S Michael Irudayaraj

• Act as the primary point of contact for IT audits, handling escalations and ensuring timely closure of audit observations.
• Conducted periodic assurance reviews, identify risk, prioritize remediation efforts and presented findings to senior
leadership.
• Supported management in responding to audit findings, implementing controls and ensuring compliance with audit
recommendations.
• Led the creation and periodic review of IT Policies, Procedure and SOPs, ensuring alignment with regulatory
requirements and best practices.
• Executed Risk and Control Self Assessments (RCSA) to proactively identify, assess and address emerging risk across
IT processes and systems.
• Conducted security architecture reviews based on Technology Architecture best practices.
• Leveraged data analysis, AI-driven risk scoring and visualization techniques in risk assessment and assurance execution
to highlight trends, anomalies and high-priority issues.
• Developed and implemented AI-based assurance methodologies to improve risk identification efficiency and enabling
proactive remediation.
• Designed Power BI dashboards for real-time tracking of audit findings, risk remediation progress and compliance KPIs
for senior leadership.
• Drove control automation and streamlined audit processes to enhance efficiency and coverage.
• Collaborated with stakeholders to mitigate risks and develop actionable remediation plans.
• Prepared monthly and quarterly IT governance packs for senior management, incorporating interactive dashboards and
visual analytics to enable comprehensive oversight and informed decision-making.
• Managed and mentored assurance team, ensuring timely, quality execution of assurance engagements.
• Stayed updated on emerging regulations and adapt assurance plans accordingly.

• Managed and delivered risk-based audits for the Internal Audit Team focusing on Technology Risk and IT Audits
across core banking processes, systems and products.
• Applied AI-driven audit techniques to enhance efficiency in risk-based audits.
• Developed and implemented audit plans, including preparation of engagement timelines, scope definition and
stakeholder communication.
• Conducted Integrated Audits covering IT and Business processes to evaluate end to end control effectiveness across
systems and operations.
• Assessed SDLC and DevSecOps controls to validate secure development practices, change management, CI/CD
practices, leveraging tools such as Jenkins and GitLab. Also evaluating API integrations and microservices
architecture for compliance and security.
• Performed security architecture reviews based on Technology Architecture best practices like NIST, ISO 27001 etc.
• Conducted risk assessments to identify potential areas of risk within organizations technology systems.
• Maintained and reviewed audit documentation to ensure accuracy and adherence to internal standards.
• Prepared audit report, including findings, risk impact assessment and root cause analysis.
• Designed Power BI dashboard and visual analytics to track IT risk trends, issue remediation timelines, and audit
outcomes for senior management.
• Communicated the audit results to stakeholders, obtaining agreement on the issues and remediation timelines.
• Enhanced stakeholder reporting by embedding AI-generated insights into audit documentation and dashboards.

• Identified, designed and assessed technology controls across diverse platforms (Mainframe, Teradata, AS400,
Windows, Unix, Networks, Cloud platforms like GCP, AWS, EKS, GKE and more) to safeguard critical assets.
• Tested and documented IT controls using tools such as Archer, Panther and Service now. Also automated control
processes with macros and other audit tools to enhance efficiency, accuracy and compliance reporting.
• Conducted cloud control assessments based on ECCF framework and led end-to-end management for service
specific controls, including scoping, testing and stakeholder coordination.
• Applied risk frameworks (COBIT 5, COBIT 2019 and NIST CSF) to map and enhance control libraries, improving
risk coverage.
• Performed security architecture reviews based on Technology Architecture best practices.
• Implemented process improvements by creating playbooks, remediating audit findings and establishing continuous
monitoring processes for controls.
• Built and mentored high performing teams from the ground up.
• Served as a Scrum Master, managing teams of 30+ members, facilitating standups, planning and monitoring project
workflows using JIRA.
• Skilled in automation and Qlik Sense dashboard productionization for enhanced reporting and analytics.
• Delivered training to new joiners, accelerating team readiness and performance.
• Recognized for excellence in QA, process innovation and effective collaboration.

• Strengthened Wells Fargos global IT control testing strategy within Enterprise Information Technology (EIT),
enhancing governance and assurance across critical technology and operational processes.
• Delivered robust control assurance by performing design and operating effectiveness testing, conducting root cause
analysis and presenting actionable insights to senior stakeholders.
• Executed end-to-end control reviews across IT applications, infrastructure and security platforms, identifying control
deficiencies, recommending remediation, and improving the overall risk posture.
• Ensured audit readiness and regulatory compliance through meticulous documentation, adherence to record retention
standards and timely issue remediation tracking.
• Led and coordinated Control Review Operations and key risk initiatives, optimizing review methodologies and
improving efficiency and consistency in control evaluation.
• Partnered with U.S.-based risk teams and other functions to align testing outcomes with enterprise risk frameworks,
while mentoring junior specialists to elevate team capability and delivery quality.

• Executed several Third-party reporting engagements including Service Organization Controls Reporting (SOCR)
engagements pertaining to SSAE 16 as well as ISAE 3402 standards.
• Performed business process and IT General Controls (ITGC) reviews, identifying control deficiencies and
recommending actionable improvements to strengthen compliance and governance.
• Conducted application and configuration control reviews for manufacturing clients, ensuring system integrity and
operational resilience.
• Supported internal audit functions as a loan staff for a leading IT organization, contributing to information security
and Privacy (GDPR) audits across multiple technology and BPO accounts.
• Executed secure configuration reviews and vulnerability assessments for major technology clients.

• Executed several Third-party reporting engagements including Service Organization Controls Reporting (SOCR)
engagements pertaining to SSAE 16 as well as ISAE 3402 standards.
• Performed business process controls and IT General Controls review for clients from various sectors like Bank, IT,
ITES and BPO.
• Performed application control and configuration reviews for technologies supporting the applications as
a part of the FAIT engagements for clients from manufacturing sectors.
• Performed security controls review and risk assessment as part of the data center reviews.
• Conducted secure configuration reviews and vulnerability assessments to eliminate insider threats for major
telecommunication, BFSI and technology sector clients.

• Led PCI DSS transition projects to version 3.0 for diverse clients, including major BFSI institutions, telecom service
providers, ticketing platforms, and e-commerce organizations, ensuring compliance with the updated security
standards.
• Executed PCI DSS implementations (versions 2.0 and 3.0), delivering gap assessments, vulnerability assessments,
risk assessments, system hardening and configuration reviews for leading BFSI, telecommunication and technology
sector clients.
• Conducted an RBI PSS Audit for a leading payment service provider, strengthening compliance with regulatory
requirements and enhancing payment security controls.
• Performed secure configuration reviews and vulnerability assessments to mitigate insider threats and reinforce
security posture for clients in telecommunications, BFSI and technology sectors.