Matthew A. Corwin has more than 20 years of experience specializing in privacy, regulatory compliance, and cybersecurity with specialized hands-on experience directing the implementation and integration of secure design principles and service engineering initiatives leveraging the latest technologies. He has a successful track record of facilitating technology-business alignment while balancing risk exposure and corporate growth. Mr. Corwin also has extensive expertise in analyzing technical architecture to attain and demonstrate best-in-class industry and regulatory standards compliance in global environments.
Mr. Corwin’s in-depth background with cybersecurity risk management and data protection includes comprehensive risk assessments and technical control design, development, implementation, monitoring, and testing with documentation for applicable security measures to ensure effective security for digital assets. He is proficient in using data, analytics and automation for detecting and monitoring security events. Mr. Corwin has implemented privacy programs including capability and skills models for core privacy domains and trained team members to optimize their understanding of CCPA, GDPR, HIPAA and other privacy regulations. In addition, he ensures IT compliance with relevant business, industry, and regulatory frameworks and standards by analyzing technical architecture and initiatives, optimizing processes, completing necessary remediation actions, and summarizing results.
Prior to joining Guidepost, Mr. Corwin was a security GRC leader at NYDIG, a leading financial institution offering a full suite of services for institutions and corporations, including crypto asset custody. During his tenure, he successfully led SOC 1, SOC 2, NYDFS Part 500 and Part 200, BCDR, data protection/DLP, US privacy, and security GRC programs; implemented a NIST CSF program; and completed numerous external audits. He also worked with business and tech teams to develop and update risk-based technical and process controls; designed and implemented continuous monitoring and proper maintenance of controls; and implemented new GRC tools and automations for audit, compliance, and risk management which greatly reduced time and effort for compliance.
In addition, Mr. Corwin was a vCISO, vice president of security and privacy risk and general counsel at Truvantis, a cybersecurity consulting firm. He established the firm’s privacy practice and expanded its security consulting practice for GRC and regulatory compliance in the Southwest US region. Prior to joining Truvantis, Mr. Corwin was the US privacy and consulting practice lead at Cognizant, an information technology services and consulting company, where he headed the US unit of the company’s Global Privacy and Security Consulting practice, specializing in AI and analytics, and directed cross-functional teams to ensure compliance with privacy regulations.
Earlier in his career, Mr. Corwin held senior audit, privacy, and regulatory compliance positions at SAP, Symantec, Michel & Associates, P.C., and Calpop.com. He also spent four years with the U.S. Army Military Police.
Did you know?
When he’s not decrypting the mysteries of cybersecurity, Matthew is encoding flavors in his kitchen as an avid home chef. His cooking is great 99.999% of the time but, just in case, he’s got a robust disaster recovery plan involving a speedy pizza delivery service.
