# Samba Ganne, CISA

> Cybersecurity & Technology Auditor| Information Security, Privacy, SOX Compliance Leader|

Location: San Jose, California, United States
Profile: https://flows.cv/sambagannecisa

## Work Experience
### IT Auditing & Compliance @ TriNet
Jan 2022 – Present | Dublin, California, United States
•	Served as an advisor on data retention, privacy, IT security, IT governance and other IT-related risk areas.
•	Led IT Risk Assessment team; developed annual audit plan and prioritized risk initiatives.
•	Worked with management team to develop corporate policies as a part of SOC 2 readiness project.

•	Designed security controls relating to ISMS.
•	Developed policies for the Data vault as a part of GDPR privacy initiative.

•	Planned and coordinated the network penetration test.

•	Presented the vulnerabilities to the process owners and planned for remediation.

•	Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for SOX reviews.

•	Facilitating the implementation of the operational risk methodology used for identifying risk and assessing the effectiveness of the client’s operational risk capital for both expected and unexpected losses on a periodic basis.

•	Led the workstream in projects, the rollout of various policy and system implementations.

•	Partnered with management across departments and influenced positive changes to optimize business and IT processes.

•	Managed operational process reviews, privacy assessments and ad-hoc projects such as the reviews of BCP/DRP, software license compliance, user termination, pricing approval and insider trading processes.
•	Tested and documented the SDLC controls

### IT Audit Specialist @ Lumentum
Jan 2020 – Jan 2022 | San Jose, California, United States
•	Designed the group policies/security roles and worked with the implementation team to provide the appropriate functions for the users 
•	Tested and documented the workday HR controls
•	Automated the error resolution process for the interface between Workday and Oracle ERP
•	Collaborated with IT department to automate manual controls as automated controls 
•	Performed and documented the operational audits
•	Acted as a subject matter expert in internal controls (business, technology, and entity level) over financial reporting.
•	Collaborated with cross-functional teams to stay up to date on changes that may impact audit priorities and the controls' effectiveness.
•	Managing the efforts in advancing methodologies and practices for increased efficiencies and effectiveness of audit activities, including control optimization and automation.
•	Coordinated with the cross-functional teams (tech compliance and internal audit) to ensure sufficient risk coverage and minimize duplication of work.

•	Served as an advisor on data retention, privacy, IT security, IT governance and other IT-related risk areas.
•	Led IT Risk Assessment team
•	developed annual audit plan and prioritized risk initiatives.
•	Worked with management team to develop corporate policies as a part of SOC 2 readiness project.

•	Designed security controls relating to ISMS.
•	Developed policies for the Data vault as a part of GDPR privacy initiative.


•	Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for SOX reviews.

•	Facilitating the implementation of the operational risk methodology used for identifying risk and assessing the effectiveness of the client’s operational risk capital for both expected and unexpected losses on a periodic basis.

### IT Security & Compliance @ Various Companies
Jan 2018 – Jan 2020 | Milpitas, California, United States
•	Worked with management team to develop corporate policies as a part of SOC 2 readiness project.

•	Designed security controls relating to ISMS.
•	Developed policies for the Data vault as a part of GDPR privacy initiative.

•	Planned and coordinated the network penetration test.

•	Presented the vulnerabilities to the process owners and planned for remediation.

•	Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for SOX reviews.

•	Facilitating the implementation of the operational risk methodology used for identifying risk and assessing the effectiveness of the client’s operational risk capital for both expected and unexpected losses on a periodic basis.

•	Led the workstream in projects, the rollout of various policy and system implementations.
•	Led IT Risk Assessment team; developed annual audit plan and prioritized initiatives.

•	Partnered with management across departments and influenced positive changes to optimize business and IT processes.

•	Managed operational process reviews, privacy assessments and ad-hoc projects such as the reviews of BCP/DRP, software license compliance, user termination, pricing approval and insider trading processes.

•	Served as an advisor on data retention, privacy, IT security, IT governance and other IT-related risk areas.

### Senior Manager IT Compliance @ Fortinet
Jan 2016 – Jan 2018 | Sunnyvale, California, United States
•	Work with various risk and information security teams in presenting recommendations for improvement to technology subject matter experts and management
•	Interfaces with Senior Management inside Symantec to help set strategy and participates in varied roles to support internal business development
•	Develop and execute Cloud Information Security strategy to proactively identify risk and drive remediation
•	Develop horizontal view of risk posture across multiple technology domains
•	Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the cloud operating model
•	Act as point of contact to executive leadership for dimensioning, managing and driving remediation of information security risk within the context of the Citi Cloud infrastructure

### Senior Information Technology Audit Manager @ VIAVI Solutions
Jan 2014 – Jan 2016 | San Jose, California, United States
•	Optimized the key report testing by using “Baseline” approach, resulted in decreased testing by 10% and saved external audit fees.
•	Decreased IT application controls by 3% based on “WOW” methodology.
•	Increased external audit’s reliance on Internal Audit’s work to 63% from previous 50% saving a combined $500 k in audit fees and reducing the number of IT SOX deficiencies by 95%.
•	Developed system implementation template to audit the IT Governance, SDLC process.
•	Managed IT SOX Projects including assigning tasks, supervising staff, monitoring the project budget, and communicating project status and issues to management and external auditors.
•	Collaborated with IT organization in implementing programs, policies, and procedures to ensure compliance with governance, corporate policies, and procedures.
•	Developed system controls template to audit the IT projects to make sure the IT organization covers all the risks associated with the projects and follow SDLC methodology.
•	Conducted risk-based assessments around JDSU IT Control environment in the areas of system development and change, logical security, computer operations, and specific application-level controls.
•	Developed detailed narratives and assisted in diagramming process flows through documentation of work.

### Information Technology Specialist @ Various Companies
Jan 2013 – Jan 2014 | Emeryville, California, United States
•	Collaborated with financial and information technology business process owners to ensure internal controls are in place and operating effectively.
•	Performed risk and Sox impact assessment for Revenue-driven and Revenue impacting projects, prepare and present project risk assessment to internal and external auditors.
•	Performed scoping, and provide recommendation for implementation of processes or controls to mitigate identified risk.
•	Developed detailed narratives and assisted in diagramming process flows through documentation of work.
•	Audit services performed included walkthroughs of client’s IT infrastructure systems and processes, risk assessments, testing the effectiveness of internal controls, and evaluating any deficiencies.
•	Audit services performed included walkthroughs of client’s IT infrastructure systems and processes, risk assessments, testing the effectiveness of internal controls, and evaluating any deficiencies.
•	Tested and documented the Key report testing for accuracy and completeness.

### Design Manager @ Cisco
Jan 2008 – Jan 2013 | San Jose, California, United States
•	Responsible and accountable for the coordinated management of multiple related projects directed toward strategic business and other organizational objectives.
•	Identified the Key Control Activities and worked closely with IT SOX team for operational effectiveness testing.
•	Worked closely with GBPO (Global Business Process Owners) and sox team to mitigate any operational deficiencies.

### Business Systems Analyst @ Verisign/Coherent
Jan 2005 – Jan 2007 | San Jose, California, United States
•	Led IT SOX compliance efforts, significantly reducing the audit findings through automation and enforcement of new policies and processes.
•	Executed, developed method and approach, participated and project managed SOX 404 regulatory compliance
•	assessments, and IT Control validation for customers.

### Business Systems Analyst, ERP implementations @ Sun Microsystems & Various
Jan 1997 – Jan 2005 | Newark, California, United States
•	Managed scope, end user expectations, and provided work estimates to manage team to support analysis.
•	To meet corporate financial goals, customer needs, and business requirements, provides analysis, design, and build, supporting Oracle and other packaged and custom applications.
•	Report and present development progress to senior management and business leaders to provide technical expertise and innovative strategies.
•	Led a team to implement Order to cash.
•	Extensively written Functional Specifications for the gaps identified in the business processes.
•	Managed billing process with timely production of invoices, invoice approval, and interface of invoices to Oracle AR.
•	Analyzed problems and identified solutions for the project.
•	Successfully implemented all the setups relating to the Account Receivables module.


## Education
### Bachelor of Technology - BTech in Mechanical Engineering
Acharya Nagarjuna University


## Contact & Social
- LinkedIn: https://linkedin.com/in/sambaganne

---
Source: https://flows.cv/sambagannecisa
JSON Resume: https://flows.cv/sambagannecisa/resume.json
Last updated: 2026-04-13