Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His leadership at CSA has included co-chairing working groups such as Top Threats, Enterprise Architecture, and Security-as-a-Service, as well as co-leading ZT Pillar 5, Network/Environment, where he has played a significant role in advancing cloud security practices.
In addition to his research, Michael has been instrumental in developing CSA's certifications, including the CCAK, CCSK, and CCZT. He has authored and edited each certification's Body of Knowledge, along with the corresponding certification exams. Beyond this, Michael has contributed to the development of over 20 micro-courses, many of which are based on CSA publications to which he also contributed.
Michael's dedicated efforts have earned him the prestigious Juanita Koilpillai Service Award in 2018, 2020, 2021, and 2022, as well as the CSA's highest award the CSA Research Fellowship Award in 2021.
With over 20 years of experience in risk, audit, control, and compliance, Michael has worked with major organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson & Johnson Inc., and Baxter Inc. He has also collaborated with startups across sectors including network management, contact center software, disk manufacturing, and radiological cancer treatment. In leadership roles, he has transformed risk management and internal audit functions, managed complex SAP transformation and configuration projects, and strengthened compliance through robust IT general controls and segregation of duties frameworks.
Michael has also served as a secretary or observer on key committees focused on internal audit, risk management, corporate governance, information security, and corporate social responsibility, further establishing himself as an advocate for governance and compliance.
His professional certifications include Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), and Certified Internal Auditor (CIA). He has also attained the CSA’s Cloud Security Knowledge v5 (CCSKv5) and CSA Cloud Zero Trust v5 (CCZTv1) certifications. Michael holds an AEMBA from Claremont College’s Peter Drucker Center and an MBA from DePaul University.