Jim Kearney

Jim Kearney



+1 (978) 569 2588

Leave a messagearrowCreated with Sketch.

Jim is a director with Baker Tilly’s risk advisory practice and the New England leader in cybersecurity risk. He is a purposeful and passionate leader, who focuses on individual and team recognition to achieve results. Jim is a driver of high-performing teams who is accommodating and flexible to meet the needs of others. Jim has more than 10 years of Big Four experience prior to joining Baker Tilly. He focuses on serving a variety of clients across cybersecurity, internal audit, third party risk management, enterprise risk and compliance initiatives.

Baker Tilly's risk advisory practice goal in New England is to: Serve as essential, trusted advisors who execute at the highest level for an ever-growing client base.

  • Leads internal audit execution, inclusive of IA risk assessment activities through both co-sourced and outsourced resourcing models. Supports coverage across multiple risk domains and auditable universe analysis
  • Directs SOX 404 internal control engagements across life sciences, real estate, not-for-profit, insurance and technology organizations (both domestic and global)
  • Leads risk advisory projects related to cybersecurity regulatory compliance and maturity (NIST CSF/GLBA/OCIE/FFIEC CAT/NFA/ISO). Supports implementation of recommendations
  • Manages end-to-end agreed-upon procedures (AUP), SOC 1, SOC 2 and SOC 3 attestation reporting engagements, inclusive of readiness pre-assessments
  • Engages clients in enterprise risk management (ERM) through program build, requirements definition, risk domain inventorying and risk appetite/tolerance understanding
  • Responds to internal and external (PCAOB, peer review) quality inspections with strong success rates
  • Led go-to-market efforts related to the 2023 SEC cybersecurity disclosure requirements
  • Developed content and enablers to support end-to-end third-party risk management program evolution
  • Serves as a regional lead for governance, risk management and compliance (GRC) alliances
  • Information Systems Audit and Control Association (ISACA), active involvement
  • Institute of Internal Auditors (IIA), active involvement

Authored articles and perspectives on IT internal audit program development and cybersecurity risk management

Presented at multiple SOC reporting conferences/symposiums

Guest speaker for university management courses

  • Certified Internal Auditor (CIA), IIA
  • Certified Information Systems Auditor (CISA), ISACA


Boston, MA


Bachelor's degree in finance and

information systems

Boston College, Carroll School of Management