Principle Consultant

• Apr 2022 - Present

Independent Consultant

• May 2020 - Present

Consulting services in the fields of cybersecurity, IT audit, ITGC, operational audit, IT security & risk management, user access management, segregation of duties, project implementation reviews, system integrations, and system configurations. Notable items are: • Implementation of ISMS based on ISO 27001 and design of policies, processes & controls, leading up to ISO certification. • As part of full-scale cloud migration of mainframe and other applications of a bank, review of SOC reports of cloud vendors to identify/define complimentary user entity controls (CUEC). • Implementation of SOD Risk Management process, including defining SOD matrix, evaluating methods & tools for SOD analysis, and designing mitigating controls. • Data analytics of Concur expense reporting data. • Review of Concur SOC report for exceptions and assessment of residual risk after factoring CUEC. • Security audits for network firewalls - including review of firewall configuration, rule management, change controls, admin access controls, vulnerability & event monitoring, and firewall devices’ life cycle management. • IT audits of cloud applications pertaining to classification, anonymization, encryption, and obfuscation of data; secure application development; privileged access controls, system log reviews; vulnerability scanning, security event / incident alerts; and incident responses. • Review of end user security plan of Workday Financials, its roles and system transactions for criticality to SOX compliance & SOD risk exposure. • Review of process and technology deployed for data extraction, data transformation, and data transmission to intermediate file exchange services and to target systems from multiple sources. Evaluation of security, controls, and error handling procedures in the entire supply chain of data conversion. Assessment of data conversion validation procedures & methods. • Risk assessment of deployment of over 5000 HVDs (hosted virtual desktops). Show less

Director, Global IT Audit

• Jul 2018 - Mar 2020

Direct, manage and oversee the planning and execution of Information Technology audits | Control assurance and risk assessments of IT and project management processes | Collaborate with system implementation teams to assist with system security configurations and application controls | Team skill management to be ready with responses to ever changing digital landscape | Implementation of compliance activities and programs on a global basis | Cybersecurity assessment based on ISO 27001 & ISO 27002 | GDPR compliance assessment | S4/HANA migration. Show less

Director, Internal Controls & Global Compliance

• Sep 2010 - Jun 2018

Direct, manage and oversee the planning and execution of SOX reviews | Control assurance and risk assessments globally across business, IT and project management processes | Develop and deliver internal controls and SOD risk management training on a global basis | Develop control maturity model and spread awareness about it | Implementation of compliance activities and programs on a global basis | Implement process mapping practices and procedures

Manager, Internal Controls & Global Compliance

• Mar 2007 - Sep 2010

Led global SOX compliance of IT and business controls | Spearheaded GRC initiative to manage Segregation of Duties across multiple ERP systems | Provided guidance for IT and business control frameworks and their assessment | Implemented Control Self Assessment | Designed alternative assurance measures to support weak controls | Developed IT and business control evaluation frameworks | Managed SOX 302 representation framework | Yearly Internal Controls assessment planning and execution, including staffing and engagement reviews Show less

Senior Auditor

• May 2006 - Feb 2007

Conducted and managed internal controls testing at head office and plants across 20 countries.

Auditor & Disclosure Officer

• Nov 2001 - Apr 2006

Compliance audits of small and medium businesses | Specialties in Value Added Tax (VAT-GST) and underground economy audits | Audited medium and large business disclosures for compliance | Used data analytic to identify anomalies with 100% auditee concurrence | Risk based reliance on third party reports for completeness audits | Reviewed client appeals / objections and provided objective and judicious decisions | Audit planning and engagement management. Compliance audits of small and medium businesses | Specialties in Value Added Tax (VAT-GST) and underground economy audits | Audited medium and large business disclosures for compliance | Used data analytic to identify anomalies with 100% auditee concurrence | Risk based reliance on third party reports for completeness audits | Reviewed client appeals / objections and provided objective and judicious decisions | Audit planning and engagement management.