Andrew Mathieson

Andrew is a seasoned IT risk & cybersecurity advisor and a leader in AAFCPAs’ Business Process & IT Consulting Practice responsible for providing information risk management, cybersecurity, and special IT attestation solutions. He helps clients—and those charged with governance and risk management—navigate their digital ecosystem with confidence. This confidence enables further innovation through technology!

Andrew has extensive experience providing direction, supervision, performance, and review of audit engagements, including SOC 1, SOC 2, SOC for Cyber security, and SOC 2+HIPAA. He also provides HITRUST Certification examinations and assessments, GDPR assessments, FFIEC assessments, GLBA assessments, HIPAA assessments, Internal Risk Assessments, and SOX 404 audits. He renders these services across a variety of industries, including Healthcare, Managed IT Services, SaaS/PaaS/IaaS companies, Data Centers, Cloud Services, Collection agencies, Printing and Mailing companies, Financial Corporations, and diverse nonprofit organizations.

The tech world is always changing, and Andrew recognizes that he must never stop learning. He remains committed to staying at the forefront of the rapidly evolving threat landscape of cybercrime and leveling-up his IT security knowledge. Andrew is currently a Certified Information Systems Auditor (CISA), a HITRUST Certified Cybersecurity Framework Practitioner (CCSFP), a Certified Information Systems Risk and Compliance Professional (CISRCP), a Certified Data Privacy Solutions Engineer (CDPSE), and he holds an advanced Certificate of Cloud Security Knowledge (CCSK). Prior to joining AAFCPAs in 2022, Andrew held senior level positions at national IT security consulting firms providing information risk management, cyber security, and special attestation and compliance solutions.