Carl Cadregari CISA, CCSFP - Executive Vice President

Background & Expertise


Carl is an Executive Vice President and the Practice Lead of the Firm’s IT/IS Enterprise Risk Management Team.  He is also a member of the Board of Directors at Bonadio.  Carl has more than 28 years of experience in providing reasonable and actionable Information Technology and Cybersecurity and Architecture, controls deployment, Project Management, BCP/DR auditing and planning, Cybersecurity by Design, and overall controls governance. 

His expertise in Cybersecurity Controls, Physical, Administrative, and Technical Security, System Development Life Cycling, Enterprise Risk Management, Business Impact Analysis, and Disaster Recovery Planning has been applied across companies with 10 to 35,000+ employees across all vertical markets from banking to government to healthcare to education.  Carl’s experience includes over 18 years in auditing and standards compliance assessment experience developing and executing programs predicated upon ensuring that client computer controls are functioning according to:

·         Gramm-Leach-Bliley (GLBA)

·         ISO 27001/2

·         HIPAA/HITECH

·         Federal Financial Institutions Examination Council (FFIEC)

·         Federal Deposit Insurance Corporation (FDIC)

·         Office of the Comptroller of the Currency (OCC)

·         HITRUST

·         NIST Cybersecurity Framework

·         Meaningful Use

·         Federal Trade Commission (FTC) Red Flag Rule

·         Payment Card Industry Data Security Standards (PCI DSS)

·         Family Educational Rights and Privacy Act (FERPA)

·         Federal Information Security Management Act (FISMA)

·         Defense Acquisition Regulations System (DFARS)

·         State, Federal and international data privacy and security laws


And the successful application of the best practices of:

·         Global Technology Audit Guide (GTAG)

·         Committee of Sponsoring Organizations (COSO)

·         Control Objectives for Information Related Technologies (COBIT)

·         Sarbanes-Oxley Act

·         Statement on Standards for Attestation Engagements (SSAE16/18)

·         Open Vulnerability and Assessment Language (OVAL)

·         ITIL Foundation

·         Institute of Internal Auditors (IIA)

·         American Institute of CPAs (AICPA)


Carl’s professional memberships have included Information Systems Audit and Control Association (ISACA), HIMSS, Healthcare Financial management Association (HFMA), DRI International (DRI) Systems Administration Networking and Security Institute (SANS), and the Association of Certified Fraud Examiners (ACFE).  He is an experienced HIPAA Privacy and Security assessor, Certified Information Systems Auditor (CISA).  Carl is a past member on the Healthcare Information Technology Standards Panel of the American National Standards Institute (ANSI).

Carl has written articles on technology and cybersecurity including topics such as: Ransomware Protection, Effective Vendor Management Controls, The CIA Triad, Ethical Hacking as a Key Control, Document Retention, Cloud Computing Security, Data Breach Avoidance, Ransomware and HIPAA Compliance for the NY Bar Association Healthcare Journal and “2016, The Year my Data went WHERE?”