David Malcom
Internal Audit / Cyber Security / Risk Management
Chicago,IL
Summary
A creative thought leader with extensive experience in audit, information technology, cyber security, data analytics, and risk consulting, with a proven record of leading and developing high-performing teams and transforming global organizations through data-driven strategies. A passionate advocate for creating optimal experiences for employees and clients while nurturing the next generation of leaders.
Overview
18
18
years of professional experience
2
2
Certifications
Work History
VP. Technical Due Diligence
RIVERWALK VENTURE CAPITAL
12.2023 - Current
- As part of a start-up venture capital fund, responsible for evaluating the security and operating resiliency of all investment opportunities that included a technology component
- Developed a reusable approach to assess the reliability and security posture of potential investment opportunities
- Interviewed target company leadership, including CEOs and CIOs to understand the organization’s technical environment and how it is managed and secured
- Reviewed documentation to validate adequate controls existed that would not create a material impact on the investment in the organization
- Where improvements could be made, communicated these to target company leadership.
Senior Vice President, Deputy Chief Audit Executive
THE NORTHERN TRUST COMPANY
08.2021 - 10.2023
- As a Managing Director on the Audit Services Leadership team, established a digital transformation auditing capability to identify and evaluate the management of risks associated with emerging technologies including artificial intelligence (AI), blockchain, natural language processing, robotic process automation, and data analytics
- Named the 2023 Auditor of the Year by the Institute of Internal Auditors (Chicago Chapter)
- Transformed the Data Analytics team within Audit Services through the implementation of a new customer-centric operating model, resulting in the development of advanced solutions and data-driven risk profiling capabilities
- The use of data analytics rose to approximately 89% of audits on the annual plan
- Applied a data-driven strategy across department operations, resulting in the optimization of resources, enhanced management and board reporting, and real-time risk identification
- Completed a six-month secondment to the Technology department to implement a data-driven strategy for identity and access management
- This transformation program introduced the use of advanced analytics, AI, and data visualization to enhance access management controls
- Represented Audit Services on cross-functional committees to assess risk and controls related to emerging technologies
- This included an AI Working Council to create a governance model for the use of AI (including Generative AI) across the bank.
Managing Director, Global IT Internal Audit and Advanced Analytics Lead
ACCENTURE
12.2015 - 08.2021
- Oversaw the global IT audit team providing the Board of Directors with an independent perspective on the management of technology risk across the organization
- Led Internal Audit’s Advanced Analytics capability, creating data-driven capabilities to enhance the end-to-end audit process
- Mentored and coached a global team of over 40 professionals based in Chicago, Ireland, India, and the Philippines
- Served as the senior leader for Internal Audit’s teams in North and Latin America
- Regularly presented to Accenture’s Audit Committee to inform them of Internal Audit activities, providing an independent view on the organization’s management of the risk landscape
- Represented Accenture Internal Audit as a speaker at multiple audit, technology, and security conferences
- Supported Accenture sales opportunities in the internal audit domain
- Implemented new technologies to digitally transform Internal Audit, including a new audit management system (Audit Board), a new Advanced Analytics platform powered by Google Cloud, and a Contact Management System utilized to support the risk assessment process (Dynamics 365).
Chief Information Security Officer (CISO)
HYATT HOTELS CORPORATION
03.2011 - 06.2012
- Defined the information security strategy for 480+ properties in 45 countries
- Oversaw the information security organization, including outsourcing providers that performed Managed Security Services (MSS) and Security Operational Center (SOC) responsibilities on behalf of Hyatt
- Owned and managed all IT security policies, the organization’s data classification strategy, and the implementation of data loss prevention capabilities for over 30,000 global users of Hyatt’s network and applications
- Advised corporate functions and property owners on all matters related to cyber security
- Presented regular updates to the Executive Leadership Team and the Audit Committee of the Board of Directors
- Represented Hyatt as a speaker at several large information technology and hospitality conferences on various cyber security topics.
Senior Manager, Internal Audit
ACCENTURE
06.2006 - 02.2011
- Managed the transition of the IT Internal Audit team from outsourced to in-house, developing a new IT risk framework, standard IT work programs, job descriptions, and operational procedures
- Oversaw the completion of the IT risk assessment process and development of the annual audit plan
- Prepared technical, detail-oriented reports and audit findings to executive leadership and the Audit Committee
- Performed audits of areas including the IT organization’s transition to the cloud, multiple large-scale SAP implementations, cyber security, and delivery of technology services to clients (including the use of offshore delivery centers in India, China, and the Philippines
- Provided guidance to the CIO organization on IT operational policies and procedures
- Supported Legal on internal investigations related to breakdowns in IT controls.
Manager – Systems and Process Assurance
PRICEWATERHOUSECOOPERS
Corporate Internal Auditor
PEPSIAMERICAS
Technology Risk Consultant
ARTHUR ANDERSEN
Education
Bachelor of Arts (BA) - Accounting
Illinois Wesleyan University
Bloomington, IL05.2020
Skills
Excellent Communication
Websites
Certification
Certified Information Systems Auditor (CISA), Information Systems Audit and Control Association (ISACA)
Speaking Engagements
- MIS Training Institute (MISTI) Audit and Controls Conference, 10/01/09, Internal Audit’s Role in Data Privacy
- CSO Magazine’s The Security Standard Conference, 09/01/11, Preparing Your Company and Budgets for Consumerized IT
- HMG Strategy’s 2012 CIO Summit of America, 01/01/12, Enterprise Transformation: Cloud Computing
- IDG Enterprise’s Consumerization of IT in the Enterprise, 03/01/12, Mobile Device and BYOD Strategies (panel) and Mobile Device Management and Policy
- ISACA’s North America CACS Conference, 04/01/13, Auditing IT Vendor Capabilities
- Thompson Reuters GRC User Forum Road Show, 10/01/13, Leveraging Your Technology to Evolve Internal Audit’s Place in Your Organization
- ISACA’s North America CACS Conference, 05/01/16, Best Practices in Audit Committee Reporting
- MISTI Super Strategies, 09/01/16, Leveraging Technology to Increase Audit Efficiency
- ISACA’s North America CACS Conference, 05/01/17, Internal Audit’s Role in Strengthening Cybersecurity
- ISACA’s North America CSX Conference, 10/01/18, Governance and Risk Management over Robotic Process Automation
- IIA’s Global Audit Management Conference, 03/01/19, Innovation in Audit, Future-focused Auditors Discuss What’s Next
- IIA’s Global Audit Management Conference, 03/01/23, Strengthening the Three Lines through Data Driven Collaboration
- IIA’s Global Audit Management Conference, 03/01/24, Large Language Models’ (LLMs) in Audit – Catalyst or Crutch
Board Experience
Posse Foundation, Chicago, IL, Advisory Board Member, 01/01/15, Current, Posse Foundation identifies and trains young people with extraordinary potential that may be missed by elite colleges due to traditional college admissions processes. Posse places Scholars in supportive, multi-cultural groups of 10 students (Posses). With mentoring and full-time tuition leadership scholarships awarded by partner colleges, Posse Scholars graduate at a rate of 90%. Posse’s partner colleges have awarded more than $2 billion in scholarships to 12,000 Scholars.
Timeline
VP. Technical Due Diligence
RIVERWALK VENTURE CAPITAL
12.2023 - Current
Senior Vice President, Deputy Chief Audit Executive
THE NORTHERN TRUST COMPANY
08.2021 - 10.2023
Managing Director, Global IT Internal Audit and Advanced Analytics Lead
ACCENTURE
12.2015 - 08.2021
Chief Information Security Officer (CISO)
HYATT HOTELS CORPORATION
03.2011 - 06.2012
Senior Manager, Internal Audit
ACCENTURE
06.2006 - 02.2011
Manager – Systems and Process Assurance
PRICEWATERHOUSECOOPERS
Corporate Internal Auditor
PEPSIAMERICAS
Technology Risk Consultant
ARTHUR ANDERSEN
Bachelor of Arts (BA) - Accounting
Illinois Wesleyan University