RLR Management Consulting, inc.

John Mason

John Mason, a Senior Associate Consultant for RLR Management Consulting, Inc., has over 20 years combined experience in financial services, internal audit, SSAE 16s/18s, regulatory compliance, information security, investigations, and process reengineering. John has performed over 200 SSAE 18 SOC 1 and SOC 2 audits throughout his career. He has held positions such as Chief Internal Auditor and VP of Audit & Compliance in a variety of companies. While at two multi-billion-dollar institutions, he was the Chief Information Security Officer and helped establish information risk management programs as well as designing risk-based programs several years before Sarbanes-Oxley.



His experience includes:

  • Achieved $50,000 in cost savings in seven months through focused vendor management and metrics
  • Integrated regional and interstate banks’ IT-financial audit support for consumer and commercial loans, BSA/OFAC compliance, ALM/IRR, deposit operations, borrower-in-custody, IT, non-depository insurance products (NDIP), GLBA, SOX, branch retail audits, accounting/finance, asset-based lending, and factoring
  • Provided savings of over 50% with multi-layered disaster recovery and business continuity services design
  • Provided key assistance during major IT conversion where the CAO stated that without Internal Audit’s help, the conversion would not have succeeded or been aborted.
  • Reduced compliance reporting costs by 90% and reduced SAR compliance reporting time to 6-8 minutes through personally-developed database tools.
  • Streamlined and reduced up to 40% the SOX compliance work at a major renewable products company
  • Established multi-phased and integrated information security and HIPAA solutions resulting in estimated cost-savings of $25,000+ per client
  • Has routinely authored, reviewed, and researched finance control policies and procedures
  • performed audits for governmental agencies
  • Performed over 200 SSAE 18/16 SOC 1 and SOC audits and readiness assessments.
  • Managed a full spectrum of financial, operational, SOX compliance and data processing audits
  • Received CUIAA national award for audit excellence.
  • Currently holds the MBA, CISA, CISM, CFE, CFSSP, CGEIT, CBA, CFSA degrees/certifications.
  • Co-authored Computer Security Handbook, 5th and 6th Editions and has been one of the highest-rated adjunct professors in Norwich University’s Master of Science Information Security & Assurance (MSISA) program for over 10 years.

John holds a B.A. in Economics degree from the UC San Diego and an M.B.A.

Professional Affiliations:

Information Systems Audit and Controls Association (ISACA)
Association of Certified Fraud Examiners (ACFE)