Austin Rust

Experience

• 

  University of Montana

  Jul 2009 - Dec 2012

  Student
• 

  Tonka Cycle and Ski

  Jun 2011 - Aug 2012

  Mechanic
• 

  KPMG

  Jun 2012 - Aug 2012

  Intern - IT Advisory and Attestation
• 

  KPMG

  Jul 2013 - Feb 2016

  - Perform testing of General IT controls for auditing purposes- GITC risk mitigation- Testing of SOX, SOC 1/2/3, FISCAM/FISMA- Worked with Federal clients on high security audits- Inquire with clients to perform testing on IT and Financial controls- Provide technical insight and support the external audit team- Serve as the liaison between the IT, Business, Internal Audit, and External Audit teams - Multi-tasking and time management between different client engagements- Manage travel and planning for client specific needs- Train and manage coworkers for GITC and ITAC specific tasks and projects Show less

  • Senior Associate - Risk Consulting, IT Attestation

    Apr 2015 - Feb 2016

  • Associate - Risk Consulting, IT Attestation

    Jul 2013 - Apr 2015
• 

  Columbia Sportswear

  Feb 2016 - Mar 2019

  - Served as the primary liaison between internal and external audit teams, compliance, IT and upper management. - SME for compliance initiatives and a primary liaison to functional counterparts- Work and adapt with changing IT environment - DevOps, Agile, and CI/CD practices. - Consulting and training on IT control best practices based on industry standard frameworks: SOX, ISO 27001, NIST CSF. - Managed SOX ITGC control remediation and development - slashed deficiency count from 63 to 11 in one year - Remediation closure rate dropped from 96 days to -3 days in one year. - Transformed management's review of SOC1 reports, coverage over standard SSAE18. - Implementation manager and system administrator for Compliance and Auditing tool. Show less

  • GIS Risk & Compliance Analyst III

    Mar 2018 - Mar 2019

  • GIS Risk & Compliance Analyst I

    Feb 2016 - Mar 2018
• 

  PDC Energy, Inc.

  Mar 2019 - May 2020

  Information Security - Security GRC Specialist

  Designed, implemented, and manage 3rd Party Risk Management process - Create and administer Business Impact Analysis, external questionnaires/SIGs - Conduct interviews with process and application owners to determine risk and impact - Policy creation and implementation - Focused on data protection and controlsDesigned, implemented, and manage Security and Awareness training program - Run and report on simulated company-wide phishing campaigns - Implemented and administer 3rd party security tool - Daily monitoring and follow up of reported phishing emails - Conduct monthly and annual security training's - Created security incentives program - Policy creation and implementationImplementation of compliance frameworks (NIST CSF/800.53, CSA) Show less

• 

  Zoom

  Aug 2020 - now

  • Manager, Security GRC Technology

    Jun 2022 - now

  • Team Lead, Security Standards and GRC

    Nov 2021 - Jun 2022

  • Senior Analyst, Security Standards and GRC

    Aug 2020 - Oct 2021