Jim Kearney

CIA, CISA

Director

+1 (978) 569 2588

Jim is a director with Baker Tilly’s risk advisory practice and the New England leader in cybersecurity risk. He is a purposeful and passionate leader, who focuses on individual and team recognition to achieve results. Jim is a driver of high-performing teams who is accommodating and flexible to meet the needs of others. Jim has more than 10 years of Big Four experience prior to joining Baker Tilly. He focuses on serving a variety of clients across cybersecurity, internal audit, third party risk management, enterprise risk and compliance initiatives.

Baker Tilly's risk advisory practice goal in New England is to: Serve as essential, trusted advisors who execute at the highest level for an ever-growing client base.

Experience

Leads internal audit execution, inclusive of IA risk assessment activities through both co-sourced and outsourced resourcing models. Supports coverage across multiple risk domains and auditable universe analysis
Directs SOX 404 internal control engagements across life sciences, real estate, not-for-profit, insurance and technology organizations (both domestic and global)
Leads risk advisory projects related to cybersecurity regulatory compliance and maturity (NIST CSF/GLBA/OCIE/FFIEC CAT/NFA/ISO). Supports implementation of recommendations
Manages end-to-end agreed-upon procedures (AUP), SOC 1, SOC 2 and SOC 3 attestation reporting engagements, inclusive of readiness pre-assessments
Engages clients in enterprise risk management (ERM) through program build, requirements definition, risk domain inventorying and risk appetite/tolerance understanding
Responds to internal and external (PCAOB, peer review) quality inspections with strong success rates
Led go-to-market efforts related to the 2023 SEC cybersecurity disclosure requirements
Developed content and enablers to support end-to-end third-party risk management program evolution
Serves as a regional lead for governance, risk management and compliance (GRC) alliances

Involvement

Information Systems Audit and Control Association (ISACA), active involvement
Institute of Internal Auditors (IIA), active involvement

Thought leadership

Authored articles and perspectives on IT internal audit program development and cybersecurity risk management
Presented at multiple SOC reporting conferences/symposiums
Guest speaker for university management courses

Jim Kearney

Jim 's latest insights

Elevate your cybersecurity program: Integrating program management and governance

Vendor-risk management: Evolving a healthy vendor ecosystem

Strategies to address the new SEC cyber disclosure rule (and how to do it!)

The rise of proactive assurance, and why it’s here to stay

New SEC cyber incident disclosure marks first-time cybersecurity disclosure requirement across the capital markets

How to build an effective IT audit team during a time of skilled resourcing shortages

Top five cybersecurity and IT audit trends that most impact an organization’s ability to respond to today’s challenges