David Lehmann Global Leader, Technology Audit & Advisory David is a Managing Director leading Protiviti’s Global Technology Risk & Internal Audit practice, bringing deep expertise in helping organizations strengthen governance, bolster cybersecurity readiness, and enhance the effectiveness of their internal control environments. He oversees the delivery of complex engagements spanning internal audit co-sourcing, SOX/ICFR compliance, IT governance reviews, cybersecurity program maturity assessments, and enterprise risk management initiatives. David’s client portfolio encompasses a broad cross section of the financial services sector—including global banks, asset managers, broker dealers, and insurance organizations—as well as major consumer products, technology and media companies navigating fast evolving regulatory, operational, and cyber risk landscapes. Known for translating technical risk issues into actionable business insights, he is also a frequent industry speaker on cybersecurity trends, emerging business and technology risks, and the evolution of next generation, AI-enabled internal audit functions. Across every engagement, he focuses on partnering with executives to strengthen trust, improve operational resilience, and building risk aware cultures that support long term organizational performance.Major ProjectsManaged multi-year, global Internal Audit co-sourcing relationships across banks, fintechs, asset managers, and broker/dealers.Directed compliance readiness engagements across industries (e.g., SOX/ICFR, SOC 2) and re-engineered IT controls to strengthen governance and risk management.Delivered strategic advisory services and implementation of AI-related tools and capabilities for Internal Audit departments, helping to accelerate and transform their audit approach.Led multi-entity cybersecurity program audits and readiness under NYDFS Part 500 for a diversified insurance group; coordinated annual audit across 14 environments and delivered executive reporting and remediation roadmaps.Supported technology-related aspects of public company readiness for multiple clients across a range of industries.Areas of ExpertiseInternal AuditArtificial Intelligence CapabilitiesTechnology RiskCybersecuritySOX / ICFR ComplianceGovernance, Risk & Compliance (GRC)Industry ExpertiseFinancial Services: Banking, Asset Management, Broker/Dealers, InsuranceConsumer ProductsTechnology and MediaEducationB.S. – Accounting, Binghamton UniversityProfessional Memberships and CertificationsCertified Public Accountant (CPA), New York StateMember, Information Systems Audit and Control Association (ISACA)Member, Institute of Internal Auditors (IIA)
