Sign in

Quality Assurance Manager

San Ramon, California, 94582, United States
March 10, 2011

Contact this candidate
Sponsored by:
Post Jobs to
Multiple Job Boards &
Get more Candidates
Try it Free!
Start your 30-day
Free Trial

Nish Gokli CISA, CIA

*** ****** *****

San Ramon, CA 94582

Phone 408-***-****


Compliance & Risk Management Executive

A dynamic, results-oriented leader with a track record of success in

development, consulting, and auditing.

SOX 404 Compliance / Banking Regulatory Compliance (FFEIC, OTS) / PCI DSS

Compliance, GLBA Compliance / Infrastructure Security / Penetration

Testing / Physical Security / Application Security / Technology Operations

/ Technology Due Diligence / Data Analytics




Frameworks & COBIT, ITIL, ISO 27001, ISO 27002, NIST 800-53, SDLC,

Methodologies PDLC, COSO, COSO ERM,

Tools: ACL, TeamMate, AutoAudit, SekChek, Vantos, Mandiant,

Archer, Qualys, Vontu, AppDetective, AppScan, NetIQ

Platforms: Windows, Linux, UNIX (Solaris, AIX), AS/400, OS/390,

MVS (RACF, Top Secret), Firewalls (CISCO, PIX),

Networking (routers, switches, protocols), Symantec

Security Operations Center (SOC)

Databases: Oracle, SQL Server, DB2, MySQL, MS Access


Professional Experience

PayPal - San Jose, CA

05/10- Present

Senior Manager Seller Risk Management Policy Assurance

. Lead the SRM policy assurance function responsible for implementing a

quality assurance function to manage seller risk such that PayPal can

confidently and profitably provide payment acceptance services to any

legitimate seller.

. Assess the effectiveness of the key processes in the merchant on-

boarding, monitoring, and collections to proactively manage PayPal

loss from sellers, while supporting PayPal's brand promise and

strategic growth imperatives.

eBay - San Jose, CA

Apr-07- May-10

Senior Manager Technology Audit

. Global responsibility for IT audit function at eBay, Skype, and

businesses located in US, Europe, and Asia Pacific regions.

. Managed an "insider threat assessment" to test the ability of a

"Trusted Insider" to obtain unauthorized access to restricted data for

compliance with PCI-DSS and GLBA regulatory requirements.

. Assessed the effectiveness and efficiency of the Vendor Security (VS)

processes for assessing vendor ability to obtain unauthorized access

to restricted data for compliance with PCI-DSS and GLBA regulatory


. Performed a security and operational assessment of the production

Oracle database environment. Scope included using the "AppDetective"

tool to compare the security configurations against the CIS benchmark


. Supported the SOX Project Management Office to provide testing of

"Key" Controls to ensure compliance with Sarbanes Oxley legislation.

1. Assessed the effectiveness of the threat and vulnerability management

process. Scope included evaluation of the process to identify and

remediate vulnerabilities, track closure, management reporting, and

the interface with the configuration management process

2. Assessed the effectiveness of the security incident management

process. Scope included evaluation of the process for detection,

triage, analysis, reporting, and response for security incidents.

. Collaborated with the Financial and Operational Audit team to manage

integrated audits of "Paid Search" marketing, and Affiliate Marketing


Nationwide Insurance - Columbus, OH

2004 - 2007

AVP Information Systems Audit

3. Officer leading the IT audit group for one of the largest insurance

and financial services company with more than 148 Billion in statutory

assets and net revenues of over $20 Billion.

4. Member of a formal governance team which consisted of Audit, Legal,

Privacy, ERM, and Information Risk Management to ensure that PCI-DSS

and GLBA requirements are met.

5. Assessed the maturity of the Nationwide Privacy Compliance program by

understanding level of exposure, key policies and procedures in place,

the current implementation of processes and controls to support the

standards, and detailed testing of privacy controls to ensure

continued compliance with changes in business model.

6. Led the effort to develop the risk based Internal Audit plan. Develop

and execute yearly risk management plan (with the concurrence of Audit

Committee). Provide feedback on control environment of the company to

Senior Management and the Board. Collaborate with external auditors to

address and resolve corporate control issues.

7. Enhanced the capability of the Internal Audit team via the

implementation of data analysis software (ACL) for department. ACL

was used to uncover fraudulent insurance claims, employee expenses,

and non-compliance with procurement policies.

8. Managed pre-implementation reviews of development projects to ensure

effective project management oversight, appropriate application,

logical access, and security controls, adequacy of the development

process (functional and technical design reviews, testing), and

training of end users to support the changes.

9. Member of steering committee responsible for establishing internal

controls to ensure compliance with Sarbanes Oxley (404) legislation.

Internal Audit team provided support by testing key controls which

were relied upon by the external audit team.

10. Managed information security and risk management audits to ensure

protection mechanisms and controls throughout the enterprise are in

place and working effectively. (Included Infrastructure audits of

UNIX, Windows, AS/400, MVS, RACF) as well as Information Risk

Management activities (Security Exception Process, Software License


AT&T - Bridgewater, NJ

2003 - 2004

Director Integrated Audit (Procure to Pay Process)

. Global responsibility for AT&T Business Services (ABS) & AT&T Consumer

Services audits and special projects for customer care and global

network technology solutions organizations. Responsibility included

almost every aspect of the company's operations and functions such as

ordering, provisioning, credit, billing, statutory and legal

compliance, customer and vendor contracts, due diligence, network

operations and maintenance, and infrastructure investment management.

. Responsible for working with the external auditors, finance and

technology leadership team, and controls owners to document the key

financially significant business processes, the relevant technology

supporting those processes, validation of the key controls, and

testing of the key controls in support of initial compliance activity

for SOX.

. Developed an integrated audit approach which uses a multi-disciplinary

approach to risk management and is adaptable to changing operating

model of the company.

. Assessed the effectiveness of the Vendor Management (VM) processes

including processes for determining vendor selection, request for

proposal (RFP) processes, contract review, service Level agreement

(SLA) compliance, and performance review; invoice validation and

payment approval

Outsourcing Partnership LLP - Moorestown, NJ

2001 - 2003

Senior Manager Technology Audit

. Outsourced IT audit support for multiple regional banks in NY and NJ

to ensure compliance with regulatory requirements (FFIEC, OTS).

Responsibilities included performing the risk assessment, conducting

the audit, and reporting the results to the Audit Committees.

Ernst & Young LLP - New York, NY

(1997-1998 & 1999-2001)

Manager Security and Technology Solutions

. Assisted a financial services company to design and implement a global

technical architectural solution. The engagement entailed product

selection, prototyping the solution and working with the client to

implement the solution as a pilot in London.

. Assisted a financial services company to identify process changes and

technology solutions to modify their stock options administration

business. The engagement entailed the client to achieve efficiencies

ranging from 67 to 90 percent.

. Assisted financial services & publishing company to identify the gaps

in their information security program and recommended technical and

organizational changes to address the gaps. Authored security

policies, standards and procedures to facilitate security

administration of their computing environments.

. Performed and managed many information technology due diligence

efforts for Mergers & Acquisitions (M&A) and Initial Public Offerings

(IPOs). This entailed analysis of the following: existing systems,

information technology integration plans, year 2000 exposure, and

analysis of the data center personnel.

. Experience in Software Quality Assurance services, which include pre-

implementation reviews, assessing Quality Assurance departments,

developing system test strategies and plans, and evaluating and

designing system controls, in both the mainframe and mid-range


Pricewaterhouse Coopers LLP - New York, NY

(1998 - 1999)

Manager Technology Risk Services

. Managed logical and physical attack and penetration projects

associated with Client/Server Platforms, Telecommunication

Environments, Local Area Networks, and the Internet.

. Managed information technology feasibility study for migration of the

Accounts Receivable (A/R) package from a legacy to a client/server

platform. This entailed analysis of the requirements, the possible

alternatives, and the risks associated with the different options, and

product selection based on the technical, economic, and timing


IBM - Kingston, NY

(1987 - 1996)

Staff Engineer

. Developed firmware for the IBM (ES9000, 9121) using Software

Development Life Cycle (SDLC) methodology (requirements gathering,

analysis, design, development, testing, quality assurance, and



Education and Credentials

New York University - New York, NY

Master of Business Administration (Finance/Marketing) 1997

Polytechnic University - New York, NY

Master of Science (Computer Science) 1992

Bachelor of Science (Electrical Engineering) 1987

Technical Certifications

Certified Internal Auditor (CIA)

Certified Information Systems Auditor (CISA)


Member, Information Systems Audit and Control Association (ISACA)

Member, Institute of Internal Auditors (IIA)


United States Patent 5754810: Specialized millicode instruction for

certain decimal operations

Contact this candidate