Your browser version is outdated. We recommend that you update your browser to the latest version.

Anthony Lorraway, CISA

Anthony is the Principal of AJL Consulting.  He has worked with a wide range of complex IT environments including financial services, telecommunications, technology, manufacturing, and government sectors in Canada, USA and Australia.  He has extensive experience in IT audit and advisory roles over a 30 year period in numerous industries and diverse project roles.  He has:

        • In-depth experience with IT risk, controls and audit, including internal audit, external audit, service organization controls (SOC), project quality assurance and risk assessment roles
  • Broad knowledge of business and IT processes and important controls needed to ensure resilient, reliable and secure operations
  • Led an IT assurance group in a regional business unit determining strategy and approach to the market
  • Led strong performing teams delivering excellent client service and impactful recommendations for change and enhancement of client operations

 

Professional Experience

 

Bell Canada - Senior Manager, IT audit - contract - Feb 2018 to current

  • Supporting Bell with several compliance initiatives including SOC1, SOC2, ISO27001 and Cyber security audit
  • See Bell Canada Profile for more details

MDMtoGO - IT Compliance Specialist - contract - Nov 2023 to Oct 2024

  • Supporting the company's ISO27001 and SOC2 Type 2 initiative
  • See MDMtoGO for more details

Clinia - IT Compliance Specialist - contract - June 2023 to Jan 2024

  • Supporting the company's SOC2 Type 2 initiative and Privacy Compliance
  • See Clinia for more details

Nest Wealth Asset Management Inc - IT Compliance Specialist - contract - July 2020 to Dec 2024

  • Supporting the company's SOC2 and Privacy initiatives
  • See Nest Wealth Profile for more details

ClaimsCorp Inc - IT Compliance Specialist - contract - Nov 2020 to Nov 2022

Tradelogiq Markets Inc. - IT Compliance Specialist - contract - July 2021 to Dec 2021

OANDA Corporation - IT Compliance Specialist - contract - Oct 2017 to June 2018, Sept 2018 to Dec 2019, Feb 2020 to June 2020

  • ​Supported the company with various compliance initiatives
  • See OANDA Profile for more details

KPMG - Senior Manager/Manager - full-time May 1996 to Jan 2015; contract Oct 2015 to Nov 2017

  • Supported the growth of the practice and delivery of significant client engagements within a wide range of IT risk, controls and audit, internal audit, external audit, service organization controls assurance, project quality assurance and risk assessment roles.  Key highlights include:
    • Managed a significant range of the firm's external IT audit requirements across significant entities within the financial services, technology services , retail and manufacturing industries.  Led the external IT audit for the firm’s largest client at the time, managing up to 15 personnel for an annual 7,000 hours over multi-locations and technology environments
    • Managed the service organization control (SOC) engagements for over 50 clients of varying complexity and scope
    • Performed an embedded project implementation role over a 2.5 year period managing the project QA role, data management validation and internal controls for a significant SAP implementation
    • Led numerous co-source internal audit engagements as the project manager including audit scoping and execution of specific projects
    • Executed many IT risk assessment and compliance engagements for Sarbanes Oxley or Canadian internal controls certification (ICC) requirements, IT Due Diligence assessments, and IT environment/application assessments
    • Performed numerous IT information security and cyber security including a cyber security assessment on a bank's proposed web and mobile banking environment
  • See KPMG Canada Profile for more details

Ernst and Young - Director Risk Assurance - full-time - Jan 2015 to July 2015

  • Led the development of the IT Risk Assurance portfolio for the Brisbane office, including external and internal IT audit support and service organization control (SOC) reporting. 
  • See EY Profile for more details

Defiance Mills Limited – Senior IT and Internal Auditor - full-time - 1990 to 1996

  • Specialized in providing IT audit services to the company's flour, bakery, aquafeed and agriculture operations, as well as performing operational and financial internal audits for the company

 

 

Education and Certifications

  • Project Management Institute, USA - Project Management Professional (PMP), 2013 - 2018
  • ISACA, USA - Certified Information Systems Auditor (CISA), 1992 - 2022
  • University College of Central Queensland, Rockhampton, Queensland
    • Graduate Diploma of Management (Information Systems Management Program), 1990
    • ​Bachelor of Business (Accounting), 1985

 

 

Technical Skills

  • Applications

Strong understanding of security and functionality within SAP ECC, CRM and BW; Oracle Financials, JD Edwards, SalesForce.

  •  Operating Systems

Strong understanding of the security principles within Unix variants, iSeries and Windows environments. 

  •  Databases

Strong understanding of Oracle and SQL databases.

  •  Networks

Good understanding of cloud infrastructure security requirements in particular AWS Cloud, firewalls and other network devices and related cyber-security tools and techniques (such as IPS, IDS, SIEM, CTI).

  •  Processes

- Strong understanding of ITIL, Agile, DevOps, COBIT, ISO 27001/27002, NIST cybersecurity framework, PMBOK

- Working knowledge of various IT tools including ServiceNow, Remedy, Jira, Confluence