Curtis is a managing director in Deloitte’s Risk & Financial Advisory group and is the US leader for the Third-Party Assurance practice and national commercial practice leader for Deloitte’s Third-Party Assessment Organization (3PAO) accreditation under the Federal Risk and Authorization Management Program (FedRAMP).
Curtis has over 25 years of experience specializing in System and Organization Controls (SOC)/ Statement on Standards for Attestation Engagements (SSAE) 18, cybersecurity, National Institute for Standards and Technology (NIST) 800-171 / NIST 800-53, agreed-upon procedures (AUP), information systems, risk management, and Sarbanes-Oxley (SOX).
He has served as the engagement leader for over 200 SOC 1 and SOC 2 attestation engagements and is a senior member of Deloitte’s National Quality and Risk Management group responsible for all SOC engagements across the US. Curtis served a three-year term as Deloitte’s representative to the AICPA’s Information Technology Executive Council (ITEC) where he was involved with the SOC framework, SOC peer review program, and cloud computing task forces.
