IT Compliance Lead
IBM India Pvt Ltd
Total years of experience :19 years, 1 Months
Client : General Motors (GM)
Responsibilities include :-
• Support of GM Process Compliance Management
• Process Maturity Assessment Execution ( depending on customers’ plan for deployment )
• COBIT ITIL Process Assessment
• Annual Change Record Assessment
• Provide compliance insight and guidance on issues to GCTS Functional Leads, IT Auditors, Import/Export Specialists and Project resources
• Assist the IT Auditors in the Audit and evidence gathering
• Ensure that the Management Action plans include solutions for systemic issues across the IT supplier community (not just supplier that received the comment) and the action plan is a global solution
• Determine and maintain the Audit Evidence repository
• Work with suppliers to ensure that remediation for SAS 70 findings are satisfactory
• Work with GM Compliance Management leads in developing process improvements to Compliance activities
• Maintain appropriate separation within IBM to satisfy the contractual requirements to avoid conflict of interest in Compliance Management efforts and maintain a satisfactory business / audit controls posture.
• Establish and manage effective communication with team, organization, client, management and activity stakeholders. This is to include keeping IBM IIM-OM Management informed of any client issues.
• Review Compliance Management activities prior, during, and subsequent to their execution to consider if any solutions can be implemented to increase efficiency, effectiveness, and / or standardization.
The internal audit department reports to the Audit Committee of Northern Trust Corporation and executes all audit projects approved by the board. Working in a virtual team of IT Auditors based out of Chicago, I am the only IT auditor in Bangalore and am primarily responsible for the execution of all IT audit projects in Asia-Pacific region. I also participate and often lead IT audit projects in North America and EMEA.
IT Audit Projects include :-
1. SAS 70 IT
2. SOX 404 IT
3. Information Security Audits
4. Application Audits
5. Vendor Security Audits
6. Network Audits
7. ITGC Audits
8. Infrastructure Audits (Windows, Mainframe, AS400 etc)
Responsibilities include :-
• Execute IT Audit Projects approved by the Audit Committee and primarily responsible for execution of all IT Audits in APAC, along with projects in North America and EMEA regions.
• Work independently and lead assignments/projects of moderate to high complexity following the audit methodology.
• Develops a budget and/or timeframe for how audit will be completed.
• Prepare for the audit by assessing risk within an area prior to the audit taking place.
• Conducts and documents information system application audits throughout the corporation, including the more complex and high risk areas.
• Conducts test of controls of business units to ensure measures are taken to minimize risk of financial loss.
• Utilizes operational understanding of various business units to ensure operations, services and systems have proper audit controls in place.
• Communicates with partners at all levels, developing and presenting recommendations on operations and controls for the business unit.
• Conducts meetings with business unit management to discuss audit results.
• Applies analytical skills to review information and determine potential control weaknesses.
• Primarily responsible for performing remote ITGC Audits for KPMG for a number of their clients in the US. The job involves testing IT General Controls (SAS70, SOX), developing standards for vulnerability assessment, vendor security (ISO27001) etc.
• Reviewing the work papers prepared by the Associates and hand over the work package (Lead Sheet and Marked-up PBC) back to the US Team ensuring accuracy and timely deliverables.
• Gained sound understandings on ITIL, SAS70, SOX 404 Audit process, ISO 27001 methodologies and Cobit framework.
• Devised a strategic training plan for all future new hires to the project and also developed training material.
• Responsible for providing and ensure that internal and external user accesses are current, authorised and correctly used (including monitoring) on more than 35 different applications.
• Duties will include RACF security administration - including creating, amending and deleting ACF2 & RACF profiles, Active Directory, MS Exchange, AS400 and other company specific Unix and Oracle applications.
• Co-ordinate with other teams (ADABAS, Unix, Oracle, Reactive Ops, 2nd line support, project, virus issues) Participate in projects to make them compliant with SOX security administration processes and/or policies. Improve security within those projects.
• Have worked in the Head Office of Allianz Insurance Plc UK in Guildford, UK and was a part of transition of the project to India.
Responsible for providing support for customers on operation or maintenance of Dell products like desktops and notebooks. Assist customers by diagnosing problems, and providing resolutions for technical and service issues. Responsible for customer satisfaction through effective handling of customer problems. Ensure proper escalation procedures are followed. Perform work in accordance to standardized policies and procedures. Work requires strong analytical ability to resolve complex technical issues in addition to effective communication skills.