Glenn Hoffman CISA - Principal

Background & Expertise


Glenn is a Principal in the firm’s Enterprise Risk Management division.  He has over 20 years of experience in the information technology industry, with a focus on internal and external auditing, controls optimization and compliance, system administration, disaster recovery, and business continuity and impact analysis, as well as general project management.

Prior to joining Bonadio, Glenn led a National Technology Risk Management group at a specialized management consulting and audit firm, where he obtained extensive enterprise risk management experience in support of critical business processes for clients in a variety of industries.  Glenn identified critical business processes and specific IT threats, and recommended controls to mitigate those threats to ensure that clients maintained stable and efficient computing/business environments.

Glenn also held management roles at a multi-national investment bank based in New York in its global derivatives trading group, where he assisted the bank remediate significant regulatory concerns related to trading of complex derivatives products.  His past experience also includes over 14 years with a Big 4 Accounting firm in its Information Technology Risk Group where he managed global teams.

Glenn’s experience includes developing and executing programs predicated upon ensuring that client computer controls are functioning according to:

• Committee of Sponsoring Organizations (COSO)
• Control Objectives for Information Related Technologies (COBIT)
• Sarbanes-Oxley Act (SOX404)
• Health Information Trust Alliance (HITRUST)
• Health Insurance Portability and Accountability Act (HIPAA)
• Gramm-Leach-Bliley Act (GLBA)
• Statement on Standards for Attestation Engagements (SSAE 16/18)
• ISO 27001/2
• Federal Financial Institutions Examination Council (FFIEC)
• Federal Deposit Insurance Corporation (FDIC)
• Office of the Comptroller of the Currency (OCC)
• National Institute of Standards and Technology (NIST)
• State, Federal and international data privacy and security laws

Glenn has assisted many diversified clients where he performed technology and regulatory compliance reviews for a variety of complex organizations, including both public and privately held companies across all lines of service.  Glenn has also reviewed, tested, and assisted with the implementation of large scale ERP solutions, including Oracle, SAP, and IBM mainframes and AS/400 products.

Glenn has authored industry content for a number of industry periodicals, websites, and blogs and has been a frequent speaker at industry conferences and events.

Glenn currently holds a Certified Information Services Auditor (CISA) credential.