Mark Crowder
@markcrowder
I’m an IT Audit and GRC leader translating risk and controls into clear, actionable insights.
What I'm looking for
I lead IT Audit and GRC programs across large financial institutions, with deep expertise in SOX (302/404) and IT General Controls. I’m known for translating complex risk and control concepts into plain English so business and executive stakeholders can act quickly and confidently.
In my current role as a GRC Analyst, I lead end-to-end SOX 404 and SOC testing across business and technology domains—scoping, risk assessment, control design, testing, and executive reporting. I support cloud transformation by assessing control impacts and helping redesign controls to align with modern architectures.
Earlier, I served as a Senior IT Auditor and information security GRC analyst, delivering high-quality testing across corporate, cybersecurity, and cloud (AWS) environments. Across teams and clients, I’ve strengthened compliance posture, improved control environments, coordinated offshore testing, and used Copilot, ChatGPT, and Claude to accelerate documentation, evidence review, and smarter risk analysis.
Experience
Work history, roles, and key accomplishments
Led end-to-end SOX 404 and SOC testing for Capital One across multiple business and technology domains, including scoping, risk assessment, control design, testing, and deficiency evaluation. Produced executive-ready reporting and redesigned controls for cloud transformation, using AI tools to streamline documentation and testing workflows.
Supported multiple clients by reviewing and validating ITGC, SOX, and cloud (AWS) control testing aligned to NIST and COBIT frameworks. Coordinated offshore testing, assessed cloud configurations (including Amazon RDS), and maintained ITGC policies, procedures, and control matrices to support GRC programs.
Led IAM and PAM-focused assessments for a large university, evaluating security processes, technologies, and governance structures. Identified control gaps, delivered prioritized recommendations, and presented findings to technical teams and senior leadership.
Supported internal controls and SOX compliance initiatives by evaluating internal and third-party technology risks against security, e-commerce, and regulatory requirements. Served as a primary reviewer for control testing and led control design and implementation efforts across audit teams, business units, and executive stakeholders.
Managed third-party IT risk by analyzing and classifying risk severity across vendors and applications, partnering with stakeholders to drive timely risk mitigation. Maintained a 98% on-time closure rate across vulnerabilities, vendor issues, and remediation efforts.
Senior IT Auditor
Executed control testing across corporate, business, and cybersecurity functions, identifying risk trends and improving control effectiveness. Led walkthroughs and validation testing, served as an SME, and coached team members to improve testing quality and efficiency.
Education
Degrees, certifications, and relevant coursework
IUPUI (Indiana University – Purdue University Indianapolis)
Bachelor's Degree, Computer Science
Earned a Bachelor's degree in Computer Science from IUPUI.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Job categories
Interested in hiring Mark?
You can contact Mark and 90k+ other talented remote workers on Himalayas.
Message MarkGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
