Shahryar Shaghaghi, a Principal with CohnReznick Advisory and national leader of Cybersecurity and Privacy Practice, is focused on helping clients with their cybersecurity and privacy strategy and transformation programs. Shahryar is also the lead faculty at Columbia University focusing in IT Risk Management and Data Privacy for the Enterprise Risk Management graduate program. By leveraging his extensive technology and risk management leadership experience garnered from his tenure with major consulting and financial services companies and his solid track record with complex and global implementations, Shahryar has successfully helped chief technology, risk, compliance, legal, finance, operations, and security officers achieve their goals and optimize their critical and strategic programs.
Shahryar’s accomplishments include leading one of the largest and most complex global cybersecurity implementations in the world at a large financial institution. He is a recognized thought leader on cybersecurity, and a former member of the AICPA’s Center for Audit Quality (CAQ) and Assurance Services Executive Committee (ASEC) Cybersecurity working groups, along with other major accounting firms. He was instrumental in developing a cybersecurity attestation service (SOC for Cybersecurity) that will help auditors identify cyber risks.
Shahryar has deep expertise in the areas of cybersecurity, data privacy, application development, IT infrastructure management, digital transformation, IT due diligence, IT financial management, and business continuity. He also implemented compliance programs related to enforcement actions and industry recognized standards including NYDFS, CCPA, GDPR, ISO 27001, HIPAA, FFIEC, FISMA, NIST, SOC 2, SOC for Cybersecurity (author), DFARS, AML/KYC and FATCA.
Earlier in his career, Shahryar was a partner at BDO Consulting and led Technology Advisory and global Cybersecurity practices. Shahryar was a partner at Kurt Salmon where he was responsible for expanding CIO Advisory Services. He also served as executive vice president of IT Risk Management and Transformation with Citigroup, where he led strategic and reengineering initiatives for its Global Operations and Technology for Citi globally, including the Information Security Program. He is a former partner with Deloitte Consulting, where he formed and led their first information security consulting offerings. He spent the early part of his career with PwC and Andersen Consulting, now Accenture.