ACA Aponix

Cybersecurity, technology risk assessment, and privacy services

ACA Aponix® provides cybersecurity and technology risk programs, data privacy compliance services, vendor and M&A diligence services, portfolio company oversight, network testing, and advisory services for companies of all sizes.

Our expertise

1 of
abstract black and white looking up at bridge rails

Strengthen your cyber program with Aponix Protect™

Aponix Protect helps firms address evolving cyber risks and threats to ensure that their cybersecurity needs are covered year-round. This solution is available in three tiers, each one designed to provide firms with a flexible, robust, responsive, and cost-effective cybersecurity program.​

black and white looking up at side of building

Increase oversight of your portfolio companies' cyber risk with PortCo Defend™

Our PortCo Protect program is designed to provide high-level insight into cybersecurity risks across a portfolio and measure the maturity of the cybersecurity approach at each investment entity. The program establishes minimum security requirements, a measurement framework and governance, and provide guidance/ assistance where needed. It is not intended to cause rework or significantly change the direction of a portfolio companies current security initiatives.​

abstract black and white architectural lines and shadows

Minimize risk and maximize enterprise value with technology, cyber, and privacy M&A diligence

Our team assists private equity firms with IT, cybersecurity, and privacy transaction advisory and risk management services. We provide full M&A integration analysis, design, oversight and execution services to help you minimize risk and maximize enterprise value for your most complex transactions by closely aligning our services with your investment thesis.​

Why work with us?

We provide cybersecurity and technology risk programs, data privacy compliance, vendor and M&A diligence services, network testing, and advisory services for companies of all sizes. Our unique approach combines a deep understanding of your workflows with our methodologies, thought leadership, and proprietary data to surface and prioritize the most important risks. Our award-winning solutions are designed to help firms uncover risks and identify deficiencies in their cybersecurity policies, procedures, and controls.

Why work with us?

Deep information technology experience. Award-winning solutions. Holistic approach to technology risk.

  • Experienced global team
  • Certified team members
  • Thought leaders in cybersecurity and IT risk
  • Over 650 companies work with us
  • Award-winning technology and solutions
  • Holistic approach to cybersecurity and IT risk

ACA Aponix provides cybersecurity and technology risk assessments, data privacy compliance, vendor and M&A diligence services, network testing, and advisory services for companies of all sizes. Our unique approach combines a deep understanding of your workflows with our methodologies, thought leadership, and proprietary data to surface and prioritize the most important risks. Our award-winning solutions are designed to help firms uncover risks and identify deficiencies in their cybersecurity policies, procedures, and controls.

Who we are

  • Our team consists of senior technologists who have started in the technology trenches, many growing into technology leaders at organizations ranging from small to large hedge funds, bulge-bracket banks, and technology services providers for the financial services sector.
  • ACA Aponix staff maintain or have held the following relevant certifications around cybersecurity risk management, incident response, penetration testing, information security, IT governance, privacy, and business. Additionally, select ACA Aponix staff maintain U.S. military security clearance.

Our certifications

Cybersecurity

  • CISSP, CISM, CISA, ISO27001:2013, CGEIT, CRISC, CTPRP, Security+, OSCE, OSCP, CEH, GXPN, GPEN, GWAPT, GCFE, GCCC, GCIH, GCIA, ECSA, SSA, CREST CPSA

Privacy

  • CIPM, CIPP, CIPT

IT & Business Continuity

  • A+, CCA, CNE, CCNA, CCNP, CSPO, ISO22301:2013, MCSA, MCSE, MSCP, Network+

Business

  • CFA, CM&AA, GSLC, JD, MBA, PhD, PMP, Six Sigma Black Belt

Our leadership team

Kavitha Vankita

Kavitha Venkita

Partner, Head of Cybersecurity and Risk

Kavitha is a Partner and the Business Lead for ACA Aponix, the dedicated global cybersecurity and technology risk advisory team.

Chad Neale, ISO27001:2013, GSLC, GCFE, CISA

Chad Neale

Partner

Chad is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group and oversees ACA Aponix’s Strategic Technology Advisory and Risk practice.

Mike Pappacena

Mike Pappacena

Partner

Mike is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group.

James Tedman

James Tedman

Partner

James is a Partner at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group. James manages ACA Aponix in Europe.

Marc Lotti, CGEIT, PMP

Marc Lotti

Strategic Advisor

Marc is a Strategic Advisor at ACA, and a Co-founder and formerly a Co-head Partner at ACA Aponix.

Kris Lau, CISM

Kris Lau

Managing Director

Kris is a Managing Director at ACA Aponix, specializing in information security program and policy development, risk management, vulnerability assessments, third-party security assessments, and audits.

Henry Lindemann

Henry Lindemann

Managing Director

Henry is a Managing Director at ACA Aponix, the cybersecurity, privacy, and IT risk division of ACA Group and oversees the sales department for the division.

Alex Scheinman, Ph.D.

Alex Scheinman

Managing Director

Alex is a Managing Director at ACA Aponix, overseeing ACA Aponix’s GDPR, CCPA, and other privacy regulation data-processing reviews and related programming.

Sara Laverick

Sara Laverick

Director

Sara oversees ACA Aponix's vendor diligence and management service (VMOS) team.

Jose Ramos

Jose Ramos

Director

Jose is a Director at ACA Aponix leading the penetration team.

Christine Tetherly-Lewis

Christine Tetherly-Lewis

Director

Christine is a Director at ACA Aponix.

1 of

Latest cyber and risk insights

abstract blue shapes connected by dots of light

FINRA Addresses Customer Account Takeovers (ATOs); Firms Advised on Protection Tactics 

The Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice in response to a noticed increase in customer account takeovers (ATOs). During these ATOs, bad actors compromise account information, gain unlawful entry into customer online brokerage accounts, make fraudulent transactions, siphon out funds, and commit other crimes. Similarly, bad actors have increasingly been using simulated identities to open online accounts, and unlawfully access funds and data. FINRA’s regulatory notice summarizes the observations of 20 firms of various business models and sizes on the subject.

Cyber Alert
  • Cybersecurity
cyber trends - 980x550_7.png

Protecting the Enterprise Server: After the SolarWinds®/Microsoft® Exchange® Hacks

The SolarWinds breach and the Microsoft Exchange server breach are striking, both in the extent and the breadth of their damage. The damage is ongoing; as part of the attack pattern, backdoor malware designed to give the attackers persistent access to the compromised organizations has been planted for future criminal activity. The recent executive order on cybersecurity testifies to the severity of the problem and the need for a centralized, proactive response. Learn what patterns we have observed and the mitigating strategies we recommend.

Article
  • Cybersecurity
Globe image

Navigating Evolving Risks on the Regulatory Horizon

Regulatory change, COVID-19 fallout, and a rapidly mutating ecosystem of risks make this a challenging year for financial services firms. In our complimentary whitepaper, we examine the future of risk and compliance and how firms must respond to rapidly evolving circumstances.

Article
  • Trade & Transaction
  • Compliance
  • ESG
  • Managed Services
  • Regulatory Deadlines
  • Regulatory Technology
  • ComplianceAlpha
  • FCA
  • SEC
  • Cybersecurity
  • RiskMutation
  • Brexit
  • COVID-19
  • GIPS Standards
  • Mirabella
abstract blue shapes connected by dots of light

Ransomware Attack Shuts Down Major Fuel Pipeline; PE Firms Advised To Enhance Protections   

A ransomware attack has led to the shutdown of the Colonial Pipeline, the largest fuel pipeline in the U.S. The Colonial Gas pipeline supplies gasoline, jet fuel, and other products to the eastern and southern U.S., providing 45% of the East Coast supply of fuel.

Cyber Alert
  • Cybersecurity
  • Portfolio Company Risk Management

Dell Vulnerability Discovered; Patching Advised for Millions of Users

On May 4, researchers released details of a security flaw in Dell devices. The flaw affects hundreds of millions of desktops, laptops, notebooks, and tablets. Dell has released additional details of the vulnerability and a recommended fix.

Cyber Alert
  • Cybersecurity
AdobeStock_317630718 1200x900.jpeg

Sneak Peek: ACA Spring Conference Aponix® Session Previews

ACA’s virtual spring conference is right around the corner. We encourage ACA Aponix clients to attend the sessions below or to invite other members of their teams to join in. Here’s a sneak peek at what you can expect and what you can expect to take away.

Article
  • Cybersecurity
  • Portfolio Company Risk Management
  • Events

News

ACA Group Named Accounting/Due Diligence Firm of the Year by M&A Advisor

ACA Group announced today that ACA Aponix® is the recipient of the Accounting/Due Diligence Firm of the Year in the 20th Annual M&A Advisor Awards. The M&A Advisor Awards are the benchmark for dealmaking excellence, recognizing the leading M&A Transactions, Restructurings, Deal Financings, Product/ Services, Firms, and Professionals.

ACA Group Selected as a RegTech100 Company for 2022

ACA is delighted to be counted among the 100 most innovative RegTech companies in the financial industry.

ACA Group Named Best Regulatory Consultancy - North America by RegTech Insight

ACA is honored to be voted Best Regulatory Consultancy - North America in the RegTech Insight Awards 2021 USA.

Upcoming events

Compliance Induction - 18 January 2022

Senior management in Financial Services firms have a responsibility to ensure their employees have sufficient knowledge and understanding of the Regulatory environment they are working in. This knowledge helps in emphasising the need for compliance with policies and procedures in order to protect the firm and the individual from failing to “do the right thing”.

Online Training

Annual Compliance Training - 26 January 2022

The regulator is clear, you and your team must review your competence and training needs regularly. This course is designed specifically to assist all staff in meeting and staying up to date with their statutory and regulatory obligations.

Online Training

Client Money - 27 January 2022

Financial services providers that hold or control client money or assets must follow specific rules outlined in the Financial Conduct Authority’s (FCA) Clients Assets Sourcebook (CASS). This course is specifically designed to assist teams in dealing with client money audits and the client assets report, as well as helping them stay up to date with statutory and regulatory obligations in this complicated area.

Online Training