Matt Gilbert

Matt Gilbert

Principal, CISA, CRISC, CMMC Leader · +1 (410) 960 2716
Leave a messagearrowCreated with Sketch.

Matt is a principal in Baker Tilly’s risk and internal audit consulting practice. Matt joined Baker Tilly in 2020 and previously worked in an international firm’s risk assurance practice for 18 years. Matt leads our Cybersecurity Maturity Model Certification (CMMC) and Government Contractor IT Risk suite of services. He has led IT audits and cybersecurity assessments for large primes down to smaller 8A contractors.  Matt’s expertise includes internal auditing, SOX compliance, information technology controls, business process controls, and ERP risk and controls.   Examples of these engagements include CMMC Readiness assessments, 800-171 implementation projects, 800-53 based ATO readiness reviews, IT Risk assessments, Sarbanes-Oxley compliance, internal audit, pre- and post-implementation assessments, and privacy assessments for clients.

Matt is actively engaged in supporting government contractors, grant recipients, state and local governments and federal agencies navigate the CMMC requirements but has extensive experience supporting NIST 800-171 and 800-53 related assessments.  Matt has also run fully co-sourced internal audit engagements for large clients (multi-billion dollars in revenues) in the government contracting industry.

  • Led the internal audit team for a large prime Aerospace & Defense firm and large technology services firm
  • Led the transformation project of a large technology company to redesign customer data handling and contractual compliance efforts creating an effective second line of defense
  • Led NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC) readiness assessments for government contractors
  • Led technology reviews at companies ranging from mid-size organizations to the largest corporations using Firm methodology or standard frameworks such as COSO, COBIT, ITIL, NIST SP 800-53, NIST SP 800-171 or ISO 27000
  • Developed standard work programs for the Costpoint ERP utilized by numerous government contractors. The work programs include automated configurable controls over all the business cycles (e.g. financial reporting, order to cash, procure to pay, hire to retire, etc.)
  • Conducted pre and post implementation reviews of business system implementations and significant upgrades for projects as large as $20M including Oracle, SAP and PeopleSoft ERPs
  • Performed or managed technical audit projects including detailed security configuration reviews over operating system, database or application configurations
  • Developed cybersecurity strategy and service catalogs aligned to business objectives and risk tolerance levels
  • Enhanced data protection capabilities through risk-driven data classification and control requirements
  • Created a proprietary Segregation of Duties testing tool and associated test cases used by to assess user access within the Costpoint ERP
  • Ran a controls integration and user access design and workstream over 2 years for a large prime contractor as part of their consolidation of two large and extremely complex SAP environments into a single instance
  • Information Systems Audit and Control Association (ISACA)
  • Institute of Internal Auditors (IIA)

Location

Washington DC

Education

Bachelor of Science in decision information systems, University of Maryland

Bachelors of Science in accounting, University of Maryland