Resume: Gitanjali Ramamurthy (Gita)

Educational Qualifications:

Master’s in Business Administration (Major in Information Technology and Finance) ICFAI Business School, New Delhi, India

Trainings and Certifications:

CISA

CRISC

Attended and passed Information Security Management Systems Lead Auditor Course BS ISO/IEC 27001:2005 (Certified by IRCA)

CMMi Assessor training by QAI and SEI Carnegie Mellon University

Supplier Risk Management training by Philips

Service Now GRC and IT Controls set up

Work Day Audit

Certified Green Belt Training by Philips and General Electric

ITIL V3 Foundation Certificate

Green Belt Certificate from Philips

Project Management by PMI registered institute, Singapore

CCAK (Pursuing)

CDPSE (Pursuing)

CSX (Cybersecurity Foundation)

Professional Experience

Alberta Electric System Operator (AESO)

Senior Audit Advisor

May 2016- Present

Job responsibilities

Working with and support business units to meet their risk management obligations via consulting, risk management workshops and audits (CSOX, SOC 1 &2 report analysis, ISO 27002 –NIST gap analysis, IT Governance, Risk and Compliance)

Liaison for IT SOC certification (External Auditors liaison)

In house consultant for IT to set up Cybersecurity risk framework (ISO 27002, NIST framework), including cloud

Assisting IT department for SOC readiness for external certification

Implementing controls for new applications ( Contract Management Systems, Workday, Service Now)

Procurement Audits

Setting up Assurance by Design for IT tool

Audits on key business and IT processes based on the COSO framework.

Facilitate cross-functional workshops to assess the process and enterprise-wide risk profiles and identify mitigation action or improvement opportunities.

Perform testing of business process controls and IT application controls for the company’s annual C SOX certification.

Support reporting on status of action plans to Audit Committee. Identify and evaluate the organization’s risk areas and provide input to the development of the annual audit plan.

Facilitate cross-functional workshops to assess the process and enterprise-wide risk profiles and identify mitigation action or improvement opportunities.

Consult on process design, efficiency and maturity to improve organizational effectiveness.

Communicate the results via written reports and oral presentations to management and board of directors.

Educate, mentor and conduct trainings for on process, risk and governance for IT and Business

SOC 1 and 2 report analysis for enhanced security, setting up controls

Cloud application assessment and audits

Internal Fairness Advisor for procurement.

Achievements

No IT SOC Exceptions

No M365 exceptions

Avoid lift and shift of controls from legacy to cloud applications following a risk based approach

Coaching and mentoring on process and internal controls via workshops and trainings on ISO 27001, SOC reports.

Set up Cybersecurity risk framework training materials

Implementation of best practices in via recommendations

Prioritization of risks via risk workshops

Conduct Enterprise Risk Workshops with executives and develop audit plan.

Conduct Risk assessment workshops to enable IT and business to develop roadmaps.

Redesigned IT, HR and Finance controls for enhanced security for newly implemented cloud applications

Talisman Energy Inc.

IT Controls Analyst (Contract position)

January to November 2014

Job responsibilities

Transition ITGC (IT General Controls) from vendor to in house.

Training and coaching IT team on performing ITGC.

Incorporation and report from Service Now tool (Cloud based tool).

Incorporation of ITGC in Work day application (HR Cloud based application).

Liaison for internal audit, external audit and corporate controls and offshore application teams

(India, Malaysia)

Part of IT Software Improvement Program for transition all IT services in house.

Assist the IT team in performing quarterly reviews, resolve issues.

Process improvement and evidence improvement based on PCAOB guidelines (Public Company Accounting Oversight Board).

Post transition assumed the role of ITGC coordinator.

Key member of all IT cutover services for the IT Service Improvement Program.

Key member for project stage gate reviews.

In house consultant for all IT Controls.

Achievements

Successful transition of all IT General Controls from vendor to in house in 7 months.

Evidence improvement (electronic format) vs manual format.

Trained more than 100 IT personnel, business on IT General Controls

Coaching and Mentoring IT and HR teams on controls and evidence.

Risk assessment and incorporation of ITGC in tools implementation

Quarterly SOX audits completed on time.

Enerflex Ltd.

Audit Advisor

January 2013 to January 2014

Job responsibilities

Conduct CSOX testing across North America and Australia

Conduct IT General Controls testing for Corporate and various sites

Data Analytics for Fraud Detection (Project Manager for selection, introduction and implementation for Case Ware Idea)

Data Conversion audits

Liaison for External audit for IT

Mentor IT and Business team members on Risk

Achievements

Revamped the ITGC testing scripts with controls to provide assurance to management.

Incorporated best practices and help set up process via audit recommendations.

Introduction and championed use of Data Analytics tool for audit ( Duplicate payments, Vendor invoices)

Data Conversion audit. External auditors relied on my tests.

ITGC testing. External auditors relied on my tests. Senior Assurance and Risk Analyst

Penn West Exploration, Calgary, Canada

February 2012 to December 2012

Job responsibilities

Conduct ITGC testing. Penn West listed on both NYSE and TSX

Plan and conduct application reviews within the organization.(Well view/Site View, AFE,PVR,PAS)

Set up Enterprise Risk Framework.

Create Policies, Procedure, and Implement and educate IT and various application team members across organization on Access control, Change management, Release Management.

Mentor team members on Risk concepts

Mentor team members on IT related reviews

Prepare a quick start guide for all new team members

Liaison for external auditor.

In house consultant for high risk projects.(Field Mobile Office)

Develop process and conduct walkthrough with process owner subsequently testing( HR process

: Hiring, Termination, Employee Death, Long Term Retention, Common Shares, Payroll)

Provide feedback on SSAE 16 reports (formerly SAS70) to mitigate risk. Achievements

Implemented efficient processes via recommendations and creating processes and training staff.

Closure pending IT security issues.

Consultant for high risk projects. Member of their core review team. Internal Auditor

Optimal Payments

Calgary Canada

June 2010 to January 2012

Job responsibilities

Plan and conduct information technology, and operational audits for Cambridge (UK) and Calgary offices.(ISO27001, PCIDSS, Business Intelligence)

Assumed the role of audit lead post departure of Director, Internal Audit. Reported directly to the chair of Audit.

Audit planning (risk based approach) 3 year rolling forecast.

Evaluation of controls and assessment of the effectiveness of internal controls in place

Identify inefficiencies and recommend improvements to processes and procedures

Identify and promote the use of best practices within the organization

Prepare reports to communicate audit results and propose recommendations to strengthen internal controls and improve processes

Follow up and report on previous audit findings

Perform related work as assigned by Audit Management Achievements

85% closure of all observations within agreed timeframe.

Member of the Project Development Board where recommendation were incorporated into the project.

Introduced best practices for process efficiency.

Key member for all major projects. Risk based recommendation. August 2009 to May 2010: Relocation to Canada

March 2002 to July 2009

Various Organizations in Singapore

Senior Executive, IT Risk Management (Quality and Security), SMRT Singapore - Aug 2008 to July 2009

Software Process Competency Lead,

Philips Electronics (S) Pet Ltd, Singapore - Dec 2005 to July 2008 Senior SQA Engineer,

Jurong Port Pte Ltd, Singapore - March 2005 to Nov 2005 SQA Engineer

Great Eastern Life Assurance, Singapore - March 2002 to March 2005

Contact this candidate