Profiles search

Mark Lavery, CISA, CISM, CRISC, CGEIT

Senior Manager, Cybersecurity Audits
Ft. Washington, MD, United States

Details

Education: BBA

Marketing Management

University of Notre Dame

1995
Experience: As Senior Manager of IT audit at Leidos, I leverage extensive experience in ensuring compliance with key government contracts. With a focus on maintaining high security standards, I have successfully worked with frameworks such as NIST 800-171 and DFARS to establish robust cybersecurity protocols. I am working towards guiding the organization to compliance with CMMC 2.0. Through a risk-based audit plan, my team assess vulnerabilities and assures effective control measures to mitigate emerging technical threats. My expertise lies in identifying and addressing potential security gaps, while ensuring the company's adherence to regulatory requirements.

I leverage a comprehensive understanding of government contracts to work to navigate complex compliance landscapes. I am responsible for development of the IT portion of the yearly audit plan. By leveraging industry best practices, and ensuring managers and staff are trained and up to date on their certifications my group is a trusted advisor and helps to advance the organization's security posture.

2022 : Present

Leidos

Senior Cybersecurity Audit Manager

Assumed a role in IT Leadership for Booz Allen Hamilton, a Fortune 500 company that partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise.



Led and conducted information systems and operational audits in accordance with the annual audit plan approved by the Board of Directors. Led internal effort ensuring that the corporation complies with federal requirements, specifically NIST 800-53 and DFARS (NIST 800-171). Responsibilities include developing audit programs; determining control objectives; analyzing security risks/exposures; evaluating data, preparing work papers, writing recommendations, and drafting audit reports for CAE review before issuing.

Expanding audit work into emerging threats, Internet of Things, 3D printing, machine learning and robotic processes. My job requires threat evaluation and robust review of important company missions.

2017 : 2022

Booz Allen Hamilton

Senior Manager, IT Audit

Plan, lead and conduct information systems and operational audits in accordance with the Annual Audit Plan. Assist external auditors in ensuring that the corporation complies with all Sarbanes-Oxley requirements. Responsibilities include developing audit programs; determining control objectives; analyzing security risks/exposures; evaluating evidentiary data, preparing work papers, writing recommendations, and drafting audit reports for CAE review before issuing.

2015 : 2017

Orbital ATK

IT Audit Principal

Managing I.T. Auditor, Audit and Advisory Services

Plan and conduct information systems and operational audits in accordance with the Annual Audit Plan. Responsibilities include developing audit programs; determining control objectives; analyzing security risks/exposures; evaluating evidentiary data, preparing work papers, writing recommendations, and drafting audit reports for CAE review before issuing.

My approach when auditing is to develop a Risk and Control Analysis (audit program) for the area under review - first identify the business objectives, then determine the risks factors that could prevent the business from achieving its objectives. Next, identify the controls in place to mitigate identified risks, and finally list the detail audit steps to test the controls to determine whether the controls are functioning as intended. This method is very effective in showing the engagement client a simple, but detail risk matrix that list the business risks, the controls, and the audit steps related to the business objectives.

2011 : 2015

National Geographic

IT Audit Manager

Manage procurement, inventory and installation of all Macs and PCs for an organization of 1900 people. My group maintained these systems as well as handling connectivity issues, logistics for projects and connectivity to offices in NY, Detroit, Chicago and Los Angeles.

1996 : 2011

National Geographic Society

Operations Manager, Information Systems and Technology
Company: Leidos
Years of Experience: 28

Skills

Analytical Skills, Auditing, Business Analysis, Business Process Improvement, Capability Maturity Model Integration (CMMI), Certified in Risk and Information Systems Control (CRISC), CISA, CISM, Customer Relationship Management (CRM), Customer Service, Cybersecurity, DFARS, Disaster Recovery, Enterprise Risk Management, Information Security, Information Security Management, Information Technology, Internal Controls, Inventory Management, IT Audit, ITIL, IT Risk Management, IT Security Assessments, Leadership, Management, Negotiation, Networking, Network Security, NIST 800-53, NIST 800-171, Operational Excellence, People Development, PMP, Process Improvement, Program Management, Project Management, Risk Management, Sarbanes-Oxley Act, SDLC, Security, Social Media, Soft Skills, Strategic Planning, Strategy, Vulnerability Assessment

About

More than 20 years experience in IT / IT Auditing. After a successful career as a Senior IT manager I transitioned to IT Audit. I work well with other managers as well as my subordinates. I believe that work should be, within reason, as enjoyable as possible and I strive to make it that way.



Auditing, I've found, is the science of fact. You don't have to be imposing or threatening to do a good job. A good auditor should dispassionately identify risks and evaluate controls. A great auditor can identify weaknesses in the process, explain them to management and have stakeholders thinking that a good audit is needed now and then.