Andy has extensive experience in IT audit, security governance and application development. After beginning his career in financial audit at a Big 4 accounting firm, Andy quickly moved into the IT audit field, where he gained over 15 years of experience working in both public accounting and private industry.
About five years ago, Andy moved into a senior director role where he worked in security governance for a multibillion-dollar retailer. During this time, he has performed PCI audits, drafted and published IT policies, procedures and awareness campaigns, and managed the user administration process for business-critical applications. He has also worked very closely with the Risk Assessment team to manage third-party risk, implement a new privileged access management system and deploy a GRC tool. Andy has also developed a continuous-controls monitoring tool from the ground up. Recently, Andy joined an investment banking firm to build out their third-party risk management and identity and access management processes.