IT Compliance Experts 2025

I’m a lifesciences compliance strategist with a passion for building real-world, right-sized programs in fast-moving environments. With deep experience in pharma and medtech, I specialize in translating regulatory complexity into practical, actionable frameworks. I’ve spent 7+ years navigating the gray areas of compliance—from training physicians on industry expectations to building startup programs from the ground up. I believe compliance should be ethical, functional, and human-centered—and that culture is built through clarity, storytelling, and respect, not fear. Outside of policy and audits, I speak regularly on startup compliance and love turning “boring” topics into memorable moments. I'm here to connect, create, and contribute.

CEO of TrustNet, a leading provider of cybersecurity and assurance services serving some…

CISO and advisor helping FinTechs turn DORA/NIS2/PSD2, PCI DSS, ISO 27001, and GDPR into practical resilience and business value. 20+ years across architecture, incident response, and program build-out. I prioritise KPIs, clear board communication, and continuous improvement, not checkbox compliance. Highlights: led DORA/NIS2 readiness for cross-border teams (faster audits; 30%+ lower regulatory risk), stood up vCISO/vDPO programs with cloud-native controls, vendor risk, and privacy automation. Community: OWASP Riga and Cloud Security Alliance Chapter Lead. Need to get regulator-ready? Let’s connect.

Charles Edda & Charles Bouley, Inc. (CECB) is a Texas-based cybersecurity company founded in 1999. The company specializes in managed security risk assessments, including vulnerability scanning, penetration testing, and security awareness training. Its primary clients include small businesses, medical practices, and law firms. The company is currently owned and operated by Dr. Rachel Levitch, who has expanded its services to provide advanced cybersecurity solutions that integrate financial risk management and regulatory compliance. CECB's services follow industry-recognized cybersecurity frameworks such as the National Institute of Standards and Technology (NIST), ISO 27001, and CIS Controls to help organizations establish robust cybersecurity practices and culture.

James is a CPA, IRS Enrolled Agent, and Tax Resolution Specialist at CanvaTax (canvatax.com), where he helps individuals and businesses resolve complex tax issues including IRS debt, back taxes, and penalty relief through programs like the IRS Fresh Start Initiative. With hands-on experience navigating IRS negotiations and tax compliance, James provides practical, results-driven guidance to clients facing financial uncertainty.

I am an academic professional seeking continuous growth. I desire to advance my career path at CIU substantially. Not conforming to the organizational standard, yet my goal is to go above and beyond until reaching the ultimate limit in my professional career. * I take on new projects/ideas and turn them into applicable initiatives. * I am constantly finding new ways to deliver outstanding results. * My initiatives begin with the end goal of creating an exceptional student experience and making the

Shyam Gajula is a Cybersecurity Professional specializing in Endpoint Security, Identity & Access Management (IAM), Zero Trust Architecture, and Cloud Security with 9+ years of experience securing enterprise and hybrid environments. He helps organizations strengthen security posture by implementing identity-centric architectures, continuous risk reduction frameworks, and compliance-focused controls across AWS, VDI, and distributed infrastructures. Shyam holds the AWS Certified Solutions Architect credential and has hands-on expertise in cloud security design, endpoint hardening, authentication frameworks (including SAML 2.0 / SSO), access governance, EDR/agent policy optimization, and secure cloud operations. His research and practical work focus on real-world defenses against modern threats, endpoint risk scoring, and identity-driven security automation. He is a published cybersecurity researcher, an international keynote speaker, and serves as a judge and evaluator for global cybersecurity awards and innovation competitions. Shyam frequently contributes to peer review panels and provides expert insights on best practices for Zero Trust adoption, cloud risk mitigation, and securing modern digital workplaces. Orcid Research Profile: https://orcid.org/0009-0001-4279-9629

Founder & CEO of Genbounty - AI safety & compliance testing. Genbounty is a an AI safety testing hub and provider of EU AI Act compliance and certification. About me AppSec SME, AI Engineer, Developer | BSc, MBA, PRINCE2, CompTIA+, CISSP

As a Cybersecurity Auditor operating at the intersection of complex digital infrastructures and human systems, my mission is to build resilience in an increasingly volatile world. With over 20 years of experience in Global MNCs, I’ve realized that protecting a network is only half the battle; the ultimate firewall is the clarity and alignment of the professional mind. ​I am a published author of three works that explore the architecture of security and the science of patterns: ​'The Interview': A deep dive into the technical and psychological nuances of Cybersecurity. ​'Cosmic Catalyst' & 'Beyond Constellations': Research into systemic cycles, predictive analytics, and ancient pattern-recognition frameworks. ​ My methodology is unique. By day, I audit global cybersecurity frameworks for US-based clients. Beyond the code, I am a dedicated researcher of Bio-Energetic Systems and Chronobiological Trends. I have successfully applied these 'multidimensional' patterns to predict global events and organizational shifts with high accuracy—bridging the gap between the measurable and the metaphysical. Through my research I offer high-performance philosophy to fellow cybersecurity professionals. My goal is to help leaders navigate 'zero-day' life challenges with the same precision they apply to their digitalecosystem. ​ I believe the future of leadership belongs to those who can traverse both the logical and the intuitive. I am here to help you audit your path to sovereign success.

As a strategic advisor, alliance builder, and subject matter expert with over two decades of experience, I help global enterprises and public sector organisations navigate the complexities of data management, eDiscovery, and cyber risk in an era of accelerating digital regulation and unstructured data growth. My background spans leadership roles in enterprise technology sales, consulting, and service delivery, focusing on data-intensive environments where compliance, litigation readiness, and operational intelligence are critical. With hands-on experience in incident response, breach investigation, and regulatory frameworks like GDPR and NIS2, I’ve helped organisations transform reactive data chaos into strategic business insight. Through my consultancy work, I lead programmes that address the core challenges enterprises face today: outdated storage architectures, fragmented data strategies, and the proliferation of ROT (redundant, obsolete, and trivial data) and “dark data” information collected but never utilised. I enable clients to regain visibility, reduce risk, and comply with strict data retention requirements such as GDPR’s 7-year rule, DSARs and Right to be Forgotten. My expertise is underpinned by next-gen tools like Lightning IQ capable of indexing up to 1.3 billion files per hour enabling scalable, low-impact analysis of petabyte-scale unstructured data environments. This supports advanced use cases, from compliance and litigation readiness to AI enrichment, ESG reporting, and cloud transformation. Whether advising C-level stakeholders, partnering with global system integrators, or leading high-impact data optimisation projects, my goal is always the same: to convert complexity into clarity, and risk into opportunity.

I am a healthcare compliance executive and the originator of Stark Watch, a generative AI platform built to monitor physician contracts for strict adherence to the Stark Law and the Anti-Kickback Statute (AKS). As a Compliance Vice President at a $4B health system, I navigate the complexities of healthcare regulations, hospital-physician financial relationships, and corporate ethics on a daily basis. Ensuring physician compensation compliance is one of the most resource-intensive challenges for modern hospitals. Historically, auditing these agreements for Fair Market Value (FMV) and commercial reasonableness required hundreds of hours of manual review. Recognizing this bottleneck, I architected Stark Watch to transform healthcare regulatory technology (RegTech). Our compliance software leverages generative AI to automate contract analysis, detect potential AKS violations, and track compensation tied to Designated Health Services (DHS). By turning a reactive auditing process into a proactive, technology-driven workflow, Stark Watch empowers health systems to protect their bottom line, avoid severe regulatory penalties, and maintain the highest ethical standards in their physician partnerships. With a deep commitment to safeguarding healthcare integrity, I hold triple certifications: Certified in Healthcare Compliance (CHC), Certified Compliance & Ethics Professional (CCEP), and Certified in Healthcare Privacy Compliance (CHPC). My current focus is bridging the gap between stringent regulatory frameworks and cutting-edge technology. I actively use artificial intelligence to streamline compliance operations, ensure alignment with OIG safe harbors, and mitigate AKS and Stark Law risks in complex contracting environments. My professional focus centers on providing actionable insights into the practical application of AI in healthcare administration, the evolving landscape of the Stark Law and Anti-Kickback Statute, and the future of healthcare compliance software. Whether analyzing recent Department of Justice enforcement trends or designing algorithms to parse complex medical directorship agreements, my goal is to make healthcare compliance more efficient, accurate, and accessible.

RERA360 is a specialized real estate compliance and advisory firm focused exclusively on the Real Estate (Regulation and Development) Act, 2016 (RERA). The organization supports builders, developers, real estate agents, and homebuyers by simplifying complex regulatory requirements and ensuring end-to-end compliance across real estate projects. With a strong understanding of RERA frameworks, state authority processes, and evolving regulatory guidelines, RERA360 delivers structured, accurate, and timely compliance solutions. Its services cover project registration, quarterly and annual filings, documentation management, authority coordination, and advisory support—helping stakeholders operate with transparency, accountability, and legal certainty. RERA360’s approach is built on clarity, process discipline, and practical execution. By reducing compliance risks and administrative burdens, the firm enables real estate professionals to focus on project delivery, credibility, and long-term growth while remaining fully aligned with regulatory obligations. The mission of RERA360 is to strengthen trust in the real estate ecosystem by making compliance simple, accessible, and reliable—transforming regulatory requirements from obstacles into operational advantages.

After 30 years inside the IRS, I retired under the Elon-Musk deal and opened my own tax and bookkeeping business. I see tax strategy and tax compliance from a lens of experience and work tirelessly to protect my clients and help them grow their business.

For approximately the last 30 years, I have worked within and with organizations to help them to address the challenges presented by climate change and sustainability. Frustrated by the unnecessary complexity in these areas, my mission is to simplify the complex for the greater environmental benefit and provide cost effective solutions to help organisations on their sustainability journey. My understanding of regulations, their direction and evolution has enabled me to simplify this complexity and influence company strategies to ensure the risks presented are managed and the potential of new opportunities realized. My knowledge across a broad spectrum of sustainability regulations and carbon markets of the UNFCCC, EU ETS, and domestic schemes in the UK, US, Kazakhstan, Korea, China and and sector specific schemes such as EU MRV, UK MRV and IMO DCS, enables me to advise both global and local players, on all sustainability issues wherever they are. I relish opportunities to design regulations, guidance, standards, schemes, and management systems and in understanding and implementing approaches and tools for them for business benefit. I have helped governments and organisations work through the maze of technical, operational and commercial issues that must be navigated to realise the opportunities of new regulatory requirements in these areas. I am privileged to have written for leading publications and speak on climate change and sustainability subjects at a variety of events. I have also designed and delivered tailored workshops and training courses on numerous subjects including: Extended Producer Responsibility, Recyclability Assessments, Environmental Auditing, Environmental and Energy Management Systems, Carbon Footprinting, Net Zero approaches, Verification, CSR, EU ETS, MRV and Electricity Capacity Markets for specific organizations, governments and business groups. I pride myself on my ability to simplify the complex and provide understanding where there may be confusion.

Information Technology executive with over 35 years of experience. I have led teams responsible for multi-site, multi-language, multi-currency ERP implementations (Oracle EBS, Infor XA, WMS, and Microsoft Dynamics) and significant upgrades. Responsible for ERP systems at all global sites supporting engineering, procurement, manufacturing, distribution, quality, and financial services. My digital transformation vision takes a customer-centric approach by aligning processes around external and internal customers to deliver the desired outcomes and a more reliable and consistent process, and digital enablement to push for innovation to gain quicker insights, address customer needs sooner, and find new ways to create value. I lead teams of developers, business analysts, database administrators, data analysts, and network administrators overseeing an active IT department. I am also responsible for centralized data center supporting multiple global sites. Specialties: Project Management, application development, network infrastructure, telecommunications.

With 20+ years' of experience in risk management and IT security, I excel at crafting secure, compliant, and efficient frameworks for businesses navigating complex regulatory landscapes. My expertise lies in developing Information Security Management Systems (ISMS) that achieve ISO 27001 certification, achieving up to 80% cost reduction in security implementations compared to traditional approaches. As an EC-Council subject matter expert for the CEH certification, my knowledge in ethical hacking and cybersecurity is both deep and broad. I take pride in the iO-GRCF , my proprietary framework designed to streamline and simplify cross-compliance. My goal is to foster partnerships within the industry to address governance, risk, and compliance challenges, while offering IT companies lucrative compliance, gap assessment, and penetration testing solutions.Professional Goals:* Forge partnerships with industry leaders to collaboratively tackle governance, risk, and compliance challenges.* Generate leads with IT companies to offer streamlined compliance, gap assessment, and penetration testing solutions, providing them with new revenue streams.Interests:Follow and engage with industry leaders and organizations that are at the forefront of cybersecurity, compliance standards, and IT innovations.

A highly accomplished Financial Services Senior Executive known for: 1. Rapidly…

I’m a legal-tech and privacy compliance specialist with 14+ years of experience working at the intersection of web engineering, data protection, and regulatory compliance. I currently lead compliance audits and forensic privacy assessments at Auditzo, where my work focuses on GDPR, CCPA/CPRA, CIPA, and cross-border data protection issues for high-traffic websites and SaaS platforms. I specialize in identifying hidden trackers, pre-consent data flows, CMP failures, session replay risks, and unlawful data transmissions using technical evidence such as network logs, HAR files, browser DevTools, and server-side analysis. I regularly collaborate with developers, legal teams, and marketing leaders to translate complex privacy risks into actionable, compliant technical solutions — particularly for multi-site, EU-US digital ecosystems. My insights are grounded in real-world audits, not theory.

Michel Fotsing is a CISSP-certified cybersecurity architect specializing in AI governance for organizations navigating emerging regulations (EU AI Act, NIS2, Quebec Law 25, GDPR). He consults for Quebec's government through Levio and serves on the ISC2 Exam Review Commission, contributing to international cybersecurity certification standards. Author of "L'Architecte Numérique: Orchestrer les intelligences à l'ère de l'IA" (2026, distributed by Hachette), he developed the Three Zones Framework for classifying AI-augmented security decisions. He also created StructureClerk.ca, a free compliance tool covering 169 jurisdictions. Michel can speak to: AI governance and shadow AI risks for businesses, cybersecurity strategy for SMEs, the human-AI decision boundary in critical systems, and data privacy compliance across international frameworks.