Kondala Saladi
Summary:
. An individual consultant thrives in a fast paced environment
independently or as part of a team with 12 years of industry
experience. Ability to work independently under general direction with
extensive latitude for initiative and independent judgment.
. Superior project management and coordination skills provided for
internal and external Audits (E&Y, KPMG, PWC and Deloitte).
. Highly passionate for solving complex compliance \ business issues.
. Proven skills in RCA (Root Cause Analysis) \ GAP analysis relating to
regulation and compliance.
. Ability to collect, analyze, synthesize, clarify, and communicate
information effectively to the clients.
. Provided services for IT Compliance, IT Audit, IT Risk Management, VAL
IT and Governance implementation.
. Developed a risk awareness program and conduct training to ensure
stakeholders understand risk and contribute to the risk management
process and to promote a risk-aware culture.
. Identified potential threats and vulnerabilities for business
processes, associated data and supporting capabilities to assist in
the evaluation of enterprise risk.
. Provided IS control status reporting to relevant stakeholders to
enable informed decision making.
. Helped clients for compliance with GCC, standards/IT controls/process
improvement assessments, IT Compliance for Sarbanes-Oxley 404, ISO
27001, ITIL, and regulatory/compliance reporting.
. Provided high quality professional day-to-day management of client
projects.
. Led staff in Risk Management, Compliance and audit assists
assignments.
. Implemented IT Control frameworks based on COSO and "COBIT".
. Expertise services provided in designing controls performance
monitoring and evaluation systems.
. Co-managed gap identification/analysis and blueprint for the
requirements gathering to implementation process.
. Implemented communication plan and process flows for senior management
across all lines of business.
. Performed control design effectiveness evaluations for Sarbanes-Oxley
compliance efforts.
. Provided expertise in developing and implementing IT Risk Assessment
and Rationalization process.
. Helped clients for deficiencies risk
assessment/remediation/mitigation/Risk Control Matrix (RCM) in
industry standard audits.
. Evaluated, assessed and documented client General IT process and GCC
controls based on COBIT/COSO control objectives.
. Developed control mapping Tools for standard audits based on
COSO/COBIT objectives.
. Developed project plans for implementing controls environment,
developing narratives, process flows, policies and procedures.
. Trained and coordinated with process/system owners and performers on
day-to-day audit related projects.
. Designed and documented testing methodologies for different clients.
. Controls tested and documented for SOX 404, SAS 70, AUP, FSA and
Internal audit.
. Developed high-level project plans and time lines for implementation
and operational DR/BCP execution. Includes engaging technology project
managers to effectively design and deploy complex Disaster Recovery
technology projects.
. Facilitate Disaster Recovery Planning sessions as well as the project
meetings for the strategic DR solutions.
. Identify operations team roles and responsibilities for planning and
execution of DR solutions (Design, Build, Test, Maintain and Improve).
Education:
M.B.A., Technology Management, 2005
B.L.I.Sc., Information Science, 1996
Bachelor of Arts, Accounting, 1993
Professional Affiliations:
ISACA, CRISC, (CISA), (CGEIT), (CIA), IIA
Employment History:
KBTS Technologies Inc
From 07/01/2003 to till date
Title: Sr. Consultant / IT Audit
Drake Certivo Inc
From 10/1/2001 to 07/01/2003
Title: Sr. SME
Techspan Inc
From 02/01/1999 to 10/1/2001
Title: Sr. Consultant
Professional Experience:
NewEgg, Inc., City of Industry, CA - 10/10 - Present
. Provided services to test PCIDSS, IT General Controls (ITGC) and
application controls internally for Compliance.
. Provided services for SOX IT controls testing in China, US and Taiwan.
. Provided services for Risk Assessment Methodology development.
LPL Financials, San Diego, CA - 01/08 - 08/10
Sr. Compliance Analyst / Liaison (SOX Compliance and IT Audit)
LPL is a pre-IPO company and provided professional services to establish
control framework and compliance with SOX, SAS 70, and FSA audits. That
included supporting business activities to identify risks in the
organization, provide recommendations for improvement of controls including
reducing the possibility of fraud, inaccurate financial reporting and
inefficient operations. Involved in planning and execute IT internal audit
engagements; including IT General Controls (ITGC) and IT application
controls related to SOX, SAS 70, FSA and Internal audit.
. Provided training to IT and business groups on operational
effectiveness and efficiencies opportunities.
. Provided consulting services for organizational management,
departments, and staff.
. Provided training, coaching, and supervision to staff on multiple
audit compliance projects.
. Implemented and performed Risk Assessment and Rationalization
procedures to ensure accurately addresses the risks of the control.
. Performed walkthroughs and documented Narratives & flowcharts for
business and IT process areas.
. Provided services in creating documentation of risks & controls
matrices (RCMs) within the various processes.
. Identified key/non-key controls and mapped with COBIT/third party
Objectives.
. Evaluated critical business systems, interfaces with application
development and supporting infrastructure for regulatory, security
compliance and process repeatability.
. Worked with Business technology and operations teams towards
compliance of Corporate IT Control Policies and regulatory (SOX 404,
SEC, FINRA, SAS 70, AUP, FSA) requirements.
. Prepared detailed test plans/test scripts, documentation methodologies
for audit results and findings.
. Documented test results, generated result reports and communicated the
results of audit and consulting projects via written reports and oral
presentations to IT management and stockholders.
. Partnered with business/control owners to recommend practical
remediation solutions for control weaknesses including plan of action
(MAP - Management Action Plan) and follow-up.
. Acted as liaison between control owners/performers and third party
auditors (Deloitte) on coordination, tracking and completion of
audits/finding and remediation.
. Provided consulting services to IT and Needs management teams for
developing SDLC, Vendor management policies and procedures.
. Provided services to test IT General Controls (ITGC) and SOX controls
internally for monitoring and evaluation.
. Developed and maintained productive client, staff, and management
relationships through individual contacts and group meetings.
Wells Fargo Bank, Denver, CO - 08/07 - 12/07
Senior Sarbanes-Oxley Consultant (IT Audit for SOX)
. Performed walkthrough reviews of IT processes and documented
Narratives & flowcharts for business and IT process areas.
. Provided services to identify control activities, documented and
validated key design risk points, gaps, mitigating and/or compensating
activities.
. Performed testing SOX ITGC controls testing on Windows 2003/2000
Server, Databases (SQL Server 2005/2000), and desktop Windows OS,
UNIX, Active Directory, Mainframes (CICS, Z/OS, etc) and Enterprise
Information Management (EIM).
. Involved in updating audit frame work and internal audit testing
procedures.
. Reviewed methodologies for identity management controls and tested.
. Provided effective verbal and written communications including
presenting findings and recommendations to stakeholders and
management.
. Partnered with business/control owners to recommend practical
remediation solutions for control weaknesses including plan of action
(MAP - Management Action Plan) and follow-up.
Ameriquest, Garden Grove, CA - 07/06 - 12/06
Senior SOX Consultant (IT Audit)
. Developed work plan and testing procedures for 2006 SOX
implementation.
. Involved in control analysis and design for new applications in 2006
based on Cobit V.3.
. Performed controls testing including Computer Operations/Operating
Procedures, Logical Security, Physical Security, Identity Management,
Disaster Recovery and Contingency Planning, Change Management Process,
Software Development Life Cycle (SDLC), Data Center Environments,
Vendor Management, Network and Application controls.
. Provided effective verbal and written communications including
presenting findings and recommendations to stakeholders and
management.
First American, Santa Ana, CA - 07/05 - 06/06
Senior SOX Consultant (IT Compliance)
. Involved in GAP analysis, Audit program development, and enhancements
for IT and SOX compliance and rationalization.
. Completed remediation testing for, Hyperion financial reporting,
Oracle 11i Applications (AP, AR, GL, and JE), Database Security
controls, and change management controls.
. Tested Security, Data Management, Computer operations and Change
management controls for windows, UNIX and other proprietary systems.
. Provided effective verbal and written communications including
presenting findings and recommendations to stakeholders and
management.
E&Y, Atlanta, GA - 10/04 - 03/05
Senior SOX Consultant (IT Audit)
. Involved in GAP analysis, Audit program development enhancements for
IT and SOX compliance.
. Developed work plan and testing procedures for Information Technology
and AP, AR functional controls.
. Identified and documented ITGC and application controls leveraging
COBIT framework.
. Performed control design effectiveness evaluations for Sarbanes-Oxley
compliance efforts.
. Managed Sarbanes-Oxley test of controls engagements for Oracle 11i
Applications (AP, GL, JE), Security controls, change management
controls for OS, Site Minder and Other custom application systems.
Bookspan, Garden City, NY - 09/03 - 07/04
Senior IT Governance Consultant
. Performed control design effectiveness evaluations for Sarbanes-Oxley
compliance efforts.
. Evaluated critical business systems interfaces with application
development and supporting infrastructure for regulatory security
compliance and process repeatability.
. Developed work plan and testing procedures for Audit Services'
Sarbanes-Oxley efforts for IT controls for Oracle Application, 9iAS
and LDAP systems.
. Supervised information systems reviews for energy generation and
transmission companies.
. Researched technologies and developed audit programs outlining
evaluation process and testing procedures.
State of NV - 07/03 - 08/03
Senior IT Audit Consultant
. Developed work plan and testing procedures for Information Technology
controls.
. Participated in data modeling, overall application design, business
and functional requirements gathering and analysis with Oracle and
LDAP systems.
Drake International, Inc., Irvine, CA - 09/01 - 12/02
Sr. SME
. Involved in creating and implementing CPFR 9 processing steps for SCM.
Developed process and procedures for the front-end agreement, Joint
Business Plan, Financial Forecasting, exceptions, resolving exceptions
and order generation.
. Provided business logic in Oracle 9i environment. Designed and
developed an interactive training course in CPFR for Drake clients.
. Participated in technical platform identification and selection,
overall application design, business and functional requirements
gathering and analysis.
. Prepared use case analysis and documentation using Visio.
. Facilitated collaborative meetings with other SMEs.
. Involved in data modeling and database development including SQL,
PL/SQL, and Packages.
. Created Tables, Functions, Procedures, Packages, and Triggers for OLTP
and Data Warehouse (DW).
Qsent, Inc., Portland, OR - 05/01 - 09/01
Security Implementation - Functional Application Developer
. Evaluated Crystal Reports and Webtrends.
. Provided design and development standards and specifications for
reporting tools and assisted development team with system integration.
. Involved in design, deployment, and maintenance of iPlanet's Directory
Server.
. Implemented LDAP Namespace Design on Solaris. Involved in Data Design
and Schema Design for LDAP server. Involved in analysis and design
phase for creating web interface with Search, Add, Delete, and Edit
functions for LDAP database.
. Created Java interface to communicate between LDAP server and Oracle
database. Migrated authentication from WebLogic to Directory server.
. Requirements specification, analysis and documentation.
. Use case analysis and documentation using Rational.
. Involved in data modeling and enhancements.
. Created procedures to read files and inserted data into Oracle.
. Involved in integration of BEA WebLogic authentication with LDAP
server.
. Developed test cases and test scripts.
KANA Communications, Menlo Park, CA - 03/00 - 04/01
Applied Technology/Software Developer
Project: Kana Onyx Integration
. This project involved the integration of the Kana and Onyx systems.
Kana Response 5.0 was used for e-mail management while the Onyx CRM
was used for incident management with site minder security system.
Project: Kana Siebel Integration
. This project involved the integration of the Kana and Siebel systems.
. Kana Response 5.0 was used for e-mail management while the Siebel was
used for Customer Relationship Management.
Project: MS SQL to Oracle Migration
. This project provided enhancements and customer support for Kana
Server, Kana Forms, and Kana Reports. The main objective of this
project was to migrate MS SQL Server to Oracle Version 8.05 database
platform.
. Provided support for client to replace eGain software with KANA. Major
support provided for analysis and design issues of database migration.
MS SQL support and troubleshooting of real time errors.
. Developed custom API for client requirements. Responsible for design,
development, and testing of the package.
Globalstar, San Jose, CA - 03/99 - 04/00
Programmer Analyst
Project: Windows NT to Solaris 2.6 migration
. As a web master, managed Intranet for GlobalStar.
. Provided migration from Windows NT to Solaris.
. Replaced IIS Web Server with Netscape Enterprise Server.
. Implemented Netscape SuiteSpot Servers 3.6 on Solaris. ASP programs
were replaced with JSP, CGI, and Perl.
. Provided LDAP security services in the place of IIS security. Involved
in data modeling and development for online user transactions.
. Designed database tables in Oracle. Provided Java applications for
server side scripts.
Technical Skills:
Internal Controls:
Compliance, Governance, CSA, IT Audit, Testing, Remediation and Reporting.
Integrated Compliance Areas:
SOX 404, SEC, SAS-70, AUP, FSA, FISMA and HIPAA.
Work paper Documentation Tools:
Adobe Acrobat, Microsoft Word/Excel/Visio, PowerPoint, etc.
Technical Summary:
Databases, Oracle 11i-ERP (e-Business suite), Oracle 9iAS, SAP, PeopleSoft,
SIEBEL, Hyperion, KANA (CRM), LDAP, Active Directory, Lotus Notes, SYBASE,
MS SQL, MS Office (Word, Excel, Visio, and PowerPoint), MS Access, ACL, Web
technologies, J2EE, Custom applications, Mainframes, CICS, Z/OS, McAfee,
Symantec, CISCO, Windows, Active Directory, MS Exchange 2007, CITRIX, and
Unix, etc.
IT Compliance Areas:
Databases, Networking and Infrastructure, Operations / IT Procedures, OS's,
Change Management, SDLC (Systems development life cycles), Applications,
ERP Systems, Physical and Logical Security, QA (Quality Assurance
standards), PM (Project Management) standards, Industry compliance,
Disaster Recovery, BCP (Business Contingency Planning), Vendor Management.