Enterprise Risk Management Services
In the area of Enterprise Risk Management, Mr. Weil has directed professional IA program teams in both the commercial and federal sectors. Professional expertise areas are listed here.
- Management of Professional Services Organization (US Antaractic Program)
- Governance, Risk and Compliance (GRC) Program Development (IT Audit)
- Enterprise Risk Management and FISMA Compliance
- Cloud Security (FedRAMP) for federal and Cloud Service Providers (CSPs)
- ISO 27001 and audit implementation for commercial clients.
- Certified Cloud Security Professional (ISC2)
Our services include ...
- Information risk and security management - including: strategy and policy development; identifying, evaluating and treating risks; benchmarking; and business continuity management.
- Security awareness and training programs - programs that actually work, fostering a strong corporate security culture at all levels from the office cleaners to the CEO and Board.
- Security courses, seminars and briefings - explaining stuff, motivating and guiding people.
- Security metrics - designing and implementing a suite of metrics to manage information risk and security systematically, effectively and efficiently; reviewing and evaluating existing metrics.
- ISO27k - help to adapt and adopt the good practices from the ISO/IEC 27000 standards; gap analysis; internal audit; pre- and post-certification support.
- IT auditing - IT audit strategy development and planning; audit management; data center and software development projects audits.
- Project management and governance - building and leading teams.
Program Management
- Management of Professional Services Organization (US Antarctic Program)
- Governance, Risk and Compliance (GRC) Program Development (IT Audit)
- Cloud Security (FedRAMP) for federal and Cloud Service Providers (CSPs)
- ISO 27001 implementation for commercial clients.
