RLR Management Consulting

John Mason

Senior Associate Consultant

John Mason has over 20 years combined experience in financial services, internal audit, SSAE 16s/18s, regulatory compliance, information security, investigations, and process reengineering. John has performed over 200 SSAE 18 SOC 1 and SOC 2 audits throughout his career. He has held positions such as Chief Internal Auditor and VP of Audit & Compliance in a variety of companies. While at two multi-billion-dollar institutions, he was the Chief Information Security Officer and helped establish information risk management programs as well as designing risk-based programs several years before Sarbanes-Oxley.

A man with glasses and a blue shirt


  • Integrated regional and interstate banks’ IT-financial audit support for consumer and commercial loans, BSA/OFAC compliance, ALM/IRR, deposit operations, borrower-in-custody, IT, non-depository insurance products (NDIP), GLBA, SOX, branch retail audits, accounting/finance, asset-based lending, and factoring
  • Provided key assistance during major IT conversion where the CAO stated that without Internal Audit’s help, the conversion would not have succeeded or been aborted
  • Reduced compliance reporting costs by 90% and reduced SAR compliance reporting time to 6-8 minutes through personally-developed database tools
  • Streamlined and reduced up to 40% the SOX compliance work at a major renewable products company
  • Established multi-phased and integrated information security and HIPAA solutions resulting in estimated cost-savings of $25,000+ per client
  • Has routinely authored, reviewed, and researched finance control policies and procedures
  • Performed audits for governmental agencies
  • Performed over 200 SSAE 18/16 SOC 1 and SOC audits and readiness assessments
  • Managed a full spectrum of financial, operational, SOX compliance and data processing audits; designed, performed, and evaluated domestically and internationally in multiple languages:
    • Operations administration and internal control audits at over 15 different institutions encompassing over 150 locations
    • Lending-related operational and compliance audits at over 12 institutions encompassing over 110 locations
    • Accounting/finance-related operational and compliance audits at over 12 institutions encompassing over 100 locations
    • Foreign exchange and trade finance operational and compliance audits at over 10 institutions encompassing over 80 locations


  • B.A. in Economics degree from the UC San Diego
  • M.B.A
  • CISA
  • CISM
  • CFE
Community Involvement:
  • Member of Information Systems Audit and Controls Association (ISACA)
  • Member of Association of Certified Fraud Examiners (ACFE)
  • Internal Audit
  • Accounting & Finance
  • ALLL
  • Compliance Management Systems
  • CRA
  • Operations Compliance
  • Electronic Banking
  • Information Technology
  • Investments
  • IRR/Liquidity
  • Lending Compliance
  • Regulatory Compliance
  • Remote Deposit Capture
  • Risk Management
  • SSAE 18 SOC1, SOC2 & SOC3 Audits
  • SOX Compliance
  • TRID
  • Vendor Management
  • Website compliance