1 / 19

About mazars USA LLP

About mazars USA LLP. CYBERSECURITY AND DATA PRIVACY SERVICES. 2019. About mazars. ABOUT US.

aran
Download Presentation

About mazars USA LLP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. About mazars USA LLP CYBERSECURITY AND DATA PRIVACY SERVICES 2019

  2. About mazars

  3. ABOUT US Mazars USA LLP is a client-centered, full-service accounting, auditing, tax, consulting and advisory firm with over 100 partners and 800 professionals in 12 U.S. offices. Mazars USA is the independent U.S. member firm of Mazars Group – a prominent international accounting, audit, tax and advisory services organization with 24,000 professionals in more than 100 countries.

  4. WHAT WE DO From diversity to globalization, from innovation to stewardship, discover our unique stories and how we believe businesses can interact with their stakeholders. ACCOUNTING, AUDITING AND ASSURANCE TAX SERVICES ADVISORY CONSULTING

  5. OUR VISION To be a premier Professional Services Firm that provides diverse and rewarding experiences for our people, clients and in the communities we serve.

  6. OUR MISSION z Our Mission At Mazars USA Is To Be: A high-performing national firm with significant presence in strategic U.S. geographies; Leveraging our exceptional international capabilities and reach; Offering a broad array of industry specialists providing Accounting, Audit, Tax, Consulting and Advisory services to growth-oriented enterprises and individuals; Centered on a culture of diversity, collaboration and community; Driven by our Guiding Principles of Association Respect and Excellence.

  7. Consulting services Governance, Risk and Compliance CONSULTING SERVICES Cybersecurity And Data Privacy Financial Advisory Services Management & Technology Healthcare Mazars’ Consulting Practice

  8. Mazars’ global cybersecurity practice Our Unique Global Reach Operating in over 15 countries to support an integrated service offering across borders. Our clients have access to a full range of Cybersecurity experts including a 24/7 support from our Cybersecurity Fusion Center. 15 + Country Members 360 Expertise on GDPR Regulations Collaboration and Global Perspective Mazars Cybersecurity Practices Mazars Cybersecurity Fusion Centers

  9. End-to-end cybersecurity Mazars’ Cybersecurity experts help organizations in all industries, both nationally and globally, understand and manage their cyber risk. Our professionals provide a unique combination of foresight, experience, and hands-on execution to assist you in mitigating risk and protecting your business. Advisory Services Managed Services Privacy Compliance Monitoring Threat Hunting Data Privacy Consulting Virtual SOC as a Service (vSOC) Security & Privacy Regulatory Assessments Cloud Security Analytics Managed Detection and Response (MDR) Ethical Hacking – Technical Assessments Operational Technology (OT) Solutions Vulnerability Management Program

  10. How we help our clients Improve understanding of risk management and the latest cyber threats impacting their organization Guide the board of directors and audit committee on tracking cybersecurity key performance indicators Advance knowledge of vulnerability management baseline through assessments, penetration testing, policy development, and secure architecture designs Define the target state for cybersecurity along with a plan to attain defined goals Advance knowledge in privacy and regulatory compliance through assessment, data discovery and data mapping Develop compliance controls around the record of processing, data impact assessments, and data subject rights response Mazars’ cybersecurity and privacy group provides comprehensive advice, guidance and consulting to numerous areas of the business, from the board of directors and audit committee to program leaders, architects and technology professionals, tailored to an organizations maturity.

  11. Data privacy consulting Mazars’ Privacy Consulting Services helps organizations manage data, mitigate risk, and ensure they meet global privacy laws. CHIEF INFOMRATION OFFICER AS A SERVICE - CISO DATA PRIVACY OFFICER AS A SERVICE - DPO Manage Compliance Dedicated Cybersecurity Leader Mazars’ Chief Information Officer (CISO) and Information Security Expert (ISE) service is designed to effectively run an organization's security program. We can assist by protecting your organization while you hire a permanent CISO or on a longer-term basis. Mazars’ Data Privacy Officer (DPO) service is designed to effectively run an organization’s security program and a key player facilitating and enforcing regulatory compliance. We assist by protecting your organization while you hire a permanent DPO on a longer-term basis. Drive Change Enforcement Tracking Training and Awareness Metrics and Reporting CISO DPO Manage Compliance Validate ROPA Testing Reporting Training and Awareness

  12. Case studies

  13. CASE STUDY | LIFE SCIENCES COMPANY PRIVACY PROGRAM: GDPR, CCPS, PIPEDA HOW MAZARS HELPED Working with multiple divisions and departments, Mazars was able to rewrite the company’s contract language around compliance, significantly limiting their exposure to fines and cease orders. At the same time, Mazars was able to work with the company’s data protection offices to create a Data Subject Rights (DSR) response program, which was closely related to the privacy protection processes, both operationally and legally. By working with compliance, IT and the company’s data protection offices, we were able to develop Privacy Impact Assessments (PIAs), along with a Record of Processing Activities (ROPA) program. THE CHALLENGE A North American Life Sciences company was processing special categories of private information, and were concerned about their ability to comply with multiple privacy laws, in multiple jurisdictions, some of which could be conflicting. Without an all-encompassing privacy plan, they risked fines, losing business, and not being allowed to partner with other companies to complete projects, which could cost them millions of dollars in lost opportunity. As such, the company sought guidance on building a privacy program that would meet Privacy Shield, General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) requirements simultaneously, without reinventing the wheel for each new governing body. BENEFITS ACHIEVED In six weeks, Mazars developed a GDPR-compliant roadmap with specific deliverables around privacy notice, established a data protection office, built a customized process for the company to respond to Data Subject Rights requests (DSR), and a template for how to manage a record of processing private data (ROPA), along with how to perform ongoing PIAs within their environment. Mazars also provided a data protection officer (DPO) service, to support the company until the program was fully mature. As a result of the initiative, the company was able to continue with its expansion and integration with its partners, supporting a prosperous outlook for the future.

  14. CASE STUDY | major manufacturer GDPR HOW MAZARS HELPED Based on Mazars’ previous IT-related consulting and audit work, the company requested our help with developing a more efficient and effective Privacy Impact Assessment (PIA) program. Working with the company’s Legal department, in less than three weeks Mazars was able to develop a GDPR compliant PIA program that enabled the company to perform PIAs in one week – an 85% reduction in time, using less than 40 work hours. THE CHALLENGE • A major U.S. manufacturer processed large amounts of personal data in multiple countries. Because some of their operations fall under the jurisdiction of the European Union, they needed to assess their operational compliance with the privacy policy rules under the EU’s General Data Protection Regulation (GDPR). • In particular, they were concerned about being fined for non-compliance, or losing market share if they were subjected to sanctions requiring them to temporarily cease operations. They also recognized that if they were found not to be compliant, other compliant companies would not do business with • them. BENEFITS ACHIEVED • The reduced work hours led to 80% reduced costs for the function and, with the new system in place, the • company has been able to avoid fines, while maintaining high levels of confidence from their customers and • the regulators.

  15. CASE STUDY | major manufacturer GDPR HOW MAZARS HELPED Working with HR, Security, Legal, IT, and Compliance, Mazars developed a standardized approach that could effectively and efficiently manage the most privacy-sensitive processes across multiple entities of the group. In addition, Mazars conducted a thorough analysis of the company’s SLA measures and made recommendations for implementing binding rules to secure international transfers necessary to ensure that data transfers to other countries met legal and security requirements. Then, to ensure a speedy and effective rollout, Mazars conducted an organizational analysis, and developed a cross-functional action plan for each group – setting up dedicated corporate initiatives to reinforce GDPR compliance on specific topics (best practices, retention, transfers, etc.). THE CHALLENGE • The EU’s General Data Protection Regulation (GDPR) is a growing concern for companies doing business in • Europe. • A US-based recruiting company recognized they faced greater exposure from privacy issues due to the highly personal nature of the data they hold on job candidates. To mitigate the financial and reputational risks and potential costs of non-compliance with the GDPR, senior management issued a corporate directive for all divisions to be in compliance from an organizational, technical and legal standpoints; for each group to conduct regular risk analyses of existing and anticipated processes and tools; and for each group to proactively develop recommendations to eliminate or correct any identified or potential areas of • non-compliance. BENEFITS ACHIEVED • As a result, the company was able to generate a corporation-wide awareness of the importance of privacy, • were able to develop specific tools to achieve and maintain compliance, and were able to ensure that private • data and data subject requests are appropriately controlled and responded to, avoiding brand degradation • and promoting security. • Company executives and the Board of Directors now have a high level of comfort that the brand’s • reputation will be enhanced, and the risk of fines or cease orders is minimized.

  16. Our professionals

  17. Our team leaders Our highly qualified cyber and data privacy professionals are certified as: Atif Ghauri, Principal Phil Jones, Director SergheiIftodi, Director SergheiIftodi has 12 years of executive, managerial and consulting achievements leading and delivering managed security solutions and services to multiple Fortune 500 organizations as part of Federal and Regulatory Compliance programs, strengthening their security posture and helping fight cyber crime. Serghei is highly skilled in Security Information and Event Management (SIEM) technologies as well as Security Operations Center best practices in detecting and responding to cyber threats as well as meeting and maintaining compliance controls, such as SOX, PCI-DSS, HIPAA, NERC-CIP, FISMA and others. Atif is a renowned cybersecurity expert with 20 years of experience in management consulting, technical and sales operations, product management, and business development. He is an innovator in cybersecurity, receiving a patent in security analytics on embedded consumer devices monitoring user activity anomalies. Prior to joining Mazars USA, Atif served as Senior Vice President & Chief Technology Officer of the largest independently owned managed security services provider. Phil is a Privacy Leader, Director of Security, Chief Security Architect, and Data Privacy Officer (DPO) with a Master Level Security and in the process of achieving his Fellowship in Privacy (FIP) certification. Phil has built multiple privacy programs ranging from startups to major international organizations. He has guided multiple board of directors through tough and complex compliance of security and privacy regulations. Cybersecurity Managed Services Cybersecurity Practice Leader Cybersecurity Advisory Services in order to deliver best in class knowledge, service, and customer experience. in order to deliver best in class knowledge, service, and customer experience. Our highly qualified cyber and data privacy professionals are certified as: CISSP CISM CIPM HCISPP CISA CCSFP Project+ Network+ MCSE MCITP:EA ITILv3 QSA CCK Cloud Essentials

  18. Why choose mazars Mazars is a truly integrated partnership which allows us to operate as one united team across international borders. This unique structure ensures that you receive a seamless service unhindered by international (organizational) barriers. This structure is the foundation upon which our international services are built. Proximity Coordination Integration • What does it mean for you? • Complex issues expressed in simple terms • Common language • Easy access to local talent and knowledge base • What does it mean for you? • One senior local contact • Global ownership • Direct access to Mazars experts to ensure speed & efficiency • What does it mean for you? • We will deliver to you as a strategic client • Global decision making • Global quality assured

  19. Atif Ghauri Principal Cybersecurity Practice Leader (P) 267.254.8040 | Atif.Ghauri@MazarsUSA.com Phil Jones, Director Cybersecurity Advisory Services (P) 813.760.5347 Phil.Jones@MazarsUSA.com SergheiIftodi, Director Cybersecurity Managed Services (P) 267.532.4343 Serghei.Iftodi@MazarsUsa.com

More Related