Experience

• 

  Hcltech

  Nov 2005 - May 2011

  Senior technical support officer
• 

  Iyogi

  May 2011 - Oct 2012

  Technical specialist
• 

  Hcltech

  Oct 2012 - Jun 2014

  Senior specialist
• 

  Ibm

  Jul 2014 - Nov 2021

  Conduct Audits on Information Technology General Controls (ITGCs) and determine if controls are designed and operating effectively.Manages audit activities and work on various audits and projects in different phases.Review Audit evidence when received to verify accuracy and completeness.Articulating audit findings and remediation activity to senior management.Review ISAE 3402 report on company's “ITGCs” and on the suitability of the Design and Operating Effectiveness of Controls. Show less

  • Senior Information Technology Auditor

    Jul 2019 - Nov 2021

  • Security Delivery Specialist

    Jul 2017 - Jul 2019

  • Audit and Compliance Focal

    Jul 2014 - Jul 2017
• 

  Pwc

  Dec 2021 - now

  Assistant manager

  Responsible for the IT risk and controls deliverables, part of operational Risk Management performing advisory/assurance activities which includes Risk assessment (Applications, interfaces and processes), control design, control implementation, control operation and control documentation. Supports projects with the categorization (PIRA), assessments (BIA/LRA) and mitigation of risks through Selection/Design of Controls.Reviewing Project charter, Project tier rating in Archer tool.Assessing the business impact of the identified risks through the risk assessment process (Business Impact Assessment) and Legal and regulatory assessment). Performing Service classification.Determine the likelihood by assessing threat and vulnerabilities.Response to identified risks and mitigation through control objectives.Documenting actual control procedure and work instructions.Performing continuous risk identification and evaluation.Performing Interface assessment, SAHLD assessment.Review of assurance reports (ISAE 3402, SOC2 Type2, SOC2 Type1, SOC1 Type2, ISO27001 and PCI AOC).Validating the use of production data in NPE environment.Performing Privacy Impact Assessment (PIA) and Deep level assessment (DLA).Decision on security assessment like Pen test, Vulnerability assessment and Code scanning.Track finding closure, obtaining risk acceptance, action plan to close finding.Generating control set based on risk profiles and selection and deployment of relevant controls to ensure acceptable risk mitigation.Delivers on-boarding and compliance validation services for Suppliers providing 3rd party services.Providing expert advice on the selection, design, implementation and operation of actual controls based on risk assessment outcome.Implementation of designed controls and handover to relevant organization for agreement to operate sign-off.Ensuring controls are designed and operated effectively.Project handed over to BAU and agreed to deploy. Show less