GRC Audit and Compliance is a product-centric audit and continuous testing function that exists to fulfill the company’s audit obligations to customers and external stakeholders while providing leadership with insights into GitHub’s audit and control posture. We will add further value to GitHub’s go-to-market strategy by marketing customer-facing assurance reports as product features. Currently we manage the following audit work across GitHub:
- SOC 1, SOC 2, and SOC 3 for GHEC and Actions
- ISO 27001 for GHEC and Actions
- FedRAMP Low Tailored for GHEC
- PCI DSS for GHEC
- MSFT Non-financial disclosures (internal MSFT requirements) for GitHub’s NFD metrics (Developers, MAC, MEU)
- MSFT internal audits at GitHub (e.g. Security Governance, Trade Compliance, etc)
- GHAE compliance and risk management
- Azure DevOps (ADO) compliance, privacy, and risk programs
Learn more about Audit & Compliance programs and services over in https://www.github/security-grc-compliance
- Maintain productive customer partnerships, turning around difficult relationships (particularly with people not traditionally used to interacting with Internal Audit)
- Reviews audit project plans, work papers and audit reports, including discussing issues with management, and ensuring adequate quality control is in operation. Follows up on replies to reports, reviews replies and posts audit reviews.
- Oversee the planning, scheduling and execution of IT audits within established time budgets and deadlines, ensuring all activities conform to established departmental procedures. Supervise and review the work of audit staff and identify areas of needed improvement and assists staff in development. Prepares executive summary and submits audit findings/recommendations to executive management.
- Identify and assess complex risks (both business and technological) and to provide advice to management regarding mitigation of these risks.
- Manage and train staff in the execution of the IT audit and compliance activities. For the assigned staff, assign work, monitor progress, and provide coaching feedback on a regular basis. Prepare and deliver formal Semester Progress Review(s), as well as Annual Review(s).
- Design, implement, and test controls to comply with ISO 27001, ISO 27018, AICPA, and NIST control requirements
- Developed advanced SDLC audit plan in tandem with control owner that streamlined controls used by 1,500 developers
- Manage and assist external audits (SSAE18 and ISO 27018) and internal assessments
- Facilitate customer understanding by completing customer due diligence questionnaires in a timely manner
- Advise internal stakeholders on evolving compliance requirements
- Assist management on identifying risk and provide remediation guidance to management
- Assisted in the facilitation of compliance, external, and internal audit procedures
- Led the change in streamlining internal processes by changing internal tools
- Maintained risk and control matrix, test plans, test attributes and status trackers
- Assess the design and implementation of ITGC requirements against company policies and procedures
- Inspected control evidence for adherence to completeness, accuracy and precision of control execution for ITGC
- Executed UNIX, Windows, AS/400 (iSeries), and Oracle database general computer control reviews
- Reviewed, evaluated and tested application controls, particularly automated controls on a wide range of software application packages used for financial reporting
- Evaluated and improved the effectiveness and efficiency of operations for clients
- Assisted clients in the review over the design, build, and operation of business processes
- Analyzed and assessed the security environment for clients by conducting cyber security risk assessments and audits
- Assisted financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives
- Determined technical and business impact of identified security and control issues and provide remediation guidance to clients
- Executed and oversaw IT Audit SharePoint document knowledge repository, increasing employee productivity
License/Certification | Date Effective |
---|---|
Certified Information Systems Auditor, ISACA | December 2018 |
Information Security Management Systems v2.1, BSI | June 2017 |
Management Systems Auditing v2.0,BSI | June 2017 |
ISO/IEC 27001:2013 Internal Auditor, BSI | June 2017 |
- IT Design and Consulting for Standing Stone Nursery
- Intake and review of GitHub Bugs identified in Hackerone.
- Exotic Plants 🌴
- 4 Wheeling 🚴♂️
- Hiking 🥾
- Travelling
✈️ - My children aka 🐕🐕🐕