Andrew Mathieson is an information risk and cyber security director in the Firm’s Boston, Massachusetts office and a member of its IT Risk and Advisory Services practice group. He has extensive experience with planning, executing and overseeing the IT Security and attestation audit examination process for the following: Statement on Standards for Attestation Engagements (SSAE 18) including System and Organization Controls (SOC 1,SOC 2 and SOC 3), Agreed Upon Procedures, Sarbanes Oxley (SOX 404), Meaningful Use Assessments, HIPAA Assessments, cyber security assessments, HITRUST assessments, ISO 27001assessments, FFIEC assessments, DMF assessments, GLBA and General IT Controls Reviews and Application Control Reviews. Additionally, Mr. Mathieson is responsible for managing risk assessment engagements to evaluate confidentiality, processing integrity, availability, security, and privacy concerns.