Nick Casper is the Managing Director of BNO, overseeing the firm’s strategic direction, client relations, and growth initiatives. With over 15 years of experience in the compliance and risk management space, Nick has established BNO as a leading provider of audit services for GRC platforms such as DRATA, Vanta, Secureframe, and more. He works closely with clients to ensure they achieve seamless and successful compliance processes, particularly in SOC 2, ISO 27001, and PCI DSS audits. His leadership is built on a foundation of integrity, client-centric solutions, and a deep commitment to making compliance accessible and understandable for businesses of all sizes. Nick’s approach blends technical knowledge with a focus on creating long-lasting relationships with clients. Outside of his professional work, Nick is a passionate advocate for education and mentorship, regularly volunteering his time to support local schools and business development programs. He also enjoys playing chess and spending time with his family at their lake house.

CJ Endemann is a Partner at BNO, where he plays a key role in leading client engagements, particularly in the areas of risk management and GRC platform implementation. CJ’s expertise spans multiple compliance frameworks, including SOC 2, PCI DSS, and ISO 27001, and he has helped numerous organizations navigate the complexities of these certifications with efficiency and confidence. With a background in both cybersecurity and audit management, CJ combines technical proficiency with strategic insight, ensuring that clients not only meet compliance requirements but also strengthen their overall security posture. His focus on delivering practical and scalable solutions has made him a trusted advisor to many organizations in the tech, finance, and healthcare sectors. Outside of his work, CJ is an avid cyclist, often participating in long-distance rides, and he is a supporter of environmental conservation initiatives. He also enjoys playing acoustic guitar & exploring new hiking trails with friends and family.

Josh Arrington brings over 10 years of experience in governance, risk, and compliance (GRC) with a focus on automation tools such as DRATA, Vanta, and Secureframe. His expertise lies in guiding clients through SOC 2, ISO 27001, and PCI DSS audits, ensuring smooth and efficient compliance management. With a deep understanding of security frameworks and audit procedures, Josh helps organizations streamline their processes and stay on top of ever-evolving regulations. Josh is known for his hands-on approach to solving compliance challenges, providing valuable insights for businesses of all sizes. Outside of work, Josh is an avid cook who enjoys experimenting with new recipes from around the world. He also loves hiking and exploring local trails with his dog.

Emily Bales is an expert in implementing GRC platforms such as Scrut, Thoropass, and Sprinto, with a particular focus on helping mid-sized businesses scale their compliance processes. Her expertise spans SOC 2, ISO 27001, and PCI DSS, and she has helped numerous clients integrate security controls across various platforms with ease. Emily’s technical acumen and project management skills ensure that all compliance systems are optimized and meet audit requirements. Emily’s personal mission is to help businesses feel confident and prepared for every audit. In her spare time, Emily enjoys traveling to new destinations and immersing herself in different cultures. She is also passionate about animal rescue and volunteers regularly at local shelters.

Derek James has a comprehensive background in security audits, specializing in SOC 2, ISO 27001, and PCI DSS compliance across multiple GRC platforms such as DRATA, Secureframe, and Vanta. Derek’s auditing expertise ensures that clients are fully prepared for any compliance assessments, guiding them through audits with accuracy and precision. He works closely with clients to uncover vulnerabilities and address them before they can pose a risk. Derek is highly regarded for his attention to detail and his ability to simplify complex compliance concepts for organizations. When not working, Derek is an outdoor enthusiast who loves kayaking and exploring national parks. He’s also an amateur photographer, capturing landscapes during his travels.

Priya is a GRC solutions architect with expertise in integrating and customizing platforms such as Scrut, Sprinto, and DRATA to fit the unique needs of clients. With a focus on scalability and automation, Priya has led numerous successful implementations of compliance systems for large enterprises and small businesses alike. Her deep understanding of ISO 27001, PCI DSS, and SOC 2 frameworks allows her to craft tailored solutions that not only meet audit requirements but also streamline business operations. Priya is passionate about leveraging technology to solve compliance challenges. Outside of work, she enjoys playing tennis, reading historical fiction, and is a dedicated supporter of environmental sustainability initiatives.

Carlos Soto specializes in risk management and GRC implementation, particularly in the context of ISO 27001 and SOC 2 compliance. His experience spans across multiple GRC platforms like Vanta, Thoropass, and Secureframe, where he has helped clients assess and manage their risk posture. Carlos works with companies to develop risk mitigation strategies, ensuring that they are audit-ready and protected against potential threats. He is known for his ability to translate complex risk management processes into actionable plans that teams can follow. Outside of his professional work, Carlos is a fan of soccer and enjoys playing in a local league. He also spends time volunteering at a youth mentorship program, helping underserved communities.

Mei-Ling has extensive experience in managing large-scale GRC programs, focusing on the full lifecycle of SOC 2, PCI DSS, and ISO 27001 compliance using platforms like DRATA, Sprinto, and Scrut. She is adept at leading cross-functional teams through the compliance process, ensuring clear communication and timely execution of security and risk initiatives. Mei-Ling’s strategic oversight and leadership ensure that organizations stay aligned with their compliance goals and that the necessary policies and procedures are implemented effectively. Outside of work, Mei-Ling is a passionate traveler who has visited over 20 countries and enjoys learning about new cuisines. She is also an advocate for mental health awareness and participates in various wellness programs.