Charlie Wood, CISA, CRISC

Teams: 
Enterprise Risk Management Team
Title: 
Principal
Email: 
cwood@bonadio.com

Charlie is a member of The Bonadio Group’s Enterprise Risk Management Division.  Charlie joined TBG with more than 15 years of experience in the information technology industry, with a focus on security vulnerabilities, internal and external auditing, controls optimization and compliance, system administration, and project management. 

Prior to joining Bonadio, Charlie worked within the Systems Performance Assurance group at PricewaterhouseCoopers LLP, where he obtained extensive experience with respect to IT security reviews in support of critical business processes for clients within various industries.  Charlie identified critical business processes, specific IT threats, and recommendation of controls to mitigate these threats to ensure that respective clients maintain a stable and efficient computing/business environment.

Charlie’s experience also includes developing and executing testing frameworks to ensure that client computer controls are functioning per the Payment Card Industry Data Security Standards (PCI DSS), Sarbanes Oxley, and HIPAA regulations.  Charlie has performed said compliance reviews for a variety of companies and organizations.

Charlie has reviewed and tested large scale ERP solutions including Oracle, SAP and IBM’s Mainframes and AS400.  Testing included a detailed review of the controls surrounding the application, operating systems, and databases.  These reviews were predicated on ensuring the completeness, accuracy, and restricted access of the underlying data, in support of the financial audit.

Charlie spent five years as a system administrator at Paychex Inc.  Charlie was also the business unit project lead for a major system implementation at Paychex Inc.  His duties included requirements gathering, system specification creation, testing, approval, and overall business unit go-live sign off.  Charlie coordinated the above activities with various members of IT and upper management. 

Education

  • B.S. - Business Administration, State University of New York College of Agriculture and Technology at Cobleskill
  • B.S. - Economics, State University of New York College at Oswego

Licensing & Certifications

  • Information Systems Audit and Control Association (ISACA), member
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Controls (CRISC)

Service Expertise

  • Consulting
  • Information Technology and Information Systems Security
  • Enterprise risk management
  • Compliance with Data Security Laws and Regulations