Kuwait as Senior Manager & Head of IT auditing
Gulf Investment Corporation
Total years of experience :20 years, 11 Months
• Working with Gulf Investment Corporation, Kuwait as Senior Manager & Head of IT auditing since July 2011.
• 8 months with Oman International Bank as Manager - Head of IT Audit and Branches Audit.
• 6 years with Internal Audit dept of Bank Dhofar, as Senior Manager - Systems Audit and 3 years as Head of Internal Audit. Member of Bank's 'IT Committee' as well as 'Information Security Committee'.
• 2 years as Asstt. Gen. Manager in Internal Audit Department of ICICI, Mumbai, India principally responsible for IT Audit.
• 3 years as Manager in Systems Risk Management with PricewaterhouseCoopers in Mumbai, India.
• 3 years as Internal Auditor in Union Bank of India.
• 4 years as IT Manager in Union Bank of India.
Senior Manager-Head of IT Audit (July 2011 to now)
Senior Manager - in - Charge of the IT audit function in the Internal Audit department of Gulf Investment Corporation in Kuwait. The scope of work includes IT auditing and evaluation of IT security within the corporation as well as many other companies where it has invested.
Manager-Head of IT Audit & Branches Audit: (Nov 2010 to June 2011)
Manager - in - Charge of the IT audit function and branches audit function in the Internal Audit department of Oman International bank in Muscat. The Bank uses multiple banking applications including the CIF Core Banking system on AS/400 platform. Major projects included: • IT security assessment of the India Operations of the Bank. It included onsite IT audit of Mumbai and Cochin branches.
• Comprehensive review of the Business Continuity Management framework of the bank.
• Review of the IT controls in Swift system in the Bank.
• General IT Control reviews of a large number of the branches of the Bank.
Senior Manager - Systems Audit / Head of Audit with Bank Dhofar (January 2002 to Sept 2010)
Worked as Senior Manager - Systems Audit with Bank Dhofar till Dec.2007 and thereafter as Head of Internal Audit. The responsibilities included systems security and controls audit. Some major jobs performed include:
• Initiating and vetting of the IT security policy.
• Review of major retail and corporate banking applications.
• Review of the ATM Network of the Bank
• Training to Internal auditors on systems audit and use of CAATs
• Vetting of Internet security architecture of the bank.
• Review of business processes and systems related to the Treasury, HR and Swift communication functions of the bank.
• End to end review and monitoring of Core Banking system change project. It included pre-implementation audit, interim security reviews and project status reviews. Participated in the steering committee and senior management committee for monitoring of this project.
• Attending to the Audit Committee, IT Committee and Information Security Committee of the Bank.
Assistant General Manager with ICICI (June 2000 to Jan 2002)
Headed IT security and process controls audit function within Internal Audit Department of the ICICI group. The group offers all kind of financial services including web based retail banking, web based stock trading, depository, travel services, project finance, venture capital, leasing personal finance, home finance, and software solutions. The group companies are listed on NYSE.
Job responsibilities include review of processes and systems controls and security in respective lines of businesses of the group companies and ensure that appropriate operational and systems risk management practices are implemented and complied with. Major tasks performed so far include:
• Established IT audit function in the organization.
• Conducted IT controls review of ICICI InfoTech Ltd.
• Reviewed major applications for retail and corporate finance.
• Reviewed the corporate firewall
• Business and Systems review of 'icicidirect.com', a portal for online stock trading and 'payseal.com' the payment gateway project of ICICI.
• Review of user access controls in SAP
• Preparation of IS audit manual for audit department of ICICI.
• Obtained ISO 9001:2001 certifications for the IAD.
Manager with PricewaterhouseCoopers (May 1997 to June 2000)
Worked with PricewaterhouseCoopers for over 3 years as Manager in the Operational & Systems Risk Management (OSRM) practice that handled IT controls & security related issues of major corporates in financial sector. This included stints with local audit arms of PwC in India namely Lovelock & Lewes and Price Waterhouse.
Some major projects included:
• Supervision and review of data migration of a major commercial bank in Beirut (Lebanon) from legacy systems to GLOBUS.
• Prepared guidelines for audit of audience measurement of the Web sites hosted by publishers. This was first of its kind of effort in India.
• Review of Web based funds transfer and payment system of a very large FMGC corporate.
• Review of Ad Delivery Systems of a major Internet Service Provider.
• Review of various banking applications for application and IT controls.
• Led a team of 10 professionals for review of the computer systems of over 200 computerized branches of commercial banks.
• Review of FX and Fixed Income business operations of two well-known foreign investment banks for operational and systems controls and auditability. The banks have offshore data processing.
• Operational and systems review of Depository operations of a very large financial institution.
• Training to IT auditors of a large commercial bank.
• Y2K status review of a large number of clients in different industries on various platforms like Windows NT / Novell NetWare / UNIX / AS 400 etc. This includes Y2K status review of leading banks in India and Tanzania in line with guidelines from Central banks of respective countries.
• Review of IT Governance of a major steel plant working in SAP environment.
Manager in Computer Policy & Planning dept. of Union Bank of India
(Oct 1993 to May 1997))
Handled following major projects as Manager of Computer Policy and Planning Dept.
• Manager in-charge for Total Branch Automation Project. The bank has a large number of existing and planned sites each having 15 to 30 workstations. Two software solutions are used one of which runs on UNIX with INFORMIX Standard Engine and the other on Novell NetWare.
• Manager in-charge for stand-alone PC based computerization of over 350 branches. Stand-alone software was developed in-house using COBOL for computerization of Current, Savings, Remittances, Daybook & Clearing departments.
• Project Manager for Shared Payment Network System project. This is a network of ATMs shared by 38 banks in Mumbai. Union Bank of India is one of the founder members of this network.
• Manager in-charge for user training on branch computerization. More than 1200 personnel were trained by bank's computer Learning centres every year.
• Represented the bank in various committees of Indian Banks Association.
Major functions performed:
• Software evaluation.
• Feasibility studies.
• Fixing user's requirement specifications.
• Preparation of computerization plan.
• Guiding the branches to prepare for computerization
• Site preparation of selected branches.
• User training for branch personnel.
• Monitoring master creation.
• Application software configuration.
• Hardware procurement & installation.
• Supervision & guidance for conversion from old system to new system.
• Problem solving (troubling shooting)
• Management of Help desk situated at central office for users all over the country.
• Co-ordination with software developers for time bound delivery and bug fixation.
• Monitoring and follow up for bug fixing.
• Software testing.
• Problem escalation.
• Reporting to top management.
Experience in Banking and Finance
Multiple years of experience with Union Bank of India including 3 years as Internal Auditor and 5 years as Branch Manager.