“Whatever the problem, be part of the solution. Don’t just sit around raising questions and point out obstacles.” – Tina Fey
She holds a bachelor’s degree in Business Administration from the University of Albany, with a double concentration in Information Technology Management and a minor in Communications. She is CRISC (Certified in Risk and Information Systems Control) certified and an ISO 27001 Lead Auditor, with a strong professional focus on information security, risk management, and compliance.
Professional Experience
I have over nine years of experience in the audit industry, beginning my career at a Big Four accounting firm within the IT Risk Assurance practice, and later continuing at another public accounting firm in the Third Party Attestation group. I have performed IT financial statement audits, SOX compliance assessments, SOC 1, SOC 2, and ISO engagements across diverse industries, including banking and capital markets, insurance, wealth and asset management, and technology organizations. I have partnered with companies of all sizes to help them achieve and maintain compliance with international standards, strengthen controls, and improve governance processes. In my work, I focus on delivering practical, risk-based insights, clear communication, and efficient execution to ensure clients achieve their objectives while maintaining high-quality, reliable, and consistent audit outcomes and supporting long-term value creation.
As an auditor, I have played a key role in building and expanding my organization’s ISO practice, contributing to the development of audit methodologies and client engagements. I have successfully served over 30 audit clients across diverse industries, including, but not limited to, financial institutions, fintech companies, marketing firms, rideshare organizations, and access management service providers, providing guidance to strengthen their management systems. One notable achievement includes supporting a client that faced multiple major nonconformities in the prior year; through collaboration, coaching, and process improvements, the client not only remediated these nonconformities but also achieved multiple ISO certifications and enhanced its Information Security Management System (ISMS).
Emily Grasso experience in auditing
One of the key challenges I have faced as an auditor involved working with a client who initially struggled to understand and accept the major and minor nonconformities identified during an ISO 27001 audit. The client perceived the findings as overly critical rather than as opportunities for improvement, which created early tension and resistance during the audit process. Through open communication, clear explanations, and practical, real-world examples, we enabled the client to recognize that addressing these issues would ultimately strengthen their information security management system. Over time, their mindset shifted from reactive to proactive, resulting in meaningful corrective actions and, ultimately, a successful certification outcome.
My favorite part of auditing is problem-solving and developing practical and effective solutions that deliver measurable value. I enjoy applying lessons learned from past engagements to new clients and tailoring my approach to fit their unique environments and business objectives. The continuous learning, collaboration, and real-world application make each audit both challenging, insightful, and highly rewarding.
My future goals include earning additional ISO certifications to expand my expertise across a broader range of industries and management systems. I am also committed to mentoring and developing audit professionals within my organization by supporting their training, involving them in audit engagements, and guiding them through the PECB certification process. Through these efforts, I aim to strengthen our ISO practice, grow a high-performing team, and foster long-term client relationships.
Emily Grasso experience with MSECB
We chose to work with MSECB based on their reputation, focusing on audit quality, collaboration with their auditors, and timely delivery of certificates to our clients. MSECB is well-known for conducting high quality audits and collaborating and fostering productive and positive relationships with auditors. In my experience, MSECB has exceeded their expectations. Everyone that we have worked with has provided valuable insight, thoughtful comments, and collaborative conversation throughout the audit process. Overall, the experienceIt has been an overwhelmingly consistently positive and highly professional .
MSECB stands out through its strong commitment to collaboration and continuous development of its auditors. The organization provides comprehensive training and resources to ensure consistency and high quality across audits. MSECB maintains timely, transparent, and positive communication with its auditors, fostering trust, alignment, and a shared commitment to quality and integrity in every audit. We have had multiple scenarios where questions came up during the audit process, and MSECB was always quick to jump on a meeting with our team and discuss the situation, so that we could reach a well-aligned resolution together.
I would highly recommend others to become MSECB auditor. For me, it has been an overall positive experience, and I look forward to continuing to work with them and gaining more certifications. Everyone we have worked with has been positive, professional and incredibly knowledgeable about the ISO audit process. The team also takes a genuine interest in who its auditors, fostering not only a professional relationships, but also personal one as well, making it easy for my team and me to feel incredibly comfortable coming to them with questions, seeking guidance and insights when needed.
Build endless connections and professional networks by joining our team of over 500 MSECB Auditors.
We welcome you on board!