In the area of Enterprise Risk Management, Mr. Weil has directed professional IA program teams in both the commercial and federal sectors. Professional expertise areas are listed here.
- Management of Professional Services Organization (US Antaractic Program)
- Governance, Risk and Compliance (GRC) Program Development (IT Audit)
- Enterprise Risk Management and FISMA Compliance
- Cloud Security (FedRAMP) for federal and Cloud Service Providers (CSPs)
- ISO 27001 implementation for commercial clients.
- Certified Cloud Security Professional (ISC2)
Our services include ...
- Information risk and security management - including: strategy and policy development; identifying, evaluating and treating risks; benchmarking; and business continuity management.
- Security awareness and training programs - programs that actually work, fostering a strong corporate security culture at all levels from the office cleaners to the CEO and Board.
- Security courses, seminars and briefings - explaining stuff, motivating and guiding people.
- Security metrics - designing and implementing a suite of metrics to manage information risk and security systematically, effectively and efficiently; reviewing and evaluating existing metrics.
- ISO27k - help to adapt and adopt the good practices from the ISO/IEC 27000 standards; gap analysis; internal audit; pre- and post-certification support.
- IT auditing - IT audit strategy development and planning; audit management; data center and software development projects audits.
- Project management and governance - building and leading teams.
- Interim management - holding the reins and assisting with the recruitment and mentoring of a permanent replacement.