avatar for Theresa Grafenstine

Theresa Grafenstine

Global Audit Leader for Cyber, Resiliency & Third Parties
Terry Grafenstine has over 27 years of experience in the internal auditing and information technology profession. Terry joined Citi as a Chief Auditor in April 2019 and has global responsibility for providing assurance on Cybersecurity, Resilience, and Third-Party Risk Management.​ ​
Before joining Citi, Terry was a Managing Director in Deloitte’s Risk and Financial Advisory practice where she provided executive coaching to Chief Audit Executives across all commercial industries and IT audit, risk, and governance advisory services to senior leaders in the defense and national security space. Prior to joining Deloitte, Terry served for eight years as the appointed Inspector General of the U.S. House of Representatives, where she designed, managed, and delivered audit and investigative services, including a comprehensive cyber assurance program. ​ ​
Through her leadership roles as ISACA’s Global Chair, as a member of the AICPA board of directors, and as a founding board member of the IIA’s American Center for Government Auditing, Terry has helped to advance the information technology, governance, internal auditing, and accounting professions and speaks globally on cybersecurity, internal auditing, leadership, and risk. In 2019, the Institute of Internal Auditors (IIA) recognized Terry as one of the “Top Ten Audit Thought Leaders of the Decade” and also inducted Terry into their Hall of Distinguished Audit Practitioners, the highest honor given by the IIA’s North American board for the accomplishments and contributions made by individuals to advance the internal audit profession. She has received numerous awards and accolades, including FedScoop’s “Golden Gov Federal Executive of the Year,” the Greater Washington DC Society of CPAs “Government CPA Leader of the Year”, the NY Metropolitan ISACA Chapter’s “Joseph J Wasserman Cyber and Governance Leader of the Year,” and ISACAs “Common Body of Knowledge” and “Best International Conference Speaker of the Year” awards. ​

Terry holds a bachelor’s degree in Accounting from Saint Joseph’s University (Philadelphia, PA) and is a Certified Public Accountant (CPA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified In Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), and Chartered Global Management Accountant (CGMA).​