Andrew Retrum Managing Director Andrew Retrum is a Managing Director within Protiviti’s Technology Consulting Practice and the Global Technology Risk & Resilience Practice Lead.Andrew assists our clients in navigating an ever-evolving risk landscape, managing cyber and evolving technology risks and helping our clients better understand, communicate, and respond and recover from adverse events.Andrew has led Cyber Program Offices for several large institutions as part of broader business transformation efforts. He is an advocate for the adoption of the FAIR Methodology as an alternative method of IT Risk Management and thought leader on recent cybersecurity regulatory matters. Most recently, he is partnering with key trade associations within the financial sector to help craft the global response on the topic of Operational Resilience. Prior to joining Protiviti as a founding member in 2002, Andrew spent his career at a “Big 5” Public Accounting firm in the Technology Risk Consulting practice.MAJOR PROJECTSCybersecurity TransformationLed a multi-year transformational effort to assist a global telecommunications company in advancing their security posture to meet the changing threat landscape.Led a multi-year relationship with a large insurance company to support the security and information risk function as the enterprise went through a client first transformation. Areas of focus included Application Security, Identity Management, Cloud Security, Vendor Management, IT Risk Management, and GRC.Led a “security reset” engagement at a global institution to establish agreed upon risk priorities, and future state operating model, and the formal roadmap to meet “reset” objectives.Assisted client in prioritising and planning key infrastructure and security activities for $300M merger program.Cybersecurity AdvisoryLed an engagement to help a company prepare for New York Department of Financial Services (NY DFS) Cybersecurity Attestation, including specific efforts to complete an enterprise-wide risk assessment in line with requirement 500.09.Oversaw General Data Protection Regulation (GDPR) readiness review and compliance roadmap for a global technology and communications organisation.Evolving TechnologiesLed engagement to assist organisation in technology review of Internet of Things (IoT) devices ranging from smart locks to connected showers to medical devices.Leveraging and Agile, and other similar frameworks, to help both our clients and our engagement delivery clear value more efficiently and effectively.AREAS OF EXPERTISEIT Strategy AlignmentIT Portfolio, Project, & Program ManagementIT Privacy Risk ManagementIT Security Risk ManagementINDUSTRY EXPERTISEFinancial ServicesHealthcareProfessional ServicesPRACTICES:Security Program & StrategyCybersecurity TransformationOperational Resilience Information Technology Risk Evolving TechnologiesEDUCATIONB.S. Management Information Systems, University of Illinois in Urbana-ChampaignExecutive M.B.A., The Wharton School (2023)FAIR Institute, Advisory Board Member (2021)PROFESSIONAL MEMBERSHIPS & CERTIFICATIONSMember, ISACAMember, ISC2Member, IAPP
