John M Knezic
Director Advisory, Technology Risk
John is a Director in KPMG’s Technology Risk practice with more than 8 years of experience in technology risk management. John has extensive experience in IT risk and consulting engagements, including first line technology processes assessments, first and second line technology control assessments, cloud migration and current state cloud assessments, IT internal audit outsourcing, and Sarbanes-Oxley assistance services. John’s engagement experience has been in multiple sectors and technologies, with a focus on financial services and AWS Cloud. John is a leader in KPMG’s Cloud Center of Excellence where he is leveraging his technical AWS skills to develop creative solutions that help organizations effectively mitigate risk.
Professional and industry experience
7+ years of experience scoping, managing, and testing SOX general IT and application controls for a Fortune 100 global financial services company.
3+ years managing non-SOX 1st and 2nd line technology controls assessment workstreams for a Fortune 100 global financial services company, with a focus on various highly technical domains, including but not limited to cloud-based technology controls, cyber security, logical security, cryptography/key management, data protection, change management/DevOps, and resiliency.
Assisted with an AWS migration and data transformation initiative at a Fortune 100 global financial services company through translation of on-prem control coverage to the cloud’s unique infrastructure and ensuring cloud risk points are addressed through shared responsibility considerations. Identified gaps and provided control recommendations on emerging technologies.
Managed and executed ongoing process assessments over all critical tech processes to ensure alignment, or identify gaps, with risk mitigation strategies defined in industry frameworks (Ex: NIST-CSF, COBIT, ISO27001, FFIEC, etc.) at a Fortune 100 global financial services company.
Assisted in the development of an enterprise continuous controls monitoring program to demonstrate sustainability and ongoing effectiveness of the technology control environment to address regulatory findings at a Fortune 100 global financial services company.
Assisted in the initial development of a Sarbanes-Oxley program prior to the Initial Public Offering through IT SOX system and technology control scoping across the environment. Provided ongoing assistance of SOX internal control testing to demonstrate compliance with SOX requirements.
Managed various External Audit support engagements from start to finish through scoping and testing of technology processes, systems, and controls in alignment with PCAOB requirements.