Bhavesh N. Vadhani

Bhavesh Vadhani is a principal and the global leader of the Cybersecurity, Technology Risk, and Privacy Practice with over 20 years of experience in the field of information risk management, security consulting and privacy advisory services. He has led and managed such engagements as privacy assessments, information technology (IT) controls assessments, vendor security assessments, SSAE 16/SOC 1 and SOC 2 attestations, IT risk assessments, information security consulting, information assurance, IT strategy, IT portfolio management, and project management and quality assurance reviews.  Bhavesh is intimately familiar with regulatory requirements and standards, including, but not limited to, GDPR, CMMC, NYDFS, DFARS, Sarbanes-Oxley 404 (SOX), OMB A-123, PCI-DSS, 201-CMR 17, Red Flags, FedRAMP and FISMA. 

In his current role, Bhavesh works with organizations in different industry verticals including consumer product and retail, financial services, health care, government contracting, manufacturing and distribution, and technology.  He helps organizations adopt industry best practices and frameworks to improve efficiencies in day-to-day processes and identifies IT governance initiatives that help corporations and organizations enhance their existing IT environment.  He assists IT department executives with their information assurance, IT strategy, and information security initiatives.  

Prior to joining the firm, Bhavesh worked as an IT audit/security manager for a Big Four accounting firm.  In that role, he led and managed a portfolio of information assurance engagements focused in SOX advisory, IT audits to support financial statement audits, controls tuning, IT process effectiveness, business process re-engineering, SAS 70 reviews, FISCAM and FISMA audits, and security and controls optimization.  His clients included various Fortune 500 companies.

Bhavesh’s designations include Project Management Professional (PMP), Certified Information Systems Auditor (CISA), Certified in Risks and Information Systems Controls (CRISC), and Certified in the Governance of Enterprise IT (CGEIT).