• Search in Protiviti.com

Andrew Retrum

Managing Director

Andrew Retrum is a Managing Director within Protiviti’s Technology Consulting Practice and the Global Technology Risk & Resilience Practice Lead.

Andrew assists our clients in navigating an ever-evolving risk landscape, managing cyber and evolving technology risks and helping our clients better understand, communicate, and respond and recover from adverse events.

Andrew has led Cyber Program Offices for several large institutions as part of broader business transformation efforts. He is an advocate for the adoption of the FAIR Methodology as an alternative method of IT Risk Management and thought leader on recent cybersecurity regulatory matters. Most recently, he is partnering with key trade associations within the financial sector to help craft the global response on the topic of Operational Resilience. Prior to joining Protiviti as a founding member in 2002, Andrew spent his career at a “Big 5” Public Accounting firm in the Technology Risk Consulting practice.

MAJOR PROJECTS

Cybersecurity Transformation

  • Led a multi-year transformational effort to assist a global telecommunications company in advancing their security posture to meet the changing threat landscape.
  • Led a multi-year relationship with a large insurance company to support the security and information risk function as the enterprise went through a client first transformation. Areas of focus included Application Security, Identity Management, Cloud Security, Vendor Management, IT Risk Management, and GRC.
  • Led a “security reset” engagement at a global institution to establish agreed upon risk priorities, and future state operating model, and the formal roadmap to meet “reset” objectives.
  • Assisted client in prioritising and planning key infrastructure and security activities for $300M merger program.

Cybersecurity Advisory

  • Led an engagement to help a company prepare for New York Department of Financial Services (NY DFS) Cybersecurity Attestation, including specific efforts to complete an enterprise-wide risk assessment in line with requirement 500.09.
  • Oversaw General Data Protection Regulation (GDPR) readiness review and compliance roadmap for a global technology and communications organisation.

Evolving Technologies

  • Led engagement to assist organisation in technology review of Internet of Things (IoT) devices ranging from smart locks to connected showers to medical devices.
  • Leveraging and Agile, and other similar frameworks, to help both our clients and our engagement delivery clear value more efficiently and effectively.

AREAS OF EXPERTISE

  • IT Strategy Alignment
  • IT Portfolio, Project, & Program Management
  • IT Privacy Risk Management
  • IT Security Risk Management

INDUSTRY EXPERTISE

  • Financial Services
  • Healthcare
  • Professional Services

PRACTICES:

  • Security Program & Strategy
  • Cybersecurity Transformation
  • Operational Resilience 
  • Information Technology Risk 
  • Evolving Technologies

EDUCATION

  • B.S. Management Information Systems, University of Illinois in Urbana-Champaign
  • Executive M.B.A., The Wharton School (2023)
  • FAIR Institute, Advisory Board Member (2021)

PROFESSIONAL MEMBERSHIPS & CERTIFICATIONS

  • Member, ISACA
  • Member, ISC2
  • Member, IAPP
Loading...