Tom works in the Firm’s IT Risk Assurance & Advisory practice. He has more than 15 years of experience in internal and external audit, with over four in a managerial capacity with a concentration in Information Security. Tom’s primary focus is on system and organizational control attestation engagements.