• Served as an advisor on data retention, privacy, IT security, IT governance and other IT-related risk areas.

• Led IT Risk Assessment team; developed annual audit plan and prioritized risk initiatives.

• Worked with management team to develop corporate policies as a part of SOC 2 readiness project.

• Designed security controls relating to ISMS.

• Developed policies for the Data vault as a part of GDPR privacy initiative.

• Planned and coordinated the network penetration test.

• Presented the vulnerabilities to the process owners and planned for remediation.

• Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for SOX reviews.

• Facilitating the implementation of the operational risk methodology used for identifying risk and assessing the effectiveness of the client’s operational risk capital for both expected and unexpected losses on a periodic basis.

• Led the workstream in projects, the rollout of various policy and system implementations.

• Partnered with management across departments and influenced positive changes to optimize business and IT processes.

• Managed operational process reviews, privacy assessments and ad-hoc projects such as the reviews of BCP/DRP, software license compliance, user termination, pricing approval and insider trading processes.

• Tested and documented the SDLC controls

• Designed the group policies/security roles and worked with the implementation team to provide the appropriate functions for the users

• Tested and documented the workday HR controls

• Automated the error resolution process for the interface between Workday and Oracle ERP

• Collaborated with IT department to automate manual controls as automated controls

• Performed and documented the operational audits

• Acted as a subject matter expert in internal controls (business, technology, and entity level) over financial reporting.

• Collaborated with cross-functional teams to stay up to date on changes that may impact audit priorities and the controls' effectiveness.

• Managing the efforts in advancing methodologies and practices for increased efficiencies and effectiveness of audit activities, including control optimization and automation.

• Coordinated with the cross-functional teams (tech compliance and internal audit) to ensure sufficient risk coverage and minimize duplication of work.

• Served as an advisor on data retention, privacy, IT security, IT governance and other IT-related risk areas.

• Led IT Risk Assessment team

• developed annual audit plan and prioritized risk initiatives.

• Worked with management team to develop corporate policies as a part of SOC 2 readiness project.

• Designed security controls relating to ISMS.

• Developed policies for the Data vault as a part of GDPR privacy initiative.

• Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for SOX reviews.

• Facilitating the implementation of the operational risk methodology used for identifying risk and assessing the effectiveness of the client’s operational risk capital for both expected and unexpected losses on a periodic basis.

• Worked with management team to develop corporate policies as a part of SOC 2 readiness project.

• Designed security controls relating to ISMS.

• Developed policies for the Data vault as a part of GDPR privacy initiative.

• Planned and coordinated the network penetration test.

• Presented the vulnerabilities to the process owners and planned for remediation.

• Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for SOX reviews.

• Facilitating the implementation of the operational risk methodology used for identifying risk and assessing the effectiveness of the client’s operational risk capital for both expected and unexpected losses on a periodic basis.

• Led the workstream in projects, the rollout of various policy and system implementations.

• Led IT Risk Assessment team; developed annual audit plan and prioritized initiatives.

• Partnered with management across departments and influenced positive changes to optimize business and IT processes.

• Managed operational process reviews, privacy assessments and ad-hoc projects such as the reviews of BCP/DRP, software license compliance, user termination, pricing approval and insider trading processes.

• Served as an advisor on data retention, privacy, IT security, IT governance and other IT-related risk areas.

• Work with various risk and information security teams in presenting recommendations for improvement to technology subject matter experts and management

• Interfaces with Senior Management inside Symantec to help set strategy and participates in varied roles to support internal business development

• Develop and execute Cloud Information Security strategy to proactively identify risk and drive remediation

• Develop horizontal view of risk posture across multiple technology domains

• Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the cloud operating model

• Act as point of contact to executive leadership for dimensioning, managing and driving remediation of information security risk within the context of the Citi Cloud infrastructure

• Optimized the key report testing by using “Baseline” approach, resulted in decreased testing by 10% and saved external audit fees.

• Decreased IT application controls by 3% based on “WOW” methodology.

• Increased external audit’s reliance on Internal Audit’s work to 63% from previous 50% saving a combined $500 k in audit fees and reducing the number of IT SOX deficiencies by 95%.

• Developed system implementation template to audit the IT Governance, SDLC process.

• Managed IT SOX Projects including assigning tasks, supervising staff, monitoring the project budget, and communicating project status and issues to management and external auditors.

• Collaborated with IT organization in implementing programs, policies, and procedures to ensure compliance with governance, corporate policies, and procedures.

• Developed system controls template to audit the IT projects to make sure the IT organization covers all the risks associated with the projects and follow SDLC methodology.

• Conducted risk-based assessments around JDSU IT Control environment in the areas of system development and change, logical security, computer operations, and specific application-level controls.

• Developed detailed narratives and assisted in diagramming process flows through documentation of work.