Stefan Carlson

Senior Manager, EY Consulting (Technology Risk)
Web Resume

About Me

I am a Senior Manager in EY's Consulting practice. I lead multiple global managed service teams (currently 45+ team members) who enable our Fortune 100 Cloud Service Provider client to achieve IT security and privacy compliance across thousands of microservices in multiple cloud environments. I advise client executives on how to modernize their IT compliance programs to meet rapidly changing regulatory standards in information security and data privacy. I apply my technical product management skillset (in Cloud/Business Applications) to develop and implement modern, scalable solutions for my clients. I apply a particular focus on mentorship and coaching within my teams and I enjoy serving as a mentor to multiple individuals in the Technology industry.

My Education

September 2010 - June 2014

University of Washington, Michael G. Foster School of Business

Bachelor of Arts (BA), Business Administration: Information Systems

Graduated with magna cum laude honors (top 3.5% of class), achieving an overall GPA of 3.89.

My Certifications

July 2017 - Present

Certified Information Systems Auditor (CISA) - Passed exam with a score in the top 5% of participants.

My Skills

Program Management

Managing several interrelated IT projects from end to end, ensuring overall value for the organization is maximized.

IT Audit

Evaluation of an organization's information technology infrastructure, policies and operations as it relates to the organization's financial statement. Control types include: access management, change management, IT operations, security configuration, entity level controls, and automated business controls.

Third Party Reporting Attestations

Evaluation of an organization's information technology infrastructure, policies and operations as it relates to the confidentiality, availability, and integrity of customer's data. Control types include: information security (encryption, data management), public key infrastructure, access management, change management, and business continuity management.

Web Design

Front-end (client side) design of small to medium sized business websites, enabling brands to communicate their story via the web.

Digital Marketing

Targeted, measurable, and interactive marketing of products or services using digital technologies to reach potential customers and retain them.

Language skills


Hobbies & Interests

  • Golf
  • Photography
  • Snowboarding
  • Travel
  • Audiophile

My Experience

July 2014 - Present Senior Manager, EY Consulting (Technology Risk)


Established and currently manage multiple continuous monitoring programs for a Fortune 100 Technology corporation, leveraging automation and our global delivery team to enable scalable compliance across hundreds of services in multiple cloud environments. Functions include:

‣ Identification and prioritization of risk related to cloud, cyber security, data privacy, and financial IT compliance

‣ Design and implementation of appropriate mitigating controls and procedures, leveraging automation to mitigate risk at scale

‣ Establishing executive-level reporting and communication to drive effective, timely remediation

‣ Technologies leveraged: Power Automate, PowerApps/Dynamics CRM, Forms, SharePoint, RPA

Managed the technical design/implementation of multiple compliance automation products at a Fortune 100 Technology corporation. Functions included: establishing the product vision, roadmap, technical architecture, and functional specifications, as well as managing the product development through deployment

Developed a baseline IT risk and control framework for emerging technologies, specifically a royalties-based blockchain solution leveraging the Quorum platform

Led numerous operational IT/business risk and control assessments to identify areas of performance improvement in highly complex environments; designed/facilitated a training program to establish risk and control knowledge within the engineering organization

Supported the establishment of data privacy programs for multiple clients in the Technology sector to address the GDPR

IT Audit

Led numerous SOX 404/Financial Statement audits for corporations in the Technology, Biopharmaceutical, Manufacturing, and Gaming sectors. Functions include:

‣ Control design and operating effectiveness testing related to access management, change management, IT operations, security configuration, entity level controls, and automated business controls.

‣ Leading process walkthrough meetings with process owners to identify potential risks within the IT environment, and IT controls which address such risk.

‣ Technologies: Oracle E-Business Suite, SAP, UNIX, Sage, OS/400, Mainframe, SQL DB, Windows Server.

Third Party Reporting Attestations

Performed multiple third party reporting attestation projects for a Fortune 100 Cloud Service provider, including SOC 1, SOC 2, SOC 3, and WebTrust for CA.


Served as a Guest Lecturer in IT Compliance at the University of Washington's Foster School of Business Master of Professional Accounting (MPAcc) Program

January 2010 - June 2014 Co-Founder, Lead Designer

Co-founded a design, development, and web hosting services provider. Primary functions included:

‣ Managed a client base of over 200 small to medium sized businesses

‣ Managed web and graphic design projects utilizing MS Excel, MS Project, and Google Docs

‣ Researched and successfully targeted the high end restaurant market segment for web design

‣ Approved and active as a Themeforest author for businesses around the world

April 2013 - October 2013 Junior Graphic Designer

Served as the Junior Designer for a Seattle based startup design firm in a team of four. Primary functions included:

‣ Collaborated with a local boutique consulting firm on keynote address slide decks, web design, digital marketing, and communication strategy for notable Fortune 500 companies

‣ Attended and spoke in an RFP pitch meeting for a design project worth over $500k per year

‣ Awarded 50% pay raise after less than a month of full time work based on performance

‣ Translated business strategy and brand objectives into strategic design and communication


Don’t hesitate to contact me!

Use Contact Form
Social Media

Send me an e-mail