Brenna Mellen

Brenna is a member of AAFCPAs’ Business Process & IT Consulting Practice responsible for providing information risk management, cybersecurity, and special IT attestation solutions.

Brenna supports AAFCPAs’ Assurance Practice in providing Internal General Controls (ITGCs) Assessments to provide confidence to those charged with governance that there is proper risk management and risk mitigation related to IT systems. She evaluates users’ access to programs and data, program changes, program development, computer operations and network security. Brenna also assists in executing Cybersecurity Assessments. She performs digital and physical vulnerability & penetration tests, as well as phishing expeditions using social engineering.

Brenna has extensive experience performing special attestation engagements, including SOC 1, SOC 2, and SOC for Cyber security. She provides customized SOC reports that meet specific industry or customer requirements, such as NIST, HITRUST or GDPR. She works with client personnel to plan engagement strategy, define objectives, and address technology-related controls risks and issues.

Prior to joining AAFCPAs in 2022, Brenna gained hands-on experience in IT security and IT audit at national consulting firms providing information risk management, cyber security, and special attestation and compliance solutions.