years in Information Technology with extensive operations and control roles in the higher education and pension sectors. Most recently, Brian was the IT Director at the Ohio Police and Fire Pension Fund. Previously, he was Vice President of Global Identity and Access Management, Cybersecurity Technology and Controls at JPMorgan Chase & Co. There he led project management of global mission critical security and control applications, including design, quality assurance and implementation. 

Brian’s frequent speaking experience includes presentations at the Public Retirement Information Systems Management (PRISM) conferences and Higher Education Users Group (HEUG) events. He served as President, Vice-President, Program Chair, and on the Board of Directors for the Information Systems Audit and Control Association - Central Ohio Chapter. He is a Scoutmaster with the Boy Scouts of America.

Brian has a BA in Accounting from The Ohio State University and has been a Certified Information Systems Auditor for over 25 years.