Clayton Lowry
Risk Advisory Senior Manager
Clayton Lowry has many years of IT audit experience focused on IT internal audit, Sarbanes-Oxley (SOX) 404/Information Technology General Controls (ITGC) consulting and testing, System and Organization Controls (SOC) 1, SOC 2, and SOC for Cybersecurity engagements, internal control and process consulting, and information technology/security attestation and consulting. Clayton’s primary industries of focus include financial institutions and financial services, SaaS/PaaS/IaaS companies, healthcare, manufacturing, distribution, & logistics, technology, oil & gas, data processing, and consumer goods.
Clayton Lowry
Risk Advisory Senior Manager
Clayton Lowry has many years of IT audit experience focused on IT internal audit, Sarbanes-Oxley (SOX) 404/Information Technology General Controls (ITGC) consulting and testing, System and Organization Controls (SOC) 1, SOC 2, and SOC for Cybersecurity engagements, internal control and process consulting, and information technology/security attestation and consulting. Clayton’s primary industries of focus include financial institutions and financial services, SaaS/PaaS/IaaS companies, healthcare, manufacturing, distribution, & logistics, technology, oil & gas, data processing, and consumer goods.
Clayton is involved in more than 45 SOC reporting and ITGC engagements, including tests of identity and access management (application/network/DB/OS/hardware layers), data governance, Software Development Life Cycle (SDLC) and change management, IT operations, system availability (BCP/DRP design and testing), and confidentiality and privacy practices. He is knowledgeable in the following Enterprise Resource Planning (ERP) systems: SAP, JD Edwards, Microsoft GP, Horizon, FIS, AS400, and Jack Henry. Clayton has additional experience in information technology control frameworks such as Control Objectives for Information and Related Technology (COBIT), Federal Financial Institutions Examination Council (FFIEC), Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), American Institute of Certified Public Accountant’s (AICPA) Trust Services Principles & Criteria (Security, Availability, Processing Integrity, Confidentiality, & Privacy).
Professional Affiliations
Member, Institute of Internal Auditors (IIA)
Member, Information Systems Audit and Control (ISACA)
Education
- B.A. in Accounting and Marketing, Texas Wesleyan University