Rehan Khan

Experience

• 

  KPMG India

  Jun 2010 - May 2014

  Team Lead for a SOX compliance audit for two consecutive cycles for the Online Travel Agency and part of this audit for three years. Part of the two member team from KPMG that assisted a leading US Conglomerate in formulating a new Risk Control Matrix that would be used as a baseline for evaluating compliance and maturity level of the third parties serving it. The exercise involved:- Understanding the perspective of the conglomerate on what needs to be checked and verified for a particular requirement- Discussion on the ways a control is implemented and what needs to be checked based on maturity of the vendor being audited - Defining controls for requirements against Industry best practices- Defining the test procedures on how to test a particular control.Business Systems Controls Review for a leading Tobacco Manufacturer. The engagement included:- Analyzing the current processes in place- Evaluating of the risks within the current processes- Negative testing in order to bypass the current controls- General IT controls review.Team Lead for an Information Governance Assessment for two consecutive years. He led the engagement in 2012 with a team of 5 members. In 2013, He was also the member of the Core team that was managing this audit for 6 different providers. The main responsibilities included:- Providing insights to the team on the aspects to be tested- Maintaining consistent approach of project execution across the 6 vendors- SME in case of any queries or challenges in terms of testing. Show less SOX Compliance audit for an Online Travel Agency (OTA) and Pharmaceutical client. The scope included homegrown applications and leading ERP’s used for financial reporting. Testing of specific business application and automated controls was also performed. The testing was performed on the following domains: Access to Programs & Data, Program Changes, Program Development & Computer Operations.General IT control testing for clients in Manufacturing, FMCG & BFSI sectors utilizing different ERP’s and applications as part of Statutory Audit.Information Governance assessments for a leading US Conglomerate for four years which had outsourced its processes to leading IT solution providers in India. The engagement involved validating and evaluating the compliance level of the IT solution providers in India vis-à-vis the requirements laid down by the conglomerate which were based on best practices of Information Security (ISO 27001). The specific domains tested were:- Incident Management- Internal Audit- Data Security- Organization Management & Performance measurement- Asset Governance- Business Continuity & Disaster RecoveryIT Security policy review for a leading Oil & Gas client which included developing of policies and procedures as per Government of India guidelines and Information Security best practices. Aligning the policy with the actual process in place. He has performed this engagement for two consecutive years.Assisted a leading BPO in India to gauge the level of Information Security Awareness & Behavioral quotient when dealing with Information Security. The engagement involved interviewing the BPO employees against various levels and then assessing their response against frequent and common information security breaches along with executing social engineering techniques to gain access to restricted areas. Show less

  • Consultant

    Apr 2013 - May 2014

  • Associate Consultant

    Jun 2010 - Mar 2013
• 

  KPMG Singapore

  Jan 2014 - Feb 2014

  Senior Associate

  Gap assessment for a leading Malaysian Bank (Based in Singapore) in order to comply with Monetary Authority of Singapore Notice 644 and Technology Risk Management Guidelines. The engagement included: - Gap assessment of the existing processes with respect to the guidelines - Agreeing on the Gaps identified with the C level executives - Drafting Recommendations with respect to the gaps identified.

• 

  EXL

  May 2014 - Nov 2014

  Assistant Manager

  Supporting the Onshore IT Audit team on Management testing for a leading US employment agency. The engagement included:- Testing & review of evidences received from the onshore team.- Maintaining and publishing Dashboards on the progress of the offshore team.- Compilation of work papers.- Discussing the way forward on the observations noted with the concerned process owners.Assessing an Indian entity of the client for Internal Controls over Financial Reporting. The work performed included:- Understanding the Business and IT environment.- Identification of the Key Controls.- Testing and Validation the controls from a design and operating effectiveness perspective.- Closing on the findings with the process owners.- Preparing the final report. Show less

• 

  Grant Thornton India LLP

  Nov 2014 - May 2016

  Assistant Manager

  Supervisory review of the observations, draft reports and testing performed by the team members on various IT audit/ risk management engagements. Creation of project allocation, budgeting sheets along with development of bids & proposals.Assisting Senior Management in development of practice wide training calendar along with imparting training at an all India level for the team on technical as well as behavioral aspects.Performance evaluation, development planning, coaching and mentoring of the resources who had been assigned to specific projects.Project Manager for SSAE 16 (Type 1 & Type 2) engagements for leading IT solution provider covering International and Domestic locations with a dedicated team of 9 members assigned. The overall responsibilities and duties included:- Development of the project plan and testing attributes.- Tracking the project milestones as per agreed timelines.- Regular updates to resolve bottlenecks and to highlight potential issues.- Review of the testing performed by the team members.- Preparation of the final report. Project Manager for a Data Centre review for a leading IT solutions provider. The scope of the audit included:- Assessing the current state of the process and identifying areas of improvement.- Management & governance of the IT infrastructure.- Review of Logical, Physical and Environmental controls.- Review of Power management and BCP/DR plans.SOX Compliance audit for a leading Business Process Outsourcing client. The scope included ERP application used for financial reporting. Testing of specific business application and automated controls was also performed. The testing was performed on the following domains: Access to Programs & Data, Program Changes, Program Development & Computer Operations. Show less

• 

  KPMG India

  May 2016 - now

  Team Lead for an ISAE 3402 (Type II) assessment for a leading IT/ITES organization for which five reports were issued. The project included performing Design and Operating effectiveness of the controls. The duties performed included:- supervising the testing performed at the client- resolving bottlenecks impacting the fieldwork- discussion and closure of observations with the client- preparation of the final report. Project Manager for third party IT governance review for leading organizations. The project included performing reviews of the organization based on the guidelines and procedures established by the Outsourcing organization. The project focus primarily on Information security, Secure development, Business continuity and Asset management.Team lead for a Business continuity engagement in which assistance is provided to the Corporate BCM team in formulating the BC / DR plans for the support functions. The engagement includes conducting workshops with the stakeholders on Business impact Analysis (BIA), Risk Assessment and recovery objectives along with designing templates for the same. Show less

  • Technical Director

    Apr 2024 - now

  • Associate Director

    Apr 2021 - Mar 2024

  • Manager

    Apr 2018 - Mar 2021

  • Assistant Manager

    May 2016 - Mar 2018
• 

  KPMG Australia

  Apr 2017 - Jul 2017

  Senior Consultant