Steve Crutchley - Founder and Chief Executive Officer
Steve is a recognized leader and foremost authority in the GRC arena. With more than 25 years of experience in Business Protection, combined with an extensive knowledge of the industrial, commercial, government and financial areas, Steve has dedicated his career to maintaining a highly focused emphasis on risk, governance, compliance, information security and information assurance.
A serial entrepreneur, Steve's string of successes include the sale of his previous venture, 4FrontSecurity, to Symantec. He also sold Systems Solution to AST in South Africa which culminated in the listing of the respective company and the subsequent acquisition of a number of local and international businesses.
Steve has held senior positions in government as well as corporate and private businesses for many years and has a solid track record of prior achievements. In a sector where the noise is mixed and confusing, Steve is able to help organizations navigate through the business protection (security) and compliance maze and assist them in selecting and delivering the processes and solutions that will mitigate risk and support corporate governance. Steve has extensive experience, knowledge and a deep understanding of various standards and control structures such as ISO/IEC 20000, ISO/IEC 27001, BS 25999, COBIT, ISF, COSO, GLBA, HIPAA, NERC, PCI to mention just a few. Steve is an accredited IRCA trainer for ISO/IEC 27001, a renowned Lead Auditor and implementer for ISO 27001, ISO/IEC 20000 and BS 25999. Steve is also CISM and CGEIT and has a Bachelor of Science in Management Information Systems (B.Sc. Management Information Systems) degree with concentration on Information Security
Larry Candler – Chief Compliance Officer
Larry is an accomplished governance, risk and compliance professional with over 35 years of experience in information technology, communications strategy, information assurance, program management, business continuity, and training programs. He has focused on the strategic application of technology and associated controls to achieve business objectives.
E. Brian Alexander, Esq. – Chief Legal Officer
Brian brings over 20 years of experience in evaluating and mitigating business risk, and in maintaining regulatory compliance. He has vast experience advising mid to large-size healthcare, energy, financial services, construction and development organizations regarding governance, risk and compliance matters. His work in this area has spanned various roles, including as outside attorney and consultant, and as an internal risk manager.
Brian has worked in private law practice and as a consultant for over 10 years counseling clients regarding corporate and transactional risk and compliance matters. His clients have included companies working in the energy and utilities, mechanical/electrical manufacturing and automation, industrial process, banking, insurance, healthcare/medical technology, and software technology sectors. Brian has significant experience with environmental laws such as the CAA, CWA, CERCLA and RCRA, and has handled environmental regulatory matters for utility clients. Through his various legal and consulting roles, Brian also has gained an in depth understanding of NERC, FERC, state PUC, DOE, EPA and state environmental agency laws and regulations. He also assisted in the development of a tool to assess risk and compliance of power utilities across NERC-CIP, NIST and ISO frameworks.
Brian’s primary focus in attaining his J.D. degree was on corporate, finance and banking law, including the Securities and Securities Exchange Acts, Investment Advisor and Investment Company Acts, Gramm-Leach-Bliley Act and Sarbanes-Oxely Act. He counsels banks, investment companies and insurance companies regarding regulatory compliance matters. Brian also assists businesses with healthcare regulatory compliance and best practices, including compliance with the Affordable Health Care for America Act, and privacy regulations and best practices such as HIPAA and GAPP. Prior to graduating from law school, Brian worked for over 10 years in construction/development management, most of that time as a manager of large hospital and healthcare development projects. He was responsible for identifying and avoiding or mitigating project financial, operational and legal risks on such projects.
Brian has a J.D. degree from the Catholic University, a B.S.M.E degree from Florida International University, and expects to complete an LL.M. degree (energy and environmental law)at George Washington University in 2014.
Please contact us for more information on how C2C SmartCompliance can help your organization.