Jim Kearney

• Leads internal audit execution, inclusive of IA risk assessment activities through both co-sourced and outsourced resourcing models. Supports coverage across multiple risk domains and auditable universe analysis
• Directs SOX 404 internal control engagements across life sciences, real estate, not-for-profit, insurance and technology organizations (both domestic and global)
• Leads risk advisory projects related to cybersecurity regulatory compliance and maturity (NIST CSF/GLBA/OCIE/FFIEC CAT/NFA/ISO). Supports implementation of recommendations
• Manages end-to-end agreed-upon procedures (AUP), SOC 1, SOC 2 and SOC 3 attestation reporting engagements, inclusive of readiness pre-assessments
• Engages clients in enterprise risk management (ERM) through program build, requirements definition, risk domain inventorying and risk appetite/tolerance understanding
• Responds to internal and external (PCAOB, peer review) quality inspections with strong success rates
• Led go-to-market efforts related to the 2023 SEC cybersecurity disclosure requirements
• Developed content and enablers to support end-to-end third-party risk management program evolution
• Serves as a regional lead for governance, risk management and compliance (GRC) alliances

• Information Systems Audit and Control Association (ISACA), active involvement
• Institute of Internal Auditors (IIA), active involvement

Authored articles and perspectives on IT internal audit program development and cybersecurity risk management

Presented at multiple SOC reporting conferences/symposiums

Guest speaker for university management courses

• Certified Internal Auditor (CIA), IIA
• Certified Information Systems Auditor (CISA), ISACA