GRF - Tom Brown

Thomas Brown, CISA, Security+, CAPM

Senior Analyst, Risk & Advisory Services

Biography

Thomas Brown is a Senior Analyst in GRF’s Risk & Advisory Services department. He interacts with clients to show them potential weaknesses in their cybersecurity posture and provides guidance on next steps. Mr. Brown is responsible for performing IT Audits, fraud and forensic investigations, co-sourced internal audits, policy and procedure benchmarks, and third-party risk assessments. Additionally, he presents key observations and findings to clients and senior executives.

He also conducts risk assessments to identify, analyze, and review information technology, fraud, and other security risks and vulnerabilities facing organizations both externally and internally. This includes collaborating with clients to efficiently complete assessments and help identify the best ways to implement changes. Additionally, Mr. Brown manages the cybersecurity awareness training and phishing simulation programs for GRF and multiple clients. He recently achieved Certified Information Systems Auditor (CISA) certification.

Before joining GRF, Thomas worked as a Project Manager for managing the configuration and implementation of EMR systems at Epic.

Education and Certifications

  • B.S. in Management Information Systems and Marketing, Le Moyne College
  • Certified Information Systems Auditor (CISA)
  • CompTIA Security + ce
  • Certified Associate in Project Management from PMI (CAPM)
  • Certificate of Competency: ISO 27001:2013 Internal Auditor (TPECS)
    • IS- Information Security Management Systems
    • AU- Management Systems Auditing