About Jose

Jose Antigua is a Director in the Firm’s Risk Advisory Division. Mr. Antigua has nearly 15 years of experience working with Governance, Risk and Compliance (GRC) and Information Technology for clients in the financial, healthcare, IT services, government and retail industries. His experience includes IT infrastructure, e-mail systems, backup and networking. He has assisted with numerous audit engagements, developing and assessing IT risk over financial reporting, IT security, IT Governance, disaster recovery and information systems management.

He is an expert in the use of computerized audit techniques to access and analyze data to maximize audit efficiency. He has implemented numerous Continuous Audit (CA) and Continuous Control Monitoring (CCM) projects.

In addition, Mr. Antigua works with Marcum’s teams to bridge the gap between financial audits and internal controls and information systems auditing. He executes GRC and GRC assurance engagements according to various frameworks, regulations and standards including SOX, HIPAA, NIST, SSAE 18, COBIT 5 and GDPR. He identifies process and control weaknesses, analyzes complex systems and works with clients to streamline operations within time and resource constraints. Also he conducts IT Risk Assessments and IT Control Assessments in numerous vertical markets.

Professional & Civic Affiliations

  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified Data Privacy Solutions Engineer (CDPSE)
  • Certified in Data Analytics (ACDA)
  • Certificate in IT Governance and Managent with COBIT
  • Cerfified Microsoft Azure Fundamentals
  • Certificate in eGovernment

Articles, Seminars & Presentations

  • Controls to Mitigate Top IT Risks amidst COVID-19, 2020
  • Privacy and GDPR: who has my data, 2018
  • GDPR: from doubt to hope, 2018
  • Internal Auditor in the Digital Era, 2018
  • An Integral Approach to Cybersecurity, 2017
  • Privacy in Perspective: PII and PHI management, 2017
  • Business Intelligence for IT Risk Monitoring, 2017
  • Cybersecurity SEC requirements for Public Companies, 2016
  • Risk Management, an Integral Approach, 2015
  • Governance, Risk and Compliance (GRC) in practice, 2014
  • Internal Control Framework based on COSO 2013, 2014
  • Closing the gaps between COBIT 4.1 and COBIT 5, 2014
  • IT Audit for CISA exam preparation, 2014
Practice Focus

IT Audits
Application Reviews
Security Assessments
SOC 1, 2, 3
Internal Control and Risk Management
CAAT (including CA and CCM)


Bachelor Degree in Systems Engineering
Instituto Tecnologico de Santo Domingo (INTEC)

Designations & Accreditations

Certified Information Systems Auditor
ACL Certified Data Analyst and Trainer
COBIT 5 Foundations (IT Governance and Management)