Profiles search
Kory Merten, CPA
Senior Manager, Business Technology Risk Management & Information Security
New York, NY, United States
Details
Education:
Master of Science
Management Information Systems
Texas A&M University
2010 : 2012
Bachelor of Business Administration
Accounting and Business Honors
Texas A&M University
2007 : 2010
Management Information Systems
Texas A&M University
2010 : 2012
Bachelor of Business Administration
Accounting and Business Honors
Texas A&M University
2007 : 2010
Experience:
2021 : Present
Salesforce
Senior Manager, Business Technology Risk Management & Information Security
2020 : 2021
EY
Technology Risk Senior Manager
2017 : 2020
EY
Technology Risk Manager
As a Senior in the Risk practice of Ernst & Young LLP, I specialize in the delivery of Information Technology (IT) Risk Assurance and Advisory services including Information and Data Security, Third-Party Reporting (SOC 1, SOC 2, SOC 3, and AT 101 SDLC), Information Security assessment and implementation, and ISO 27001 certification and implementation. Key skills exhibited include effective communication with clients regarding complex issues and effective project management skills.
Engagement Experience
-Cloud Computing/Virtualization/Managed Hosting : supervised field work related to security surrounding cloud environments (including Open Stack and Xen technologies) and managed hosting services (including physical security and environmental controls).
-Service Organization Control (SOC) Reporting : supervised field work and reporting phases of SOC 1, SOC 2, and SOC 3 reporting within a variety of industries ranging from cloud computing/virtualization/managed hosting to banking software development/hosting. Played an integral role in the issuance of more than 30 SOC reports.
-AT 101 Reporting : supervised field work and reporting phases of AT 101 reporting around the application software development life cycle (SDLC).
-ISO 27001 : served as auditor on ISO 27001 certification for managed hosting company. Underwent one-week training related to ISO 27001/27002 standard, culminating in certification as ISO 27001 Lead Auditor/Lead Implementer.
-FFIEC Readiness Internal Audit : supervised engagement to determine FFIEC readiness for banking software development company in capacity of internal audit. Included extensive research related to FFIEC review guidelines/procedures.
2014 : 2017
EY
IT Risk and Assurance (ITRA) Senior
As a Staff in the Advisory Services practice of Ernst & Young LLP, I specialize in the delivery of Information Technology (IT) Risk Assurance and Advisory services including Assurance Support, Information and Data Security, Third-Party Reporting and Information Security assessment and implementation.
Engagement Experience
-Cloud Computing/Virtualization : assisted in field work related to security surrounding cloud environments, including an analysis of OpenStack and Xen technologies.
-Service Organization Control (SOC) Reporting : assisted in both field work and reporting phases of SOC 1 and SOC 2 reporting within a variety of industries including cloud computing/virtualization.
-AT101 Reporting – assisted in both field work and reporting phases of AT101 reporting around the application software development life cycle.
-Enterprise Resource Planning (ERP) : conducted audit procedures around privileged user access, segregation of duties (SoD) and risk analysis and remediation (RAR) within the SAP environment of an oil and gas company.
-IT General Controls (ITGCs) : assisted in the audit of ITGCs for clients including Fortune 100 companies, completing walkthroughs and documentation for change management, logical access, and other ITGC.
-Application Controls : assisted in the audit of application controls for several clients, including Fortune 100 companies
Industry Lines
-Oil & Gas
-Technology
-Cloud Computing/Virtualization
-IT Hosting
-Manufacturing
-Construction
-Telecommunications
-Real Estate
2012 : 2014
EY
IT Risk and Assurance (ITRA) Staff
Salesforce
Senior Manager, Business Technology Risk Management & Information Security
2020 : 2021
EY
Technology Risk Senior Manager
2017 : 2020
EY
Technology Risk Manager
As a Senior in the Risk practice of Ernst & Young LLP, I specialize in the delivery of Information Technology (IT) Risk Assurance and Advisory services including Information and Data Security, Third-Party Reporting (SOC 1, SOC 2, SOC 3, and AT 101 SDLC), Information Security assessment and implementation, and ISO 27001 certification and implementation. Key skills exhibited include effective communication with clients regarding complex issues and effective project management skills.
Engagement Experience
-Cloud Computing/Virtualization/Managed Hosting : supervised field work related to security surrounding cloud environments (including Open Stack and Xen technologies) and managed hosting services (including physical security and environmental controls).
-Service Organization Control (SOC) Reporting : supervised field work and reporting phases of SOC 1, SOC 2, and SOC 3 reporting within a variety of industries ranging from cloud computing/virtualization/managed hosting to banking software development/hosting. Played an integral role in the issuance of more than 30 SOC reports.
-AT 101 Reporting : supervised field work and reporting phases of AT 101 reporting around the application software development life cycle (SDLC).
-ISO 27001 : served as auditor on ISO 27001 certification for managed hosting company. Underwent one-week training related to ISO 27001/27002 standard, culminating in certification as ISO 27001 Lead Auditor/Lead Implementer.
-FFIEC Readiness Internal Audit : supervised engagement to determine FFIEC readiness for banking software development company in capacity of internal audit. Included extensive research related to FFIEC review guidelines/procedures.
2014 : 2017
EY
IT Risk and Assurance (ITRA) Senior
As a Staff in the Advisory Services practice of Ernst & Young LLP, I specialize in the delivery of Information Technology (IT) Risk Assurance and Advisory services including Assurance Support, Information and Data Security, Third-Party Reporting and Information Security assessment and implementation.
Engagement Experience
-Cloud Computing/Virtualization : assisted in field work related to security surrounding cloud environments, including an analysis of OpenStack and Xen technologies.
-Service Organization Control (SOC) Reporting : assisted in both field work and reporting phases of SOC 1 and SOC 2 reporting within a variety of industries including cloud computing/virtualization.
-AT101 Reporting – assisted in both field work and reporting phases of AT101 reporting around the application software development life cycle.
-Enterprise Resource Planning (ERP) : conducted audit procedures around privileged user access, segregation of duties (SoD) and risk analysis and remediation (RAR) within the SAP environment of an oil and gas company.
-IT General Controls (ITGCs) : assisted in the audit of ITGCs for clients including Fortune 100 companies, completing walkthroughs and documentation for change management, logical access, and other ITGC.
-Application Controls : assisted in the audit of application controls for several clients, including Fortune 100 companies
Industry Lines
-Oil & Gas
-Technology
-Cloud Computing/Virtualization
-IT Hosting
-Manufacturing
-Construction
-Telecommunications
-Real Estate
2012 : 2014
EY
IT Risk and Assurance (ITRA) Staff
Company:
Salesforce
Years of Experience:
17
Skills
Access, Accounting, Analysis, Auditing, Cloud Computing, CPA, Information Security, Information Technology, Internal Audit, IT Audit, IT Controls, Microsoft Excel, SAP, Sarbanes-Oxley Act, Security, Virtualization
About
Specialties: Third party attestation and SOC reporting, Information Systems auditing, financial statement auditing, IT consulting
Sector experience: Financial Technology (FinTech); Technology, Media, & Telecommunications (TMT); Oil & Gas
Profile Photo
