Drew Hendrickson, CPA, CIPP, CCSFP

Shareholder, Information Security

Image of Drew Hendrickson
Education

University of North Carolina, Bachelor’s and Master’s degree in Accounting

Drew Hendrickson, CPA, draws on more than 14 years of experience as an information security professional and auditor to help clients manage their security program within the context of the business’ overall risk environment.​

Drew leads LBMC’s Information Security IT Assurance practice. He has experience with regulatory compliance (ICFR, SOX), SSAE 18, SOC 1 reporting, SOC-2 reporting, GDPR readiness, HITRUST, ACAB certification, ISO 27001 certification, project management, systems implementation, healthcare consulting services including HIPAA risk assessments, PCI, FISMA, financial audits, and other various privacy and security consulting services.

Drew has issued thousands of SOC reports throughout his career and works directly with the AICPA to lead and educate other CPA firms on best practices and the latest updates to SOC reporting.  He has also assisted in the development and delivery of training materials for the AICPA’s cybersecurity courses.

Drew sits on the HITRUST Assessor Council and has spoken annually at the HITRUST annual conference on a variety of topics ranging from security to IT Assurance and the HITRUST program.

Drew also works with clients regarding the overall information security environment and assists with recommendations related to not only regulatory and compliance standards, but also with the latest security standards.

Before joining LBMC, Drew worked at a national public accounting firm for over nine years. Drew left as a senior manager and served several external audits locally in Nashville in the healthcare, retail, utility, and manufacturing industries.

Certifications

  • Certified Public Accountant (CPA)
  • Certified Information Privacy Professional (CIPP)
  • Certified HITRUST Common Security Framework Practitioner (CCSFP)

Thought Leadership

Blog
HITRUST® Provider TPRM Update
Blog
How to Successfully Complete a SOC 2 Audit
Blog
How to Choose a HITRUST Assessor