Skip to main content
About Us

Paul Kennedy, CISSP, CISA, VCISO

Senior Manager, Technology Solutions

Grand Rapids, MI

Boston College
BS, computer science

With targeted experience specifically in information technology, solution options continue to build and expand with each new client.”

Current Role

Paul provides clients with peace of mind by leading cybersecurity consulting, information security assessments, vulnerability and penetration testing, social engineering testing, information security training and Sarbanes-Oxley Act (SOX) 404 consulting engagements for a variety of organizations.

Service Areas

  • Cybersecurity consulting and assessments
  • Information systems and technology
  • Risk management
  • Information security awareness training
  • Policy development
  • Social engineering


Paul has extensive experience assisting organizations with developing, implementing and improving cybersecurity governance programs and IT controls. He has an in-depth knowledge of National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS) standards, SOX 404 compliance, Gramm-Leach-Bliley Act (GLBA) compliance as well as extensive knowledge of IT systems.

Prior to joining Rehmann in 2020, Paul served as a Technology Risk Senior Manager at a “Big Four” international professional services firm where he gained extensive experience successfully delivering risk management, internal audit, external audit and cybersecurity engagements.

Additionally, Paul has independently designed and deployed innovative custom technology solutions using modern technology and infrastructure to realize process efficiencies and support business operations.

Paul’s IT career began in 2009, holding roles in IT operations supporting a wide variety of technologies and services.

A Closer Look

  • Continuously expanding his knowledge, Paul is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).
  • Ask Paul about his experience assisting clients with implementing cybersecurity programs, information security assessments, and process automation

Send a quick note:

"*" indicates required fields