Spencer has worked in IT compliance since 2004. He provides SOC reporting, IT compliance, and consulting through IT audits and assessments to clients in the highly regulated financial services industry, prioritizing cyber and information security risks and controls.
Spencer has led risk assessments of internal IT controls related to all aspects of IT security and domains, from governance and technology strategy to data management and third-party vendor management and business continuity planning.
Spencer has strong knowledge in translating business processes into IT definitions; understanding business and IT risks; identifying, assessing, designing, and testing information technology and security controls; and defining and evaluating access security measures at operating system, database, and application layers.
Prior to joining Moss Adams, Spencer worked at a Big Four firm and led external and internal IT audits across multiple industries.