Carl Cadregari, CISA, GPCI, Certified HIPAA Consultant

Teams: 
Enterprise Risk Management Team
Financial Institutions Team
Government Team
Healthcare Team
Medium & Large Privately Held Companies Team
Public Companies Team
Tax-Exempt Team
Title: 
Executive Vice President
Email: 
ccadregari@bonadio.com

Carl is the Practice Lead of Bonadio’s IT/IS Enterprise Risk Management Team.  Carl also serves as the Chief Information Security Director at one of the area’s largest insurance companies.  Prior to joining Bonadio, Carl served as a Technical Marketing Manager with a $1 billion information technology supplier, a Business Development consultant with a national engineering and consulting firm, and a Systems Engineer with an international electronics distribution company. 

Carl has more than 28 years of experience in Information Technology and Information Systems Security and Architecture, Deployment, Project Management, Security by Design, and Governance.  His expertise in Technology Controls, Physical, Administrative, and Technical Security, System Development Life Cycling, Enterprise Risk Management, Business Impact Analysis, and Disaster Recovery Planning has been applied across companies with 10 to 17,000+ employees across almost all vertical markets.  That, along with over 14 years in auditing and standards compliance experience in HIPAA, HITECH, Red Flag Rule, Sarbanes Oxley, SAS70/SSAE16, WebTrust, SysTrust, Graham-Leach Bliley, PCI DSS, International Standards Organization 17799, FERPA, FISMA controls, and the successful application of the best practices of ISACA, COBIT, COSO, OAG, OVAL, ITIL Foundation, and IIA/AICPA, creates a valuable and unique blend of talent.

Carl has written multiple articles on technology and information security including topics such as The CIA Triad, Ethical Hacking, Document Retention, Cloud Computing, and Data Breach Avoidance.

Education

  • B.S. - Biology, Niagara University

Licensing & Certifications

  • IEEE Certified Master in Computer Forensics (US)
  • Certified Information Systems Auditor (CISA)  
  • SAP Planning and AIS (Audit Information System) Controls Auditor
  • Certified HIPAA Privacy and Security auditor
  • Oracle/SAP/Progress Controls and Hardening Tactics
  • SANS/GIAC Certifications
    • Reputation-Based Network Security
    • Correlating Insider Threats to SIM
    • Vulnerability Management
    • Payment Card Industry – Audit and Validation

Service Expertise

  • Consulting
  • Information Technology and Information Systems Security
  • Enterprise risk management
  • Compliance with Data Security Laws and Regulations