Matt Flora is a Managing Director in FTI Consulting’s Cybersecurity practice and is based in New York. Mr. Flora specializes in cybersecurity and operational risk management and governance, with more than 12 years of experience. He serves as a strategic partner to executive leadership teams, helping them to improve cybersecurity maturity and reduce risk within their organizations.
Mr. Flora has a deep proficiency in implementing and auditing against leading security frameworks, including the NIST Cybersecurity Framework (NIST CSF), the Center for Internet Security’s Critical Security Controls (CIS 18), the HIPAA Security Rule, and the New York State Department of Financial Services (NYDFS) Part 500. While his clients range across industries and sizes, Mr. Flora has a deep understanding of organizations in the healthcare, finance, and education sectors.
In the healthcare sector, Mr. Flora assists enterprises in securing Protected Health Information (PHI). By conducting detailed HIPAA Risk Assessments and overseeing technical remediation, he helps organizations navigate the strict regulatory requirements of the Department of Health and Human Services and safeguard critical assets. He also has a deep understanding of the unique challenges that face financial service organizations. Mr. Flora works with Private Equity, Wealth Management, Family Offices, and Fintech to understand their specific cybersecurity requirements, identify critical assets, and build security programs that address top risks. Additionally, Mr. Flora works extensively with the education sector, from K–12 schools to higher education. Understanding the unique challenges of safeguarding student, parent and donor data, he works diligently with clients to identify risks to critical assets and implement mitigation strategies that align with organization’s risk thresholds and resource restraints.
Prior to joining FTI Consulting, Mr. Flora was a Managing Director in the Technology and Cybersecurity Risk Advisory practice at a global consulting firm, focused on helping clients identify operational security weaknesses and develop robust procedures to mitigate enterprise-level risk. There, he focused on building out and managing the cybersecurity strategy, risk, and compliance programs for clients, including framework and risk assessments, policy development, employee training, compliance audits, and third-party risk management.
Mr. Flora holds a bachelor’s degree in marketing and psychology from the University of Delaware. He is Certified in Risk and Information Systems Control (CRISC) and holds the Information Systems Audit and Control Association (ISACA) Cybersecurity Nexus Fundamentals (CSXF) designation. His unique educational background in behavioral psychology provides him with a specialized perspective on risk management and the behavioral drivers of cybersecurity vulnerabilities.
You must be logged in to post a comment.