I've spent over 12 years in IT SOX, from leading external audits at Deloitte to hands-on advisory work helping companies build and manage their own programs.
I've seen most IT SOX programs struggle for the same reason: no one truly owns them. Responsibility gets split across IT and finance, and the goal becomes satisfying auditors instead of building a program that works. That's where I come in.
No account managers, no layers of communication. You work with me directly from day one.
Not every finding deserves the same level of attention, and not every control needs to be redesigned. I focus on what matters, so you spend less time on IT controls and more time running your business.
Over the years, the biggest problem I see with IT control environments comes down to ownership. When no one truly owns an IT control environment, it inevitably becomes more complex than necessary. Controls get added to satisfy the latest audit request, processes evolve without anyone stepping back to evaluate them, and eventually nobody remembers why things are done the way they are. Controls that should take 10 minutes end up taking hours.
My goal is to help companies build and maintain effective, efficient control programs without creating unnecessary work. I saw the need for this repeatedly: companies spending far more time than they reasonably should on IT controls, and still not ending up with effective programs.
Years on both sides of the table means I know how to work with auditors, and when problems arise, I help your team fix it without turning a small problem into a bigger process.
The real challenge isn't just designing good controls. It's designing controls that people can and will actually follow, quarter after quarter, year after year. One of my favorite parts of this work is partnering with and getting to know the people who own and operate these processes. Not just delivering recommendations, but sitting down with your team to figure out what actually works, and making sure they understand why it matters and what's expected.
Not every control needs to be redesigned, and not every finding deserves the same level of attention. Part of my job is helping clients separate what truly matters from what does not. I want my clients to spend less time worrying about IT controls and more time running their business.
Most clients come to me at one of two points: you're either building a controls program for the first time (often after raising a round or preparing for an IPO), or you already have one that's become reactive, where ownership is unclear and every audit feels like starting over.
Wherever you're starting from, here's how we can work together:
I'll assess your control environment, tell you what's missing, and give you a clear, prioritized view of what matters most. You'll leave with:
One-time flat fee, tailored to your environment
Most companies don't need a full-time IT SOX Director. I step in as an experienced owner, setting direction and keeping the program moving year-round, without the overhead of a full-time hire. Here's what that looks like:
Flat monthly retainer, scoped to your needs.
I founded Mekas Consulting to work more directly with the people and teams I can genuinely help, without the layers and rigidity of a big firm.
I live around Atlanta with my wife and three young kids. Outside of work, I enjoy playing tennis, coaching baseball, being outdoors, and generally trying to keep up with our little ones.
Certified Information Systems Auditor (CISA)
Master of Science in Information Systems
Georgia State University