Skip to main content
MC
Open to opportunities

Mark Crowder

@markcrowder

I’m an IT Audit and GRC leader translating risk and controls into clear, actionable insights.

United States
Message

What I'm looking for

I’m looking for a role where I can lead SOX/ITGC and broader GRC testing, strengthen control environments, and communicate risks in plain English—using modern AI tools to speed evidence review and improve actionable risk reporting.

I lead IT Audit and GRC programs across large financial institutions, with deep expertise in SOX (302/404) and IT General Controls. I’m known for translating complex risk and control concepts into plain English so business and executive stakeholders can act quickly and confidently.

In my current role as a GRC Analyst, I lead end-to-end SOX 404 and SOC testing across business and technology domains—scoping, risk assessment, control design, testing, and executive reporting. I support cloud transformation by assessing control impacts and helping redesign controls to align with modern architectures.

Earlier, I served as a Senior IT Auditor and information security GRC analyst, delivering high-quality testing across corporate, cybersecurity, and cloud (AWS) environments. Across teams and clients, I’ve strengthened compliance posture, improved control environments, coordinated offshore testing, and used Copilot, ChatGPT, and Claude to accelerate documentation, evidence review, and smarter risk analysis.

Experience

Work history, roles, and key accomplishments

RGP logoRG
Current

GRC Analyst

Oct 2023 - Present (2 years 9 months)

Led end-to-end SOX 404 and SOC testing for Capital One across multiple business and technology domains, including scoping, risk assessment, control design, testing, and deficiency evaluation. Produced executive-ready reporting and redesigned controls for cloud transformation, using AI tools to streamline documentation and testing workflows.

KPMG logoKP

Senior Information Security GRC Analyst

Oct 2020 - Oct 2023 (3 years)

Supported multiple clients by reviewing and validating ITGC, SOX, and cloud (AWS) control testing aligned to NIST and COBIT frameworks. Coordinated offshore testing, assessed cloud configurations (including Amazon RDS), and maintained ITGC policies, procedures, and control matrices to support GRC programs.

EY logoEY

Senior IT Auditor

Oct 2018 - Oct 2020 (2 years)

Led IAM and PAM-focused assessments for a large university, evaluating security processes, technologies, and governance structures. Identified control gaps, delivered prioritized recommendations, and presented findings to technical teams and senior leadership.

Huntington Bank logoHB

Cyber Security Engineer

Oct 2016 - Oct 2018 (2 years)

Supported internal controls and SOX compliance initiatives by evaluating internal and third-party technology risks against security, e-commerce, and regulatory requirements. Served as a primary reviewer for control testing and led control design and implementation efforts across audit teams, business units, and executive stakeholders.

JP Morgan Chase Bank logoJB

Cyber Security Engineer

Oct 2012 - Oct 2016 (4 years)

Managed third-party IT risk by analyzing and classifying risk severity across vendors and applications, partnering with stakeholders to drive timely risk mitigation. Maintained a 98% on-time closure rate across vulnerabilities, vendor issues, and remediation efforts.

Education

Degrees, certifications, and relevant coursework

II

IUPUI (Indiana University – Purdue University Indianapolis)

Bachelor's Degree, Computer Science

Earned a Bachelor's degree in Computer Science from IUPUI.

Tech stack

Software and tools used professionally

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan