Senior management in Financial Services firms have a responsibility to ensure their employees have sufficient knowledge and understanding of the Regulatory environment they are working in. This knowledge helps in emphasising the need for compliance with policies and procedures in order to protect the firm and the individual from failing to “do the right thing”.
ACA Aponix® provides cybersecurity and technology risk programs, data privacy compliance services, vendor and M&A diligence services, portfolio company oversight, network testing, and advisory services for companies of all sizes.
Strengthen your cyber program with Aponix Protect™
Aponix Protect helps firms address evolving cyber risks and threats to ensure that their cybersecurity needs are covered year-round. This solution is available in three tiers, each one designed to provide firms with a flexible, robust, responsive, and cost-effective cybersecurity program.
Increase oversight of your portfolio companies' cyber risk with PortCo Defend™
Our PortCo Protect program is designed to provide high-level insight into cybersecurity risks across a portfolio and measure the maturity of the cybersecurity approach at each investment entity. The program establishes minimum security requirements, a measurement framework and governance, and provide guidance/ assistance where needed. It is not intended to cause rework or significantly change the direction of a portfolio companies current security initiatives.
Minimize risk and maximize enterprise value with technology, cyber, and privacy M&A diligence
Our team assists private equity firms with IT, cybersecurity, and privacy transaction advisory and risk management services. We provide full M&A integration analysis, design, oversight and execution services to help you minimize risk and maximize enterprise value for your most complex transactions by closely aligning our services with your investment thesis.
Why work with us?
We provide cybersecurity and technology risk programs, data privacy compliance, vendor and M&A diligence services, network testing, and advisory services for companies of all sizes. Our unique approach combines a deep understanding of your workflows with our methodologies, thought leadership, and proprietary data to surface and prioritize the most important risks. Our award-winning solutions are designed to help firms uncover risks and identify deficiencies in their cybersecurity policies, procedures, and controls.
Why work with us?
Deep information technology experience. Award-winning solutions. Holistic approach to technology risk.
- Experienced global team
- Certified team members
- Thought leaders in cybersecurity and IT risk
- Over 650 companies work with us
- Award-winning technology and solutions
- Holistic approach to cybersecurity and IT risk
ACA Aponix provides cybersecurity and technology risk assessments, data privacy compliance, vendor and M&A diligence services, network testing, and advisory services for companies of all sizes. Our unique approach combines a deep understanding of your workflows with our methodologies, thought leadership, and proprietary data to surface and prioritize the most important risks. Our award-winning solutions are designed to help firms uncover risks and identify deficiencies in their cybersecurity policies, procedures, and controls.
Who we are
- Our team consists of senior technologists who have started in the technology trenches, many growing into technology leaders at organizations ranging from small to large hedge funds, bulge-bracket banks, and technology services providers for the financial services sector.
- ACA Aponix staff maintain or have held the following relevant certifications around cybersecurity risk management, incident response, penetration testing, information security, IT governance, privacy, and business. Additionally, select ACA Aponix staff maintain U.S. military security clearance.
- CISSP, CISM, CISA, ISO27001:2013, CGEIT, CRISC, CTPRP, Security+, OSCE, OSCP, CEH, GXPN, GPEN, GWAPT, GCFE, GCCC, GCIH, GCIA, ECSA, SSA, CREST CPSA
- CIPM, CIPP, CIPT
IT & Business Continuity
- A+, CCA, CNE, CCNA, CCNP, CSPO, ISO22301:2013, MCSA, MCSE, MSCP, Network+
- CFA, CM&AA, GSLC, JD, MBA, PhD, PMP, Six Sigma Black Belt
Our leadership team
Kavitha is a Partner and the Business Lead for ACA Aponix, the dedicated global cybersecurity and technology risk advisory team.
Chad is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group and oversees ACA Aponix’s Strategic Technology Advisory and Risk practice.
Mike is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group.
James is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group. James manages ACA Aponix in Europe.
Marc is a Strategic Advisor at ACA, and a Co-founder and formerly a Co-head Partner at ACA Aponix.
Kris is a Managing Director at ACA Aponix, specializing in information security program and policy development, risk management, vulnerability assessments, third-party security assessments, and audits.
Henry is a Managing Director at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group and oversees the sales department for the division.
Alex is a Managing Director at ACA Aponix, overseeing ACA Aponix’s GDPR, CCPA, and other privacy regulation data-processing reviews and related programming.
Sara oversees ACA Aponix's vendor diligence and management service (VMOS) team.
Jose is a Director at ACA Aponix leading the penetration team.
Christine is a Director at ACA Aponix.
Latest cyber and risk insights
ACA’s Spring 2021 Virtual Conference was an opportunity for the regulatory compliance, performance, and cybersecurity community to come together and discuss the many changes of the past year and what the future of GRC looks like moving forward.
- GIPS Standards
- Regulatory Technology
The SEC announced that it sanctioned eight firms for failure to establish and implement cybersecurity policies and procedures. These failures resulted in multiple instances of criminal email account takeovers causing personally identifiable information from thousands of customers and clients to be exposed.
Industry analyst 1LoD recently hosted a two-day Deep Dive on operational resilience, cybersecurity, and third-party risk. Attendees represented financial institutions (75%), technology firms (13%), consultancies (11%), and regulators (1%) from around the world. Speakers featured experts in resilience and cybersecurity, including ACA Aponix® Partner Michael Pappacena. We recommend downloading the full report to get a sense for what your peers are doing, how your firm compares, what regulators expect, and what you need to do to build a stronger operational resilience program.
The SEC recently fined a company for providing misleading information about a breach it suffered. This fine serves a warning for companies to not only protect themselves against cyber incidents, but to fully disclose information about cyberattacks if they occur.
Fundraising and compliance challenges are expected to increase for private equity firms in the second half of 2021 into 2022. We speak with Private Equity Wire about why support that blends practical and regulatory advice is becoming critical.
- Regulatory Technology
Multiple firms (including ACA) have reported recent receipt of phishing emails claiming to be from Microsoft. The emails are clearly spoofed. In this alert, we explain how to spot a phishing attempt.
ACA Group announced today that ACA Aponix® is the recipient of the Accounting/Due Diligence Firm of the Year in the 20th Annual M&A Advisor Awards. The M&A Advisor Awards are the benchmark for dealmaking excellence, recognizing the leading M&A Transactions, Restructurings, Deal Financings, Product/ Services, Firms, and Professionals.
ACA is delighted to be counted among the 100 most innovative RegTech companies in the financial industry.
The regulator is clear, you and your team must review your competence and training needs regularly. This course is designed specifically to assist all staff in meeting and staying up to date with their statutory and regulatory obligations.
Financial services providers that hold or control client money or assets must follow specific rules outlined in the Financial Conduct Authority’s (FCA) Clients Assets Sourcebook (CASS). This course is specifically designed to assist teams in dealing with client money audits and the client assets report, as well as helping them stay up to date with statutory and regulatory obligations in this complicated area.