Group IT Auditor
Al Shirawi group
مجموع سنوات الخبرة :24 years, 9 أشهر
Working as group IT auditor and managing following areas of work
Audit of IT infrastructure
IT Audit of Oracle EBS and other applications
Audit of new IT initiatives
Provide expertise in ISO 27001 and ISO 9001 audit, operation and implementation
Provide inputs and SME opinion on different initiatives, agreements, new development
Highlight key findings on monthly basis in the Audit and IT committee comprising of CEOs, IT Director and Head of Internal Audit and Finance
Assessment of SOX and SAS 70 controls
Data Security and Privacy consultant for the project
Review of user management, change management, incident management, on-off boarding activities and workplace security
Suggest process improvements and facilitate better understanding on audit requirements
Prepare detailed work papers to document assessment methodology and results
Review work papers and documentation /evidences of other assessors and guide them
Respond to queries from client’s auditors
Reporting on overall project status and compliance status to senior management
Ensured applications supported by me had no findings in the external auditors report
Planning of Audits: Decide Focus Areas, Selection of projects and functions, Publishing audit plan, Conducting audit orientation / training
Execution of Audits: Prepare audit checklist; conduct audits against company defined security policies and procedures, ISO 27001, PCI DSS, ISO 9001, QMS and CMMI
Review of Project Plan, Process Documents, Risk management, Access Controls, BCM, amongst other things required by PCI DSS and ISO standards for Security Compliance and data privacy
Audit Findings Closure: Assist teams in effective closure of NCs; Verification of NC closure and review of causal analysis, Corrective and Preventive actions
Internal Audit Reporting: Tracking of audit findings, Weekly status reports, Findings analysis report, Executive summary report for senior management; Ad hoc reports
Played instrumental role in refining the audit process by introducing and implementing major changes.
Involved in SAS 70 initiative: defining control objectives and activities; overview and training sessions; conduct audits; evidence review and tracking
Undergone SOX audit and pre audit tests for Finance team
Liaison with External Auditors for smooth conduct and facilitation of external audit
Part of ISO 27001:2005 (ISMS) implementation team and compliance team
Involved in Risk assessment specific to ISMS implementation and other audits
Key role in ensuring timely billing and in turn preventing revenue leakage
Involved in responding to RFI and proposal
Worked as a Process Consultant / Quality Lead for IT Team
Involved in documentation of various processes and setups
Contributed as Audit Team FAR in successful completion of CMMI Level 5 v1.2
Conducted training sessions on various areas of work.
ERP point of contact for the company
Reporting
Cash flow management
Team management
Signing authority
Contract Compliance - Review / Audit of invoices on the basis of contracts
Prepare analysis reports highlighting issues, Follow up and closure
Applications used: SAP 4.6d, Brio Query, Excel
Accounting
Reporting
Managing team
Signing authority
Accounting
Audits and set up of Financial systems with better controls for the clients
Applications used: Tally, Taxbase, Lotus 123, Word, Excel, Foxpro, Dbase
Rank 2 in Pune Region