Matthew A. Corwin CISA, CISSP, CDPSE

Managing Director

Matthew A. Corwin has more than 20 years of experience specializing in privacy, regulatory compliance, and cybersecurity with specialized hands-on experience directing the implementation and integration of secure design principles and service engineering initiatives leveraging the latest technologies. He has a successful track record of facilitating technology-business alignment while balancing risk exposure and corporate growth. Mr. Corwin also has extensive expertise in analyzing technical architecture to attain and demonstrate best-in-class industry and regulatory standards compliance in global environments.

Mr. Corwin’s in-depth background with cybersecurity risk management and data protection includes comprehensive risk assessments and technical control design, development, implementation, monitoring, and testing with documentation for applicable security measures to ensure effective security for digital assets. He is proficient in using data, analytics and automation for detecting and monitoring security events. Mr. Corwin has implemented privacy programs including capability and skills models for core privacy domains and trained team members to optimize their understanding of CCPA, GDPR, HIPAA and other privacy regulations. In addition, he ensures IT compliance with relevant business, industry, and regulatory frameworks and standards by analyzing technical architecture and initiatives, optimizing processes, completing necessary remediation actions, and summarizing results.

Prior to joining Guidepost, Mr. Corwin was a security GRC leader at NYDIG, a leading financial institution offering a full suite of services for institutions and corporations, including crypto asset custody.  During his tenure, he successfully led SOC 1, SOC 2, NYDFS Part 500 and Part 200, BCDR, data protection/DLP, US privacy, and security GRC programs; implemented a NIST CSF program; and completed numerous external audits. He also worked with business and tech teams to develop and update risk-based technical and process controls; designed and implemented continuous monitoring and proper maintenance of controls; and implemented new GRC tools and automations for audit, compliance, and risk management which greatly reduced time and effort for compliance.

In addition, Mr. Corwin was a vCISO, vice president of security and privacy risk and general counsel at Truvantis, a cybersecurity consulting firm. He established the firm’s privacy practice and expanded its security consulting practice for GRC and regulatory compliance in the Southwest US region. Prior to joining Truvantis, Mr. Corwin was the US privacy and consulting practice lead at Cognizant, an information technology services and consulting company, where he headed the US unit of the company’s Global Privacy and Security Consulting practice, specializing in AI and analytics, and directed cross-functional teams to ensure compliance with privacy regulations.

Earlier in his career, Mr. Corwin held senior audit, privacy, and regulatory compliance positions at SAP, Symantec, Michel & Associates, P.C., and Calpop.com. He also spent four years with the U.S. Army Military Police.

Did you know?

When he’s not decrypting the mysteries of cybersecurity, Matthew is encoding flavors in his kitchen as an avid home chef. His cooking is great 99.999% of the time but, just in case, he’s got a robust disaster recovery plan involving a speedy pizza delivery service.

Education

  • Juris Doctor, University of California, Irvine School of Law
  • Bachelor of Science, Business Administration, California State University, Los Angeles

Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Data Privacy Solutions Engineer (CDPSE)
  • California Licensed Attorney

Media + Events

August 16, 2023

The SEC has new Cybersecurity Rules. Are you prepared and ready?

Continue Reading
August 1, 2023

New EU-U.S. Data Privacy Framework Legalizes Personal Data Transfers from the EU to US

Continue Reading
an open magazine
September 3, 2024

Plan Adviser

Cybersecurity Best Practices for Retirement Plans

Continue Reading
a stack of folded newspapers
August 7, 2024

Tech News World

Malware-as-a-Service Golden Business for Hackers: Darktrace Report

Continue Reading
a cartoon newspaper
June 21, 2024

Nexus Connect

Closing the Door on Third-Party Access Risks

Continue Reading
an open magazine
May 21, 2024

Commerce Times

Website Impersonation Scams Surge, Solutions Fall Short: Study

Continue Reading
a stack of folded newspapers
April 18, 2024

TechRepublic

Kaspersky Study: Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020

Continue Reading
a cartoon newspaper
February 22, 2024

American Banker

The LockBit takedown is a victory, but it may be fleeting

Continue Reading
an open magazine
December 19, 2023

esecurityplanet.com

5 Major Cybersecurity Trends to Know for 2024

Continue Reading
a stack of folded newspapers
December 12, 2023

msspalert.com

SEC Cybersecurity Breach Rule: What it Means for MSSPs

Continue Reading
a cartoon newspaper
August 14, 2023

bizjournals.com

How to deal with the cybersecurity weak links at your company

Continue Reading
an open magazine
July 24, 2023

Cybernews.com

Eurostar adopts biometric check-in on UK-France trains, experts warn of risks

Continue Reading
a woman stands at a podium with a microphone in front of her
September 12, 2023

Guidepost Solutions Hires Two Cyber Experts to Enhance Cybersecurity Consulting Practice

Continue Reading
unfocused picture of people walking through a professional event
January 18, 2024

ISACA Silicon Valley Chapter In-Person Event

ISACA Silicon Valley Chapter In-Person Event

Continue Reading
InvestigationHotlines