David Graham is an executive and a consultant in the global financial services, telecom, sustainability and energy, healthcare, and BPO service sectors. He is an experienced Technology and Operations Risk Management professional, CRO, IT program manager, decision consultant, data analytics and process engineer, and expert IT auditor.

1. Functional Experience
 ITGC, Sarbanes Oxley,
PCI-DSS, HIPPA /
HiTRUST, Compliance,
GLBA, FDICIA, BASEL,
SSAE16-SOC1 / SOC2,
FACTA, KYC, BSA/AML,
OTS/FDIC
 Internal / External Audit
 Program / Project
Management
 Data Analytics (Minitab,
ACL, R)
 Analysis: ROI, Feasibility
Study
Industry Experience
 Financial Services
 Business Process
Outsourcing (BPO)
 Healthcare
 Sustainability / Energy
Systems Experience
 Platforms: IBM AS 400,
AIX/Unix, Windows
 Tools: MS Office, Adobe
CSx, Visio, TeamMate,
Minitab, ACL, SCSM, R
 SIEM: SolarWinds, RSA
 Apps: MetricStream,
Bankmaster, Alltel, Milvus,
Portia, Fiserv CBS, Vision,
and Precision, Kirchman,
Jack Henry, IBS, Profile,
Systematics, Miser, NICE,
Mercury, Impacs. OMR
 ERP: Peoplesoft,
ORACLE, SAP, BAAN
Certifications
 Certified Information Systems
Auditor (CISA)
 Certified Fraud Examiner
(CFE)
 Certified Lean Six Sigma
Green Belt (CLSSGB)
 Information System
Professional (ISP)
Education
 Stanford University
 MIT
 Florida Atlantic University
 Athabasca University
David W. Graham, CISA, ISP, ITCP, CLSSGB, CFE
Executive Summary
David Graham, is a highly professional and seasoned Information Technology Audit, Compliance,
Business Process, and Data Analytics professional. He brings over 20 years of Technology and
Operations Governance, Risk, Compliance, and audit experience from a verity of industries, with
a strong emphasis on the financial and banking sectors. His experience has been gained through
firms such as KPMG Canada, Ernst & Young, the former Arthur Andersen, his own independent
practice, and with Experis. His work included assessing and monitoring compliance with many
international and national regulations and technology guidelines. David also has experience
interacting with regulators, and has acted as liaison to leading audit firms.
Professional Experience
 Successfully provided IT security, audit and compliance consulting services for 30
international and regional financial firms: Old Mutual, Assurant, FIS Global, Citigroup, RBS,
Scotia Bank International, TD Bank, Deutsche Bank, ING, CIBC, Fidelity, Butterfield Bank
Bermuda / London / Cayman / Guernsey, First Bank-Taiwan, BankUnited, BankAtlantic,
Ocean Bank, TotalBank, Optimum Bank, IFB, Commercial Bank of Florida, FNBC, etc.
 MIT-Big Data, Stanford–Business Risk, and FAU–Lean Six Sigma & PM certificate graduate
 Successfully conducted international IT Infrastructure and application systems reviews,
conversions, and post implementation reviews involving many ERP and banking systems.
 Successfully provided business and technology consulting services to telcom client Telus-
Canada; aerospace contractors HEICO Aerospace and CAE; health care industry client
Mariner Health Care and Ontario Ministry of Health; and, BPO client C3.
 Performed a data integrity analysis of a major bank’s Asset-Management Department’s
portfolio management system and recovered approximately $500,000 on a single audit
engagement project.
 Successfully lead an IT Audit department for an International Bank that oversaw the
operations of subsidiary offices in several global jurisdictions.
 Successfully completed a recent RSA Envision Security Information Event
Management/SIMS review at FIS Global.
 Successfully developed the information security & privacy policy for the American Institute of
Certified Public Accountants (AICPA)
 Successfully conducted network security audits, including Check Point Firewall at several
major financial organization.
Business Experience
 Expert IT Infrastructure, Applications, CoB, Security, Risk, Compliance, & Audit practitioner.
 Lean Six Sigma Process Improvement Engineer, Big Data Analysis practitioner.
 Team Leadership/Supervision, Business Analysis, Project Management.
 Financial Institution Operations Risk Management .
 SAS 70/SSAE 16 (SOC1/SOC2), Sarbanes-Oxley 404, GLBA, PCI-DSS, Basel II/III
compliance assessment practitioner.
 Enterprise Vendor/Supplier Risk Management analyst.
 Financial Institutions, Asset Management, Cash Management, ATM Services, Payment
Processing, AML and Fraud Analysis, ACH Operations review, BRD, FRD practitioner.
Career Assignments
May 2014 – Oct 2015: C3/CustomerContactChannels–Corporate Audit & Analytics Consultant
July 2013 – Apr 2014: Experis Finance – IT Audit and Security Risk Consultant at FIS Global
Jan 2012 – Jul 2013: Citigroup – Global PM & Lead Risk Analyst–Enterprise Supplier Risk
Sep 2010 – Present: Energy Technology Risk Advisors, LLC – Principal, IT Risk Consultant
Apr 2008 – Oct 2009: Ocean Bank – Vice President, IT Audit Supervisor
Jul 2005 – Mar 2008 Accume Partners – Senior Manager, IT Risk & Compliance Consulting
May 2005 – Jul 2005: Protiviti – SOX IT Project Consultant (Consulting Assignment)
May 2004– May 2005: Ernst & Young – Manager, Technology & Security Risk Services
Aug 2002 – May 2004: McArthur Graham & Associates – President & IT Risk Consultant
Jan 2001 – July2002: KPMG Canada – Manager, Information Risk Management
Feb 1997 – Jan 2001: Butterfield Bank Bermuda – Senior IT Auditor
Mar 1991 – Feb 1997: Government of Ontario – Senior EDP Auditor + IT Audit Manger