Taran K Bhasin
516-***-**** acd5zo@r.postjobfree.com
Summary: 15 years’ experience in the field of IT Audit, Security and IT Risk Management; Infrastructure, Databases, Applications and
SOX Audits, Implementation Quality Assurance reviews, Business Process Re-engineering, Risk Control Assessments and Third Party
Assurance Services for Financial Services clients.
Objective – To seek a position as a Senior IT Audit Manager.
Work Experience
CitiCorp New York, NY
Technology Information Security Risk Management Consultant August 2012 – Present
o Risk Assessments and Quality Assurance reviews of Technology Infrastructure and Applications.
o Knowledge of Global Risk Management systems and processes including Information Security Risk Assessment Process
(ISRA), Third Party IS Assessments (TPISA), Infrastructure and Applications Risk Management, Information Security Incident
Risk Assessment (SIRT).
o Reviews of Issues, Exceptions and Remediation efforts by various teams globally including North America, Canada, Asia
Pacific, EMEA, Europe, South America and Australia.
o Provided training on Risk controls and use of Archer system to team members globally.
o Creation of Risk Metrics reports including for Senior Management providing a standard and consistent view of IS risks, issues,
actions and progress to all sectors, businesses and regions.
o Worked closely with Business Information Security Owners (BISOs), Technology Infrastructure Security Owners (TISOs),
Information Security Officers, Risk Officers, Business Owners, Audit Management and Citi Architecture and Technology
Engineering (CATE).
o Knowledge of Key Risk Management Systems: Archer, Integrated Corrective Action Plan System (iCAPS), City Information
Risk Assessment System (CIRAS), Third Party IS Assessment Questionnaire (iTPAQ), Citi Systems Inventory (CSI), City
Technology Catalog (CTC).
o QA Reviews including Risk assessments of Global Issues and Exceptions.
o Ensuring appropriate reporting of violations of CISS 8.0, COB, CITMS, System Security Testing (SSTS) standards.
o Reviews of Global Issues and Exceptions related to Application Vulnerability Assessments (AVA), Citi Infrastructure
Vulnerability Assessment (CIVA), Multi-Factor Authentication (MFA), Electronic Transfer Media (ETM), Vulnerability and Threat
Management (VTM), Continuity of Business (COB) etc.
Morgan Stanley New York, NY
Technology Information Security Consultant Sept 2010 – July 2012
o Infrastructure security reviews including AC2, RACF, Top Secret, AS400, Databases and Unix environments.
o Work closely with the business process owners, risk managers, security administrators, database administrators to evaluate and
monitor processes, design, controls and remediation of Issues.
o Developed and maintained SharePoint site for documenting security processes including provisioning, privileged access,
entitlement reviews, use of Functional Ids, Metrics reporting, tracking Issues, Exceptions and Remediation plans.
o Worked closely with risk managers and Audit management to discuss remediation plans for outstanding Issues.
Jefferson Wells New York, NY
IT Audit, Technology and Information Security Consultant June 2006 – May 2010
o Sarbanes Oxley Planning, aligning internal controls framework with global standards (HIPPA, COSO, COBIT, NIST, ISO,
HIPPA), Process reviews, developing test plans, execution of test plans and remediation of deficiencies for Financial and Insurance
clients.
o Strong knowledge of System Development Life Cycle (SDLC), participation in Pre-implementation, Post-implementation, and
Applications reviews. Participation in IT Project Initiatives of Mergers and Acquisitions and identification of opportunities for
conversion of applications/ data.
o Security entitlement reviews of various front and back-office applications including Treasury Management System (TMAN,
TREASURA), Bonds Access Management system (BAMS), JD Edwards and Great Plains Financial systems (Account Payables,
Account Receivables, General Ledger).
o Review of User acceptance (UAT) and Quality Assurance (QA) testing and independent testing for various applications including
BAMS (Bonds Access Management System) and Reinsurance systems.
o Change Management system reviews including PVCS, CVS and Tripwire.
o Knowledge of middleware including Informatica, Data Junction and MQ Series.
o Knowledge of SAP Basis/ Netweaver, SAP BW, segregation of duties (SOD) for SAP FI module and use of tools Virsa
Enforcer, Virsa Calibrator, SAP Netweaver/ Basis.
o Development and management of Microsoft SharePoint site to collaborate with security and risk managers during security and
risk reviews.
o Creation of reports in Business Objects.
Bank of America New York, NY
IT Audit Consultant Dec 2003 – June 2005
Security entitlement reviews of UNIX, AS400 and Windows environments.
o
Performed reviews of Sybase, Oracle, DB2 and SQL server database configurations and compliance with guidelines.
o
Knowledge of various project management methodologies including use of tools (Erwin, Test Director, ISS Scanner for
o
UNIX/ Windows, Cognos, Crystal reporting, Microsoft SharePoint).
Project Management and Applications Reviews including integrity controls, interfaces, file transmissions, input, output,
o
processing and security entitlement controls of Financial Applications such as Front-Office (Trading, Treasury, Credit Risk, Market
Risk) and Back- Office applications (Fixed Income and Equities ADP, General Ledger) systems.
o Reviewed TCRIS, MACRISK and ALGO (Credit, Market Risk and Collateral) systems functionality including risk engines
and analytical tools (Riskwatch and Risk Warehouse).
`
o
HSBC Bank New York, NY
Senior IT Audit Auditor Dec 1996 – Nov 2003
Developed detailed understanding of various financial assets and processes including equities, fixed income and
o
derivatives from applications risk and risk management perspective. Demonstrated expertise in understanding complex business
processes including front-office and back-office trading systems, securities custody and settlement processes and systems. Prepared
flowcharts using Visio to document process flows and identifying key risks and controls. Continuous Controls Monitoring and
consistent set of rules across businesses.
Applications Reviews including controls over interfaces, file transmissions, input, output and processing controls, integrity
o
of data and security entitlement reviews of FNX Option system, FX Foreign Exchange, PM Precious Metals, MUREX (Emerging
Markets), Electronic Data Interchange (EDI), Banknotes, Clearing House systems including DTCC, Euroclear and Cedel,
Silverlake Financial systems. Demonstrated global project experience.
Review of Business Recovery and Disaster Recovery processes and procedures and participation in routine tests.
o
Participation in Automation projects for the audit departments.
o
Use of Lotus Notes, Auto Audit, Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Project, Visio, ACL,
o
SQL Queries.
Implementation of six Sigma Tools including root cause analysis, management by facts (MBF), DPMO (Defects per
o
million outstanding), DFSS (Design for Six Sigma).
KPMG Peat Marwick New York, NY
IT Auditor May 1994 – Nov 1996
o Conducted SAS70 audits and reviews for major Third Party Data Centers including ADP and FISERV.
o Participation in Infrastructure audits including information security, databases (Oracle, Sybase), change controls, disaster and
business recovery of UNIX, Linux, Tandem, IBM Mainframe (MVS – CA Examine, ACF2, RACF, Top Secret) and AS/400
operating systems.
o Extensive experience with services industries and vendors including ADP (Brokerage Processing Services /BPS, IMPACT
/Fixed Income) and SUNGARD (INTRADER).
Applications reviews including Assets inventory, Checking, Savings, Demand Deposits and Investment Management
o
systems.
Education
STONYBROOK UNIVERSITY Stonybrook, NY
Masters in Economics
BA - Economics, Minor in Computer Science
Skills/Activities
o Excellent written and oral communications skills
o CISA – Certified Information Systems Auditor
o Various technical seminars and courses include; Certificate in Computer Information Systems, Queens College;
o Audit and control of Risk Management and Financial markets (Carnegie Mellon); International Money & Capital
o markets (New York Institute of Finance); Fundamentals of Securities Industries (New York Institute of Finance);
o Network TCP/ IP Windows NT Server (Global Knowledge); Certificate in Client/ Server technology including
courses in UNIX, Data Modeling, Oracle, programming concepts in E-Commerce.
o
Courses in SAP Virsa Enforcer and Virsa Calibrator (SAP); SAP Netweaver/ Basis, MySAP Finance Modules
o
including FI, Planning and Implementation SAP Projects (Skillsoft)
o Advanced skills in Microsoft Word, Excel, PowerPoint and SharePoint.