Paul Douglas

Paul Douglas is a Partner in the firm's Risk and Compliance Services (RCS) Group . With more than 15 years of experience, Paul primarily focuses on IT risk advisory, data privacy and security strategies, and IT compliance. He works with a broad base of clients in the higher education, healthcare, public company, and technology industries.

Paul guides clients through the complex landscape of security and privacy laws, translating laws, regulations, and requirements into actionable strategic plans. With his strong background in conducting high-value assessments and implementing robust risk management plans, Paul helps organizations to effectively address and mitigate risks. He has experience serving clients subject to a wide variety of standards, including Control Objectives for Information and Related Technologies (COBIT), the NIST Cybersecurity Framework, NIST 800-53 and NIST 800-171 for Controlled Unclassified Information, the HIPAA Security, Privacy, and Breach Notification Rules, the HITRUST Common Security Framework, The California Consumer Privacy Act (CCPA), the European Union's General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS).

Through his breadth and depth of experience, Paul leads his team to excel in developing and implementing comprehensive guidelines and best practices that ensure the confidentiality, integrity, and availability of clients' information and data. With a strong focus on delivering tailored solutions, Paul enables organizations to navigate the ever-evolving cybersecurity environment while maintaining regulatory compliance.

Prior to joining the firm, Paul was a Director at Postlethwaite & Netterville (P&N), a leading full-service accounting and business advisory firm.