Nov 2024 – May 2026 · 1 yr 6 mos · Canada · Remote

• Responsible for identifying key risks by testing IT General Controls (ITGC) to ensure compliance and alignment with audit objectives.
• Conducted testing of ITGCs across security, change management, and IT operations, producing evidence and maintaining it in a centralized repository based on monthly, quarterly, and recurring requirements.
• Performed sampling for user provisioning, password policy enforcement, and privileged access reviews, presenting audit findings and remediation recommendations to management.
• Gained hands-on experience analyzing SOC 2 reports, interpreting control effectiveness and extracting relevant details for audit assessment.
• Verified HR controls including onboarding of new employees, access for existing employees, and timely de-provisioning of terminated employees.
• Identified and escalated red flags during engagements to prevent gaps in compliance and operational controls.
• Led walkthroughs with control owners, and documented Test of Design (TOD) and Test of Effectiveness (TOE) procedures.
• Collaborated with process owners, internal audit teams, management, and external auditors to evaluate and validate audit findings.
• Produced high-quality work papers that enhanced reliance on evidence and supported audit conclusions.
• Reviewed User Access Management and Change Management documentation, analyzed audit evidence, and reported findings.
• Performed monthly and quarterly execution of ITGC controls, ensuring consistent compliance testing.
• Guided team members, reviewed deliverables, and communicated findings effectively to stakeholders.
• Led communications with senior management and external auditors, tracked regulatory changes, and identified emerging risks for continuous improvement.
• Audited governance processes including Risk Management, Incident/Change/Problem Management, Patch Management, Identity & Access Management, Backup & Recovery, and Vulnerability Management in alignment with SDLC and frameworks.

Nov 2021 – Jun 2023 · 1 yr 7 mos · India · Remote

• Supported the audit team in executing ITGC testing and preparing evidence repositories for monthly and quarterly control reviews.
• Assisted in user access and change management reviews, ensuring compliance with IT security policies.
• Participated in walkthroughs with control owners and documented processes to understand design of controls.
• Helped perform sampling checks for access provisioning, password compliance, and terminated user deactivation.
• Verified HR-related IT controls for new hires, existing employees, and terminated employees.
• Assisted in performing Tests of Design (TOD) and Tests of Effectiveness (TOE) for ITGC controls, ensuring accuracy of sampling and population completeness.
• Coordinated with control owners to collect required evidence and followed up on remediation activities.
• Developed working knowledge of audit methodologies, and risk management frameworks.
• Gained exposure to analyzing SOC2 reports and identifying key areas of risk.
• Provided support in audit reporting and documentation, ensuring all findings and test results were tracked.
• Shadowed senior auditors in performing risk assessments and identifying potential deficiencies.