Resume: Gitanjali Ramamurthy (Gita)
Educational Qualifications:
Master’s in Business Administration (Major in Information Technology and Finance) ICFAI Business School, New Delhi, India
Trainings and Certifications:
CISA
CRISC
Attended and passed Information Security Management Systems Lead Auditor Course BS ISO/IEC 27001:2005 (Certified by IRCA)
CMMi Assessor training by QAI and SEI Carnegie Mellon University
Supplier Risk Management training by Philips
Service Now GRC and IT Controls set up
Work Day Audit
Certified Green Belt Training by Philips and General Electric
ITIL V3 Foundation Certificate
Green Belt Certificate from Philips
Project Management by PMI registered institute, Singapore
CCAK (Pursuing)
CDPSE (Pursuing)
CSX (Cybersecurity Foundation)
Professional Experience
Alberta Electric System Operator (AESO)
Senior Audit Advisor
May 2016- Present
Job responsibilities
Working with and support business units to meet their risk management obligations via consulting, risk management workshops and audits (CSOX, SOC 1 &2 report analysis, ISO 27002 –NIST gap analysis, IT Governance, Risk and Compliance)
Liaison for IT SOC certification (External Auditors liaison)
In house consultant for IT to set up Cybersecurity risk framework (ISO 27002, NIST framework), including cloud
Assisting IT department for SOC readiness for external certification
Implementing controls for new applications ( Contract Management Systems, Workday, Service Now)
Procurement Audits
Setting up Assurance by Design for IT tool
Audits on key business and IT processes based on the COSO framework.
Facilitate cross-functional workshops to assess the process and enterprise-wide risk profiles and identify mitigation action or improvement opportunities.
Perform testing of business process controls and IT application controls for the company’s annual C SOX certification.
Support reporting on status of action plans to Audit Committee. Identify and evaluate the organization’s risk areas and provide input to the development of the annual audit plan.
Facilitate cross-functional workshops to assess the process and enterprise-wide risk profiles and identify mitigation action or improvement opportunities.
Consult on process design, efficiency and maturity to improve organizational effectiveness.
Communicate the results via written reports and oral presentations to management and board of directors.
Educate, mentor and conduct trainings for on process, risk and governance for IT and Business
SOC 1 and 2 report analysis for enhanced security, setting up controls
Cloud application assessment and audits
Internal Fairness Advisor for procurement.
Achievements
No IT SOC Exceptions
No M365 exceptions
Avoid lift and shift of controls from legacy to cloud applications following a risk based approach
Coaching and mentoring on process and internal controls via workshops and trainings on ISO 27001, SOC reports.
Set up Cybersecurity risk framework training materials
Implementation of best practices in via recommendations
Prioritization of risks via risk workshops
Conduct Enterprise Risk Workshops with executives and develop audit plan.
Conduct Risk assessment workshops to enable IT and business to develop roadmaps.
Redesigned IT, HR and Finance controls for enhanced security for newly implemented cloud applications
Talisman Energy Inc.
IT Controls Analyst (Contract position)
January to November 2014
Job responsibilities
Transition ITGC (IT General Controls) from vendor to in house.
Training and coaching IT team on performing ITGC.
Incorporation and report from Service Now tool (Cloud based tool).
Incorporation of ITGC in Work day application (HR Cloud based application).
Liaison for internal audit, external audit and corporate controls and offshore application teams
(India, Malaysia)
Part of IT Software Improvement Program for transition all IT services in house.
Assist the IT team in performing quarterly reviews, resolve issues.
Process improvement and evidence improvement based on PCAOB guidelines (Public Company Accounting Oversight Board).
Post transition assumed the role of ITGC coordinator.
Key member of all IT cutover services for the IT Service Improvement Program.
Key member for project stage gate reviews.
In house consultant for all IT Controls.
Achievements
Successful transition of all IT General Controls from vendor to in house in 7 months.
Evidence improvement (electronic format) vs manual format.
Trained more than 100 IT personnel, business on IT General Controls
Coaching and Mentoring IT and HR teams on controls and evidence.
Risk assessment and incorporation of ITGC in tools implementation
Quarterly SOX audits completed on time.
Enerflex Ltd.
Audit Advisor
January 2013 to January 2014
Job responsibilities
Conduct CSOX testing across North America and Australia
Conduct IT General Controls testing for Corporate and various sites
Data Analytics for Fraud Detection (Project Manager for selection, introduction and implementation for Case Ware Idea)
Data Conversion audits
Liaison for External audit for IT
Mentor IT and Business team members on Risk
Achievements
Revamped the ITGC testing scripts with controls to provide assurance to management.
Incorporated best practices and help set up process via audit recommendations.
Introduction and championed use of Data Analytics tool for audit ( Duplicate payments, Vendor invoices)
Data Conversion audit. External auditors relied on my tests.
ITGC testing. External auditors relied on my tests. Senior Assurance and Risk Analyst
Penn West Exploration, Calgary, Canada
February 2012 to December 2012
Job responsibilities
Conduct ITGC testing. Penn West listed on both NYSE and TSX
Plan and conduct application reviews within the organization.(Well view/Site View, AFE,PVR,PAS)
Set up Enterprise Risk Framework.
Create Policies, Procedure, and Implement and educate IT and various application team members across organization on Access control, Change management, Release Management.
Mentor team members on Risk concepts
Mentor team members on IT related reviews
Prepare a quick start guide for all new team members
Liaison for external auditor.
In house consultant for high risk projects.(Field Mobile Office)
Develop process and conduct walkthrough with process owner subsequently testing( HR process
: Hiring, Termination, Employee Death, Long Term Retention, Common Shares, Payroll)
Provide feedback on SSAE 16 reports (formerly SAS70) to mitigate risk. Achievements
Implemented efficient processes via recommendations and creating processes and training staff.
Closure pending IT security issues.
Consultant for high risk projects. Member of their core review team. Internal Auditor
Optimal Payments
Calgary Canada
June 2010 to January 2012
Job responsibilities
Plan and conduct information technology, and operational audits for Cambridge (UK) and Calgary offices.(ISO27001, PCIDSS, Business Intelligence)
Assumed the role of audit lead post departure of Director, Internal Audit. Reported directly to the chair of Audit.
Audit planning (risk based approach) 3 year rolling forecast.
Evaluation of controls and assessment of the effectiveness of internal controls in place
Identify inefficiencies and recommend improvements to processes and procedures
Identify and promote the use of best practices within the organization
Prepare reports to communicate audit results and propose recommendations to strengthen internal controls and improve processes
Follow up and report on previous audit findings
Perform related work as assigned by Audit Management Achievements
85% closure of all observations within agreed timeframe.
Member of the Project Development Board where recommendation were incorporated into the project.
Introduced best practices for process efficiency.
Key member for all major projects. Risk based recommendation. August 2009 to May 2010: Relocation to Canada
March 2002 to July 2009
Various Organizations in Singapore
Senior Executive, IT Risk Management (Quality and Security), SMRT Singapore - Aug 2008 to July 2009
Software Process Competency Lead,
Philips Electronics (S) Pet Ltd, Singapore - Dec 2005 to July 2008 Senior SQA Engineer,
Jurong Port Pte Ltd, Singapore - March 2005 to Nov 2005 SQA Engineer
Great Eastern Life Assurance, Singapore - March 2002 to March 2005