Manager
Wipro
Total years of experience :17 years, 10 Months
My primary focus is on to Information Security Management, Business Continuity Planning and Disaster Recovery Advisory / Review, Implementing and Operationalizing Vendor Risk Management Programs, IT Audits & Application Controls - forming a part of financial audits, SAP Audits, SOX Compliance and Advisory reviews, SSAE 16 Attestation/Advisory, PCI-DSS advisory, ISO 27001 & BS 25999 advisory & implementation, ERP & Application reviews.
Worked on automation of GRC processes (Ent. Mgmt., Risk Mgmt. Buss. Continuity, Threat Mgmt., Vendor Risk Management, Policy & Compliance Mgmt.) on Archer Smart Suite Framework. Created Business Requirements documents (HLD/LLD), architect & developed Solutions/Applications, teste & deployed Archer Solutions.
Have successfully delivered both small and large- scale delivery project on ISO 27001 & BS 25999 Implementation.
Executed audits for IT processes covering IT planning, infrastructure and security management, change management, software management, business continuity management, physical and environmental security, access control and incident management. Experience with testing process controls within ERP applications.
Strong leadership and communication skills, with ability to effectively interact with individuals at all levels.
• Was instrumental in setting up the IT Audit and BCM Function within the Group.
• Responsible for planning, organizing and managing Internal Audit assignments for Amicorp Group.
• Facilitated the development of a governance framework for BCM including performance indicators & reporting frequency for 19 locations in line with local regulatory requirements.
• Successfully handled the IT and Information Security due-diligence and audits by the IPO sponsors and Stock Exchange of Hong Kong Limited.
• Lead the risk assessment exercise and analyzed the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on the business.
• Designed and executed tests to validate identified system control features, which may require re-performance of system processes to evaluate the effectiveness of the relevant technology controls.
• Documented the results of the test steps executed and review the work of other auditors to ensure it meets auditing standards. Reporting of progress and results of the review to technology and business stakeholders.
Governance, Risk and Compliance Management Consulting
Risk Advisory Services
Security Strategy & Risk Advisory