IT Internal Audit Manager
Accenture
Total years of experience :21 years, 2 Months
• Lead the APAC and Middle East region scoping, planning and execution of audits to ensure all IT audit engagements are well planned, timely executed within the budgeted time and expenses.
• Lead annual/ongoing risk assessment process to evaluate risk across the APAC and Middle East region for technology risk. Managing the IT audit risk universe and business function risk models highlighting critical areas of risk.
• Responsible to lead the APAC and Middle East IT Internal audit for internal technology, ventures and acquisitions and joint ventures audits for Accenture internal technology and client service delivery - application, operations, network, infrastructure, security and digital business.
• Partner with IT Audit Leadership and drive the continuous improvement project and department initiatives.
• Driving the departmental audit analytics agenda to perform IT audits using ACL and other similar automation tools.
• Leading the integrated audits and supporting the finance audit teams in the geography reviews from the IT scope.
• Perform audits in conformance with the IIA International Standards, corporate polices, standards, platform baselines and guidelines. Performs final quality reviews of audit test results and audit work papers in audit documentation tool.
• Follow-up and reporting of open findings with the remediation action plans for APAC IT audits to the Audit Committee.
• Ensure the effective achievement of Internal Audit IT objectives by managing performance, developing and motivating staff. Responsible for delivering team member performance feedback and creation of developmental plans.
• Provide formal quarterly feedback for the performance and ongoing informal feedback and coaching to all team members.
• Reviewing and approving the risk and control matrix along with the audit test procedures for the key IT control testing to ensure the effectiveness and efficiency of audit assignments.
• Provide formal weekly audit status updates to the Internal Audit senior management and global leads.
• Developing the complete audit approach, scope, and providing an update to the Chief Audit Executive during the audit planning meeting and obtaining formal sign off.
• Manage audit teams through concurrent operational and compliance audits, including regulatory compliance testing and internal technology consultations.
• Project Manager for SOX ITGC managing a team size of seven team members for over thirty SOX in-scope applications.
• Project Manager for core IT Infrastructure audits such as DMZ, network segmentation and firewall, OS platform audits, IPS and BCM.
• Key responsibility to perform annual risk assessment process to evaluate risk across the organization and specifically the technology risk.
• Managed testing of various ITGC controls across multiple IT environments which included testing for access controls, IT system security, incident management, patch management, change management (SDLC), backup and recovery/operations testing and physical security.
• Partner with Group Manager on the final review, development and publication of audit reports, monitoring and consultation engagements.
• Partner with technology business partners and drive the continuous improvement project initiatives.
• Ensure audit plans are designed to test key business and/or regulatory risks and controls.
• Performs final quality review of audit test results and audit work papers in Team mate.
• Lead the quarterly follow up of audit findings/exceptions and closure with mitigation action plans.
• Partner with other Assurance Teams in the scoping, planning and execution of integrated audits.
• Partner with Finance Assurance for SOX control tracking, FACT and Steering committee reporting.
• Onboarding new SOX in-scope applications to the existing enterprise wide process and controls.
• Performing 404 Assessment for IT processes and analyzing change in personnel, process and technology.
• Manage Non-SOX IT audit reporting reviews and business SSAE 16 reviews.
• Responsible for project planning and scheduling resources across projects in Team Schedule.
• Prepared and Managed engagement plans, scope and budgets for multiple projects.
• Led consulting project on job scheduler for critical applications.
• Stakeholder management with external auditors during SOX testing phases.
• Assist in driving compliance with IBM Security Standards/ client security baselines in all centers of GBS GD India. Conducting security reviews/audits and assessments of centers.
• Program Manage, driving ISO 27001 re-certification & surveillance audit risk assessment/management, vulnerability management data security & privacy proactive reviews & IT security compliance testing on ISO27001 standards
• Responsible for developing processes and standard templates and documenting them
likewise, for industry best practices & developing standard templates for capturing security requirements for GBS high risk clients.
• Responsible for developing appropriate solutions for the security requirement of GBS customers.
• Responsible to drive ISO27001 implementation across all GBS India location.
• Assist project manager during client audits and reviews; assist the security team in the Data Security & Privacy proactive reviews and audits. Respond the client RFP and RFI.
• Provide assistance and guidance to compliance officers of various centers, assist the solution team during and post client engagement
• Leading a team for projects such as vulnerability scanning, vulnerability assessments, URL filtering, threat management, and intrusion detection/prevention systems.
• Part of managed security services delivery team; the responsibilities include vulnerability assessments, penetration testing and vulnerability scanning on IBM customer as well as Internal Network.
• Scheduling vulnerability scans using Vreg, MAD (mixed address database) and ChipD
(content hosting IP database).
• Create vulnerability assessment report with exposures that were identified, severity rating of the system and suggestions to mitigate any exposures and testing known vulnerabilities.
• Regular penetration tests and vulnerability assessment using Symantec ESM, Nmap, NSA, Nessus, to test network integrity.
• Penetration testing from the IBM Internal and external interfaces from penetration testing system.
• Monthly Reviews carried out over the vulnerability assessments and Penetration testing.
• Raising CIRATS issues for remediation of high risk severity vulnerabilities in the scanner reports.
• Providing fixes and filtering the false positives for the vulnerabilities reported in the scanner reports.
• Adding new vulnerabilities to the vulnerability database for various platforms with proper exploits, verifications and references.
• Monthly KPI reporting for the vulnerability assessment and penetration testing carried out by the team.
• Securing Systems and Network (LAN and WAN) configuration of VPN with Cisco firewall as the VPN gateway.
• Capable of installing and configuring Pix Firewalls with Fail over.
• Configuring and managing the LAN networking using NAT for the shared Ethernet
• Worked on Net Screen, Cisco, and Nortel VPN client software’s.
• Installing, Configuring and maintenance of the DOCSIS complaint Cisco CMTS (Cable Modem Termination System) broadband Router.
• Planning and designing LAN/WAN networks and configuring Cisco routers, routing protocols and managing security by access-list on the routers
• Configuring and Maintaining WAN technology’s (using Routers) such as cable lines
• Installing and Configuring PIX Firewall to secure private network.
Specialties CISA ( Certified Information Systems Auditor) CEH ( Certified Ethical Hacker) ISO 27001 Lead Auditor BCCS ( Business Continuity Certified Specialist) ISO 27001 Lead Implementer Cisco Firewall Specialist MCP CCNA SOX ITGCs,SAS70, Internal Audits, ISO 27001 , Infrastructure audits, Risk Managment, Vulnerability Management, Network Security, ITIL Foundation trained,