Perspectives
Expose the risk, protect your cloud
Avoid a check-the-box approach with risks in cloud computing
Cloud computing is the new normal. But divergence of responsible parties means that risk managers have to remain vigilant.
People
Curtis Stewart
Managing Director
Deloitte Risk & Financial Advisory
Curtis is a managing director in Deloitte’s Risk & Financial Advisory group and is the US leader for the Third-Party Assurance practice and national commercial practice leader for Deloitte’s Third-Party Assessment Organization (3PAO) accreditation under the Federal Risk and Authorization Management Program (FedRAMP).
Curtis has over 25 years of experience specializing in System and Organization Controls (SOC)/ Statement on Standards for Attestation Engagements (SSAE) 18, cybersecurity, National Institute for Standards and Technology (NIST) 800-171 / NIST 800-53, agreed-upon procedures (AUP), information systems, risk management, and Sarbanes-Oxley (SOX).
He has served as the engagement leader for over 200 SOC 1 and SOC 2 attestation engagements and is a senior member of Deloitte’s National Quality and Risk Management group responsible for all SOC engagements across the US. Curtis served a three-year term as Deloitte’s representative to the AICPA’s Information Technology Executive Council (ITEC) where he was involved with the SOC framework, SOC peer review program, and cloud computing task forces.