Apr 2017 – Jul 2017 · 3 mos · Brisbane, Australia

Nov 2014 – May 2016 · 1 yr 6 mos · Noida Area, India

• Supervisory review of the observations, draft reports and testing performed by the team members on various IT audit/ risk management engagements.
• Creation of project allocation, budgeting sheets along with development of bids & proposals.
• Assisting Senior Management in development of practice wide training calendar along with imparting training at an all India level for the team on technical as well as behavioral aspects.
• Performance evaluation, development planning, coaching and mentoring of the resources who had been assigned to specific projects.
• Project Manager for SSAE 16 (Type 1 & Type 2) engagements for leading IT solution provider covering International and Domestic locations with a dedicated team of 9 members assigned. The overall responsibilities and duties included:
• Development of the project plan and testing attributes.
• Tracking the project milestones as per agreed timelines.
• Regular updates to resolve bottlenecks and to highlight potential issues.
• Review of the testing performed by the team members.
• Preparation of the final report.
• Project Manager for a Data Centre review for a leading IT solutions provider. The scope of the audit included:
• Assessing the current state of the process and identifying areas of improvement.
• Management & governance of the IT infrastructure.
• Review of Logical, Physical and Environmental controls.
• Review of Power management and BCP/DR plans.
• SOX Compliance audit for a leading Business Process Outsourcing client. The scope included ERP application used for financial reporting. Testing of specific business application and automated controls was also performed. The testing was performed on the following domains: Access to Programs & Data, Program Changes, Program Development & Computer Operations.

May 2014 – Nov 2014 · 6 mos · Noida Area, India

• Supporting the Onshore IT Audit team on Management testing for a leading US employment agency. The engagement included:
• Testing & review of evidences received from the onshore team.
• Maintaining and publishing Dashboards on the progress of the offshore team.
• Compilation of work papers.
• Discussing the way forward on the observations noted with the concerned process owners.
• Assessing an Indian entity of the client for Internal Controls over Financial Reporting. The work performed included:
• Understanding the Business and IT environment.
• Identification of the Key Controls.
• Testing and Validation the controls from a design and operating effectiveness perspective.
• Closing on the findings with the process owners.
• Preparing the final report.

Jan 2014 – Feb 2014 · 1 mo · Singapore

• Gap assessment for a leading Malaysian Bank (Based in Singapore) in order to comply with Monetary Authority of Singapore Notice 644 and Technology Risk Management Guidelines. The engagement included:
•  - Gap assessment of the existing processes with respect to the guidelines
•  - Agreeing on the Gaps identified with the C level executives
•  - Drafting Recommendations with respect to the gaps identified.

Apr 2013 – May 2014 · 1 yr 1 mo

• Team Lead for a SOX compliance audit for two consecutive cycles for the Online Travel Agency and part of this audit for three years.
• Part of the two member team from KPMG that assisted a leading US Conglomerate in formulating a new Risk Control Matrix that would be used as a baseline for evaluating compliance and maturity level of the third parties serving it. The exercise involved:
• Understanding the perspective of the conglomerate on what needs to be checked and verified for a
• particular requirement
• Discussion on the ways a control is implemented and what needs to be checked based on
• maturity of the vendor being audited
• Defining controls for requirements against Industry best practices
• Defining the test procedures on how to test a particular control.
• Business Systems Controls Review for a leading Tobacco Manufacturer. The engagement included:
• Analyzing the current processes in place
• Evaluating of the risks within the current processes
• Negative testing in order to bypass the current controls
• General IT controls review.
• Team Lead for an Information Governance Assessment for two consecutive years. He led the engagement in 2012 with a team of 5 members. In 2013, He was also the member of the Core team that was managing this audit for 6 different providers. The main responsibilities included:
• Providing insights to the team on the aspects to be tested
• Maintaining consistent approach of project execution across the 6 vendors
• SME in case of any queries or challenges in terms of testing.

Jun 2010 – Mar 2013 · 2 yrs 9 mos

• SOX Compliance audit for an Online Travel Agency (OTA) and Pharmaceutical client. The scope included homegrown applications and leading ERP’s used for financial reporting. Testing of specific business application and automated controls was also performed. The testing was performed on the following domains: Access to Programs & Data, Program Changes, Program Development & Computer Operations.
• General IT control testing for clients in Manufacturing, FMCG & BFSI sectors utilizing different ERP’s and applications as part of Statutory Audit.
• Information Governance assessments for a leading US Conglomerate for four years which had outsourced its processes to leading IT solution providers in India. The engagement involved validating and evaluating the compliance level of the IT solution providers in India vis-à-vis the requirements laid down by the conglomerate which were based on best practices of Information Security (ISO 27001). The specific domains tested were:
• Incident Management
• Internal Audit
• Data Security
• Organization Management & Performance measurement
• Asset Governance
• Business Continuity & Disaster Recovery
• IT Security policy review for a leading Oil & Gas client which included developing of policies and procedures as per Government of India guidelines and Information Security best practices. Aligning the policy with the actual process in place. He has performed this engagement for two consecutive years.
• Assisted a leading BPO in India to gauge the level of Information Security Awareness & Behavioral quotient when dealing with Information Security. The engagement involved interviewing the BPO employees against various levels and then assessing their response against frequent and common information security breaches along with executing social engineering techniques to gain access to restricted areas.