Carl Cadregari CISA, CCSFP - Executive Vice President

Background & Expertise


Carl is an Executive Vice President in the Enterprise Risk Management Team.  Carl has more than 28 years of experience in providing reasonable and actionable Information Technology and Cybersecurity and Architecture, controls deployment, BCP/DR auditing and planning, Cybersecurity by Design, and overall controls governance. 

His expertise in Cybersecurity Controls, Physical, Administrative, and Technical Security, Enterprise Risk Management, Business Impact Analysis, Vendor Management and Disaster Recovery Planning has been applied across many companies across almost all vertical markets from banking to government to healthcare to education.  Carl’s experience includes over 18 years in auditing and standards compliance assessment experience developing and executing programs predicated upon ensuring that client computer controls are functioning according to:

  • HITRUST Common Security Framework
  • Health Insurance Portability and Accountability Act (HIPAA/HITECH)
  • NIST Cybersecurity Framework
  • Gramm-Leach-Bliley (GLBA)
  • General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • Federal Financial Institutions Examination Council (FFIEC)
  • Federal Deposit Insurance Corporation (FDIC)
  • Office of the Comptroller of the Currency (OCC)
  • Meaningful Use
  • Federal Trade Commission (FTC) Red Flag Rule
  • Family Educational Rights and Privacy Act (FERPA)
  • Federal Information Security Management Act (FISMA)
  • NY 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies
  • Multiple State, Federal and multiple international data privacy and security laws

And the successful application of the best practices of:

  • Committee of Sponsoring Organizations (COSO)
  • Control Objectives for Information Related Technologies (COBIT)
  • Sarbanes-Oxley Act
  • Statement on Standards for Attestation Engagements (SSAE16/18)
  • Institute of Internal Auditors (IIA)

Carl currently holds the following certifications:

  • Certified Information Systems Auditor from ISACA (CISA)
  • Certified Assessor for the HITRUST Common Security Framework (CCSFP)
  • Certified Third Party Risk Professional (CTPRP)

Carl’s professional memberships have included the Information Systems Audit and Control Association (ISACA), HIMSS, Healthcare Financial Management Association (HFMA), DRI International (DRI) Systems Administration Networking and Security Institute (SANS), and the Association of Certified Fraud Examiners (ACFE).  He is an experienced HIPAA Privacy and Security assessor, Certified Information Systems Auditor (CISA).  Carl is a past member on the Healthcare Information Technology Standards Panel of the American National Standards Institute (ANSI), the Board of Directors at Bonadio and was the interim Chair of the Moore Global Network Limited NA Technology Consulting Community Group.

Carl has authored multiple articles on technology and cybersecurity including topics such as: Effective Vendor Management Controls, Cloud Computing Security, Data Breach Avoidance, Ransomware, HIPAA Compliance for the NY Bar Association Healthcare Journal, “2016, The Year my Data went WHERE?”, NCUA ACET: New Tool, More Cybersecurity Measurement on Your Resiliency and “2019: The Year to Get Out of Cybersecurity Ostrich Mode”