Technology risk
and audit consulting.
For financial institutions and digital asset firms.

Available for immediate engagement.

Technology risk, audit, compliance, and GRC consulting — IT audit execution, control framework design, regulatory readiness, operational resilience, and GENIUS Act compliance.

What clients need right now
  • Year-end ITGC testing behind schedule — Q4 deadline approaching
  • SOX 404 gap — auditor left mid-engagement, workpapers incomplete
  • FFIEC examination preparation — IT controls documentation missing
  • GRC program build — risk framework, control taxonomy, and policy design needed
  • GENIUS Act compliance build — OCC examination window open
IT Audit · GRC · Compliance · GENIUS Act · OCC

Most stablecoin issuers have never built institutional-grade controls inside a regulated framework. The GENIUS Act requires a complete compliance architecture — and the deadline is already moving.

📋
Four concurrent agency rulemakingsOCC, FDIC, FinCEN/OFAC, and Treasury are each issuing implementation rules simultaneously. Most issuers are tracking four regulatory tracks with no unified compliance architecture.
January 2027 effective dateLicensing, reserve certification, BSA/AML program, and examination readiness all converge on the same deadline. Control build takes months — the window is narrowing.
🏛
The gap is institutional experienceBuilding bank-grade controls on blockchain-native infrastructure requires someone who built the systems and audited the controls at institutions where these standards originated.
Solutions & Services

What I do. How I can help.

Technology risk, audit, compliance, and GRC — executed directly or embedded in your team.

Consulting Services · Senior Independent Execution

Institutional-grade experience applied directly to your engagement. Completed workpapers, fixed deadlines.

IT Audit Execution
ITGC, SOX 404 & Regulatory Audit
End-to-end IT and integrated audit execution — ITGC, ITAC, SOX 404, SOC 1/2, FFIEC examination preparation, and trading platform audit. Senior-level execution through to final reporting.
GRC & Compliance
Control Framework & Regulatory Readiness
GRC program design, risk taxonomy, control framework build, gap assessment, multi-regulator examination preparation, and compliance readiness across COSO, NIST CSF, and FFIEC standards.
Stablecoin & GENIUS Act
PPSI Compliance Build
Reserve attestation controls, BSA/AML program, SOC 2 readiness, and OCC examination preparation — delivered using the Stablecoin ICA program as the compliance architecture.
For Audit & Consulting Firms
Embedded Senior Execution
Step-in support for engagements behind schedule. Specialist execution — OPERA and Stablecoin ICA — for firms staffing GENIUS Act and GRC client work.
Also — Built for Stablecoin Issuers
OPERA — Operational Evidence, Resilience & Assurance
An AI-enabled operational assurance platform that continuously validates whether critical stablecoin functions are operating safely — the only published framework of its kind under the GENIUS Act. Built as a deployable solution for stablecoin issuers and consulting firms.
Explore OPERA →
About

Built it. Transformed it. Audited it.

Thirty years across three roles, each building on the last — trading systems developer, technology transformation PM across six global institutions, then nine years auditing technology risk and GRC at Goldman Sachs. That sequence shapes how the work gets done: systems experience informs the audit, audit experience grounds the compliance program.

1997–2005
Trading Systems Developer
Bear Stearns · JPMorgan · Bank of America · Bunge
2006–2015
Technology Transformation PM
UBS · Credit Suisse · HSBC · Citigroup · Bunge
2015–2025
Technology Auditor & Risk Manager
Goldman Sachs (GBM) · Tradeweb Markets
30
Years in financial technology, risk & audit
9
Years at Goldman Sachs — GBM trading & post-trade
Institutional experience
Goldman SachsTradewebJPMorganBank of AmericaBear StearnsUBSCredit SuisseHSBCCitigroup
Core capabilities
ITGC · ITACSOX 404SOC 1 · SOC 2GRC Program BuildCOSO ERMFFIECRegulatory ReadinessOperational ResilienceBSA / AML/CFTTrading SystemsStablecoin ICAOPERA
The Work

Published programs. Live platforms.

Three deliverables, publicly available — so you can evaluate the work before any conversation.

Get In Touch

Let's talk about your project.

Whether you have a GENIUS Act compliance build underway, an audit behind schedule, or a gap on your team — send a message and I will respond within one business day.

01
Embedded on your project
I come in, work alongside your team, and deliver completed work. On-site or remote.
02
Audit behind schedule
Scope already defined. I assess where things stand and complete the work on time.
03
Retained independent oversight
Senior technology risk and audit expertise on a continuing basis. Monthly engagement.
Send a message

I respond within one business day.

Message sent.
I will be in touch within one business day.