Charlie Wood CISA, PCI QSA, CISM, CRISC, CCSFP - Executive Vice President

Background & Expertise

Charlie is an Executive Vice President in the firm’s Enterprise Risk Management Division.  He has over 20 years of experience in the information technology industry, with a focus on security hardening, data privacy, vulnerability identification and remediation, internal and external auditing, controls optimization and compliance, system administration, disaster recovery, and business continuity and impact analysis, as well as general project management.
Prior to joining Bonadio, Charlie worked in the Systems Performance Assurance group at a Big 4 firm, where he obtained extensive enterprise risk management experience with respect to IT security reviews in support of critical business processes for clients in a variety of industries.  Charlie identified critical business processes and specific IT threats, and recommended controls to mitigate those threats to ensure that clients maintained stable and efficient computing/business environments.
Charlie’s experience includes developing and executing programs predicated upon ensuring that client computer controls are functioning according to:
• Payment Card Industry Data Security Standards (PCI DSS) 
• Committee of Sponsoring Organizations (COSO)
• Control Objectives for Information Related Technologies (COBIT)
• Sarbanes-Oxley Act (SOX404)
• Health Information Trust Alliance (HITRUST)
• Health Insurance Portability and Accountability Act (HIPAA)
• Gramm-Leach-Bliley Act (GLBA)
• Statement on Standards for Attestation Engagements (SSAE16/18)
• ISO 27001/2
• Family Educational Rights and Privacy Act (FERPA)
• Federal Information Security Management Act (FISMA) 
• Federal Financial Institutions Examination Council (FFIEC)
• Federal Deposit Insurance Corporation (FDIC)
• Office of the Comptroller of the Currency (OCC)
• State, Federal and international data privacy and security laws
Charlie has performed compliance reviews for a variety of complex organizations, including both public and privately held companies across all lines of service.  He has reviewed, tested, and assisted with the implementation of large scale ERP solutions, including Oracle, SAP, and IBM mainframes and AS/400 products. 
Charlie currently holds each of the following certifications:
• PCI Qualified Security Assessor (PCI QSA)
• Certified Information Services Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM) 
Charlie has authored industry content for a number of websites including but not limited to and