Charlie Willis

Charlie is a managing director with Deloitte’s Risk & Financial Advisory practice. He has 25 years of experience with technology risk and controls. Prior to joining Deloitte, Charlie focused his career within Information Technology where he was involved with data center operations, application development, server and database administration, as well as network and firewall administration.

At Deloitte, Charlie has spent his time applying his knowledge of technology with IT risks and controls to assist many clients across multiple frameworks (e.g., NIST, ISO, COBIT, PCI CSA CCM, HITRUST, GLBA, FFIEC, NYDFS). His primary focus is within the IT risk space, supporting engagements requiring his technical skills such as internal audit, cloud computing, IT risk and governance, IT SOX optimization, and System and Organization Control (SOC) reports. Over the past 10 years, Charlie has been active with Deloitte’s cloud computing initiative for internal audit and he is Deloitte’s primary contact for internal audit cloud-related services. He has also been involved in Deloitte’s innovation initiative to help clients prepare for future American Institute of Certified Public Accountants (AICPA) cybersecurity risk management examinations.

Charlie has been a featured speaker at several industry events, sponsored by SIFMA, ISACA, and the Institute of Internal Auditors (IIA), among others. In addition, Charlie has developed cloud computing training curriculum for ISACA for a course that has been running for the past nine years. He has written articles on risks associated with the cloud that have appeared in Deloitte’s module of the Wall Street Journal Risk and Compliance Journal and was one of the primary authors of Deloitte’s paper, “Will risk rain on your move to the Cloud?” Charlie was a member supporting the development of ISC2’s Certified Cloud Security Professional (CCSP) training to certify cloud security professionals. He helped support development of the AICPA SOC 2 publication, as a member of the ASEC Trust Information Integrity Task Force and Cloud Computing working group. Finally, Charlie was a member of SIFMA’s SOC2/AUP/NIST Cybersecurity for Critical Infrastructure Third-Party Assessment Standard task force.