Baker Tilly
Contact us
Jim Kearney

Jim Kearney

CIA, CISA

Director

+1 (978) 569 2588

Leave a messagearrowCreated with Sketch.

Jim is a director with Baker Tilly’s risk advisory practice and the New England leader in cybersecurity risk. He is a purposeful and passionate leader, who focuses on individual and team recognition to achieve results. Jim is a driver of high-performing teams who is accommodating and flexible to meet the needs of others. Jim has more than 10 years of Big Four experience prior to joining Baker Tilly. He focuses on serving a variety of clients across cybersecurity, internal audit, third party risk management, enterprise risk and compliance initiatives.

Baker Tilly's risk advisory practice goal in New England is to: Serve as essential, trusted advisors who execute at the highest level for an ever-growing client base.

  • Leads internal audit execution, inclusive of IA risk assessment activities through both co-sourced and outsourced resourcing models. Supports coverage across multiple risk domains and auditable universe analysis
  • Directs SOX 404 internal control engagements across life sciences, real estate, not-for-profit, insurance and technology organizations (both domestic and global)
  • Leads risk advisory projects related to cybersecurity regulatory compliance and maturity (NIST CSF/GLBA/OCIE/FFIEC CAT/NFA/ISO). Supports implementation of recommendations
  • Manages end-to-end agreed-upon procedures (AUP), SOC 1, SOC 2 and SOC 3 attestation reporting engagements, inclusive of readiness pre-assessments
  • Engages clients in enterprise risk management (ERM) through program build, requirements definition, risk domain inventorying and risk appetite/tolerance understanding
  • Responds to internal and external (PCAOB, peer review) quality inspections with strong success rates
  • Led go-to-market efforts related to the 2023 SEC cybersecurity disclosure requirements
  • Developed content and enablers to support end-to-end third-party risk management program evolution
  • Serves as a regional lead for governance, risk management and compliance (GRC) alliances
  • Information Systems Audit and Control Association (ISACA), active involvement
  • Institute of Internal Auditors (IIA), active involvement

Authored articles and perspectives on IT internal audit program development and cybersecurity risk management

Presented at multiple SOC reporting conferences/symposiums

Guest speaker for university management courses

  • Certified Internal Auditor (CIA), IIA
  • Certified Information Systems Auditor (CISA), ISACA

Location

Boston, MA

Education

Bachelor's degree in finance and

information systems

Boston College, Carroll School of Management

Expertise

Jim's latest insights

Article
cybersecurity program program management and governance

Elevate your cybersecurity program: Integrating program management and governance

Article
people office

Top five cybersecurity and IT audit trends that most impact an organization’s ability to respond to today’s challenges

Article
vendor risk management vendor ecosystem

Vendor-risk management: Evolving a healthy vendor ecosystem

Article
Capitol building reflection at sunrise

Strategies to address the new SEC cyber disclosure rule (and how to do it!)

Article
Sun reflecting off of colorful building

The rise of proactive assurance, and why it’s here to stay

Article
U.S. Capitol Building reflecting on water in Washington, D.C.

New SEC cyber incident disclosure marks first-time cybersecurity disclosure requirement across the capital markets

Article
casual work space office

How to build an effective IT audit team during a time of skilled resourcing shortages