Jim Horton
Helping leaders keep their organisation out of the headlines, without drowning in complexity or cost.
Jim Horton
Principal Partner
- Fragmented Compliance & Audit Overload: Transform siloed, duplicative compliance programs into a unified control framework (“Audit Once, Apply to Many”), while aligning clients with auditors who operate as strategic partners, reducing audit fatigue, lowering cost, and improving overall assurance outcomes.
- Lack of Scalable GRC Operating Model: Design and operationalize enterprise GRC programs that align security, risk, and compliance to business objectives, establishing governance, control rationalization, and measurable risk visibility.
- Regulatory Readiness & Complex Framework Alignment: Prepare organizations for audits and regulatory demands (SOC 2, ISO 27001, HITRUST, PCI, FedRAMP, etc.) by mapping controls, closing gaps, and building sustainable, audit-ready environments.
I bring more than two decades of leadership across cybersecurity governance, regulatory compliance, and enterprise risk management, helping organizations build durable compliance architectures in environments where security, privacy, and regulatory obligations intersect.
My experience includes designing and leading global GRC programs across SaaS platforms, healthcare technology, fintech and federal systems operating within complex regulatory environments. I’ve led enterprise certification and authorization programs across SOC 2, ISO 27001/27701, HITRUST, PCI DSS, and FedRAMP, while aligning control frameworks to NIST (RMF, CSF), CIS Controls, and global privacy regulations (HIPAA, GDPR, CCPA). I build integrated control environments that scale with the business.
Throughout my career, I’ve focused on solving the structural challenge many organizations face: how to operate multiple compliance frameworks without creating duplicated controls, fragmented governance, and constant audit fatigue. This work led to the development of my “Audit Once, Apply to Many” unified control framework strategy, enabling organizations to reuse evidence across regulatory obligations while strengthening governance maturity and operational clarity.
I focus on simplifying complex regulatory environments and translating compliance obligations into governance models executives can operate and auditors can trust.
- I translate overlapping regulatory frameworks into unified control architectures that scale across cloud and enterprise environments.
- I work closely with CISOs, CIOs, compliance leaders, and boards to ensure cybersecurity governance supports business strategy, not just audit requirements.
- I deliver pragmatic, operational solutions that reduce audit duplication, improve regulatory readiness, and provide leadership with clear visibility into risk posture and compliance maturity.
Healthcare Technology | SaaS & Cloud Platforms | Regulated Cloud & FedRAMP Environments | Federal & Defense Programs | Technology Services | Enterprise Software | Global Engineering & Infrastructure Operations
If you’d like to discuss how your cyber risk can be reduced without overcomplicating it, I’d be happy to connect.
