About Christopher

Christopher Shaffer is a principal in Marcum’s Risk Advisory Services Group and leads the HITRUST CSF assessor program. He brings nearly 20 years of information technology security, operations, and consulting experience to his clients.

Mr. Shaffer specializes in leading engagements for SSAE 18, (SOC 1), SOC 2, PCI-DSS, HIPAA, HITRUST, NIST, ISO, and general IT computing controls for private and public businesses across a variety of industries. He has extensive experience working with hosting, data center, managed service providers, and software service organizations.

Prior to entering an external consulting role, Mr. Shaffer managed the security and network operations for multiple software, datacenter, and hosting service providers in executive and operational capacities. He brings a high level of operational understanding to every engagement, helping clients navigate internal processes and procedures.

Professional & Civic Affiliations

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Common Security Framework Auditor (CISA)
  • Certified HITRUST Quality Professional (CHQP)
  • Qualified Security Assessor (QSA)
  • International Information System Security Certification Consortium (ISC2)
  • Information Systems Audit and Control Association (ISACA)
  • North Texas Chapter of the Information Security Systems Association (ISSA)
Practice Focus

Risk Advisory Services
Technology Managed Services
IT Controls
SOC 1
SOC 2
HITRUST Certification

Industry Focus

Innovation & Technology
Professional Services
Managed Service Providers
Software Services

Education

DeVry University