Tristan Jones
Senior IT Auditor specializing in AI risk assessment, threat-informed controls, and governance frameworks for financial services. 15+ years spanning infrastructure, audit, and risk advisory.
Career Arc
From building systems to auditing them to governing AI that augments the work.
IT Management
Built and managed enterprise IT infrastructure — servers, databases, networks, and end-user systems. Hands-on with the full technology stack before moving to the audit side.
IT Audit
Transitioned to IT audit under ISACA COBIT methodology. Designed and executed audits for enterprise systems, access controls, change management, and data integrity.
IT Risk & AI Governance
Specialized in threat-informed risk assessment, AI governance, and CRI Profile implementation for financial services. Building a governed AI workforce for audit automation.
What Sets This Apart
Technical Depth
I built servers and databases before I audited them. When I assess a control, I understand the system underneath it — not just the policy document.
Threat-Informed
Every assessment starts with the threat landscape, not the compliance checklist. Controls exist to mitigate specific adversary behaviors — MITRE ATT&CK is the map.
AI-Augmented
A governed AI workforce handles repetitive analysis while I focus on judgment. Same rigor I apply to client controls, I apply to my own AI agents.
Certifications
Active and in-progress credentials.
CISA
ActiveCertified Information Systems Auditor
ISACA
AAIA
ActiveAdvanced in AI Audit
ISACA
AWS AIF
ActiveAWS Certified AI Practitioner
AWS
CRISC
In ProgressCertified in Risk & IS Control
ISACA
AAIR
In ProgressAdvanced in AI Risk
ISACA