Heather B. Bearfield is a Principal in the Firm’s Boston office and serves as the National Technology Assurance Services Practice Group Leader. She is also a member of its National Alternative Investment, Healthcare and Financial Services Industry Groups. Ms. Bearfield has extensive experience with SOC engagements, internal and external audits, application reviews, internal and external vulnerability assessments, wireless assessments and penetration testing.
Ms. Bearfield has comprehensive experience in multiple aspects of Risk Management across business operations including regulatory compliance. She executes compliance engagements according to various regulations including SOX, MA 201 CMR 17.00 (Data Security), HIPAA Privacy, HIPAA Security, Meaningful Use, Dodd Frank, SOC1, 2, 3 and FISMA. She identifies process and control weaknesses, analyzes complex systems and works with clients to streamline operations within time and resource constraints. Also she is responsible for conducting global and nationwide IT Risk Assessments and IT Control Assessments in numerous vertical markets inclusive of manufacturing, banks, financial services, colocation hosting facilities and application service providers.
Ms. Bearfield's main focus has been around data security and CyberSecurity. Engagements include vulnerability assessments, penetration testing, controls testing and social engineering.
Ms. Bearfield manages Sarbanes-Oxley engagements and control assessments of corporate IT functions to ensure appropriate controls, accurate reporting, and thorough disaster recovery and business continuity plans and testing. She recommends and assists in the implementation of best practices to increase efficiency and effectiveness.
AREAS OF EXPERTISE
- SOC 1, 2, 3 (WebTrust, SysTrust)
- Sarbanes-Oxley Compliance
- IT Audits
- Application Reviews
- Security Assessments
- Data Security Regulations
- Financial Services
- Data Centers
- Alternative Investment Funds
- Master of Business Administration
University of Vermont
- Bachelor of Science, Business Administration
University of Vermont
PROFESSIONAL & CIVIC AFFILIATIONS
- Information Systems Auditing and Control Association (ISACA)
- Massachusetts Society of Certified Public Accountants (MSCPA)
- 100 Women in Hedge Funds
ARTICLES & PRESENTATIONS
- Target Announces Technology Overhaul, CIO Departure, Reuters: March 2014
- Target Tech Chief Resigns as it Overhauls Security, Associated Press Syndication Report: March 2014
- Neglect Physical Threat in Cyberattacks, The Wall Street Journal: August 2013
- CIO Summit: Insider Threat: March 2013
- Transition from SAS 70 to SSAE 16, IT Controls and Security: June 2012
- Sarbanes-Oxley: How to Assess IT Controls: March 2012
- SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards, April 2011
- Data Breaches: Protecting Critical Information, Association of Ski Defense Attorneys, March 2010