Zendus Group delivers practical, experience‑driven Information Security and Risk Management services for organizations navigating complex security and regulatory landscapes.

Zendus Group was founded to provide focused, high‑quality security advisory services rooted in real‑world implementation, assessment, and program leadership experience. The firm exists to help organizations strengthen security posture, manage risk effectively, and meet regulatory and stakeholder expectations, without unnecessary complexity or one‑size‑fits‑all solutions.

Who We Are

Zendus Group is a security and risk management consultancy that partners with organizations to build, mature, and sustain effective security programs. We work with clients that require clear guidance, defensible outcomes, and experienced leadership informed by how security actually works in practice.

Our services span security risk assessments, compliance and readiness advisory, healthcare security assessments, framework alignment, and virtual CISO leadership. We support organizations across healthcare, government, education, nonprofit, and private‑sector environments, tailoring our approach to each organization’s maturity, operational realities, and risk tolerance.

Zendus Group operates as a scalable advisory firm, leveraging experienced professionals and trusted subcontractors to deliver consistent, high‑quality results while remaining flexible and responsive to client needs.

Experience That Informs Our Work

Zendus Group is led by security professionals with over 30 years of combined IT experience and more than two decades specializing in information security, risk assessment, compliance, and security program development. This background includes:

• Assessing and advising hundreds of organizations across a wide range of industries and environments

• Deep, long‑term involvement with the PCI Data Security Standard, including years serving as a Qualified Security Assessor (QSA)

• Advisory and readiness experience across PCI DSS, SOC 2, ISO/IEC 27001, NIST CSF, NIST SP 800‑171, and NIST SP 800‑53

• Extensive work within healthcare environments, including hospitals, PCAs, HCCNs, and Federally Qualified Health Centers (FQHCs)

• Leadership roles supporting security program design, scope reduction, policy development, evidence preparation, and executive reporting

Zendus Group leadership also holds certifications as an ISO/IEC 27001 Lead Auditor and Lead Implementer, with additional expertise in ISO 19011 auditing, cloud security and privacy extensions, business continuity, and risk management standards.

This breadth of experience allows Zendus Group to provide advisory services informed by assessor expectations, implementer realities, and executive decision‑making needs.

How We Work

Zendus Group believes strong security programs are risk‑based, operationally realistic, and aligned with business objectives. Our approach emphasizes:

• Clear interpretation of regulatory and framework requirements

• Practical scoping and prioritization

• Actionable remediation guidance

• High‑quality documentation and evidence

• Clear communication with leadership and governing bodies

We focus on helping organizations build security capabilities that are sustainable, auditable, and adaptable as risks and requirements evolve.

Independence and Integrity

Zendus Group maintains strict independence across all engagements. We do not act as an assessor, auditor, certification body, or attestation provider where independence is required. We do not issue compliance reports or certifications.

This independence allows Zendus Group to serve solely as a trusted advisor, supporting clients alongside their chosen auditors, assessors, and certification bodies without conflicts of interest.

A Trusted Security Partner

Zendus Group was created to serve organizations that value:

• Experienced security leadership without unnecessary overhead

• Advisory services informed by firsthand assessment experience

• Clear guidance through complex security and compliance challenges

• A long‑term partner focused on meaningful risk reduction

Whether supporting a growing organization, a regulated healthcare environment, or an enterprise security program, Zendus Group brings clarity, credibility, and confidence to every engagement.