John Mason, a Senior Associate Consultant for RLR Management Consulting, Inc., has over 20 years combined experience in financial services, internal audit, SSAE 16s/18s, regulatory compliance, information security, investigations, and process reengineering. John has performed over 200 SSAE 18 SOC 1 and SOC 2 audits throughout his career. He has held positions such as Chief Internal Auditor and VP of Audit & Compliance in a variety of companies. While at two multi-billion-dollar institutions, he was the Chief Information Security Officer and helped establish information risk management programs as well as designing risk-based programs several years before Sarbanes-Oxley.
His experience includes:
- Achieved $50,000 in cost savings in seven months through focused vendor management and metrics
- Integrated regional and interstate banks’ IT-financial audit support for consumer and commercial loans, BSA/OFAC compliance, ALM/IRR, deposit operations, borrower-in-custody, IT, non-depository insurance products (NDIP), GLBA, SOX, branch retail audits, accounting/finance, asset-based lending, and factoring
- Provided savings of over 50% with multi-layered disaster recovery and business continuity services design
- Provided key assistance during major IT conversion where the CAO stated that without Internal Audit’s help, the conversion would not have succeeded or been aborted.
- Reduced compliance reporting costs by 90% and reduced SAR compliance reporting time to 6-8 minutes through personally-developed database tools.
- Streamlined and reduced up to 40% the SOX compliance work at a major renewable products company
- Established multi-phased and integrated information security and HIPAA solutions resulting in estimated cost-savings of $25,000+ per client
- Has routinely authored, reviewed, and researched finance control policies and procedures
- performed audits for governmental agencies
- Performed over 200 SSAE 18/16 SOC 1 and SOC audits and readiness assessments.
- Managed a full spectrum of financial, operational, SOX compliance and data processing audits
- Received CUIAA national award for audit excellence.
- Currently holds the MBA, CISA, CISM, CFE, CFSSP, CGEIT, CBA, CFSA degrees/certifications.
- Co-authored Computer Security Handbook, 5th and 6th Editions and has been one of the highest-rated adjunct professors in Norwich University’s Master of Science Information Security & Assurance (MSISA) program for over 10 years.
John holds a B.A. in Economics degree from the UC San Diego and an M.B.A.
Information Systems Audit and Controls Association (ISACA)
Association of Certified Fraud Examiners (ACFE)