
Robert A. Aanerud
Accredited Certifying Body Lead Auditor for ISO Registrars in multiple ISO Standards and Industry Specialty Codes
Principal Cybersecurity and Privacy Consultant, Auditor and Technical Advisor
Robert A. Aanerud is an internationally recognized expert in the design, delivery, implementation, and audit of cybersecurity, privacy, and data protection conformance and compliance programs, auditing, and consulting services. Robert has more than 50 years of experience and is sought out for his depth of knowledge and experience in all areas of information security, privacy, ethics, compliance, audit, and corporate governance.
Certifications
- IRCA-Certified Auditor for ISO 9001, ISO 20000, ISO 27001, and ISO 27701
- Certified Cybersecurity Maturity Model Certification Professional (CCP)
- Certified ISO 27001 Trainer - RABQSA International (now Exemplar Global)
- ISC2-Certified Information System Security Professional (CISSP)
- Certified HIPAA Security Professional (CHSP)
- BCS/ISEB Certificate in International IT Law
- ISC2-Certified CISSP Trainer
- Certified Defense Industrial Security Program – Facility Security Officer (FSO)
- Certified International Association of Quality Circles (IAQC) Facilitator
- Law Enforcement Association of America (LEAA) Expert Witness – Computer Security and Privacy
Career Accomplishments
Robert has worked with more than 120 Fortune 500 corporations in the United States, and with hundreds of organizations and government entities in the U.S., U.K., Canada, Europe, and Central and South America. He has experience with critical infrastructure clients in financial services, insurance, telecommunications, transportation, manufacturing, gas and oil, chemical, pharmaceutical, government, and education.
Robert has completed more than 3,000 ISO 27001, ISO 27701, and ISO 20000 registration audits as a principal auditor and also as principal and the international practice leader for information security architecture in Information Security Assurance and Advisory Services (ISAAS) Practice Areas for a “Big 4” audit firm.
His experience is inclusive of national and international data protection and regulatory compliance in the following areas:
- Information Security Management System (ISO 27001 ISMS) and Information Technology Service Management (ISO 20000 ITSM) pre-assessment, risk assessment, audit, management, and control
- Control gap analysis, design, implementation, and audit
- Information security consulting services
- Information privacy consulting services
- Management System education and awareness training and design
- Legal and regulatory review, research, and compliance matrix establishment
- General and IT controls audits
- Policy and procedure review and development
- Sociological profiling
- Executive protection programs
- Many other security, privacy, and information assurance and protection areas of interest to organizations, their management, and regulatory bodies
Skills and Expertise
- Expertise from engagements in healthcare, pharmaceutical, information technology, CRM, automotive, gas and oil, and financial services industries under multiple legal and regulatory requirements specifications (GDPR, CMMC, NIST Special Publications, GLBA, HIPAA, ISO, State Breach and Disclosure, E-Discovery, Sarbanes-Oxley, SEC Rules, NACHA Rules, NCUA Rules, PCI, etc.) and Generally Accepted Standards and Procedures
- Strong knowledge and understanding of International Legal and Regulatory, U.S. Federal, State, and Sectoral security and privacy law and regulation
- Legal and Ethical Compliance Review (inclusive to International, Federal, and Sectoral Legislation and Regulation, including GDPR, HIPAA, GLBA, Sarbanes-Oxley, PIPEDA, PIPA, OECD Principles, EU Directives)
- SOC General and IT Control Audits and Reviews
- Network Vulnerability and Penetration Testing
- Business Continuity Management and Planning
- Executive Risk Profiling, Protection, Planning, and Management Ascendancy
- Ex-Patriate/In-Patriate Risk Assessment and Protection Programs
- Instructional Design, Content Development, and Curriculum Development and Management for Computer-Based-Training
- Homeland Security/Customs Trade Partnership Against Terrorism (CTPAT)
- Operational Intelligence/Intelligence Sources and Methods
- Incident Planning, Management, Response, and Reporting
- Organization for Economic Co-operation and Development (OECD) Principle Interpretations
Professional Affiliations
- CMMC AB/CYBER AB
- International Information System Security Certification Consortium (ISC2)
- Information Systems Audit and Control Association (ISACA)
- Computer Security Institute (CSI)
- Institute of Internal Auditors (IIA)
- Institute of Quality Assurance
- RABQSA International
- International Register of Certificated Auditors
- Guest Speaker at numerous Conferences and Professional Meetings
How Can We Help?
Our advisory, consulting and second-party audit services are tailored to each company we serve.
Trust
Plain Dealing
Tailored Services
Safety First
Attention to Details
© JBW Group International, LLC | A Member of Griffin Family Companies | Privacy Policy