Information Security Accounting

Location:

Posted:

December 09, 2020

Resume:

SUMMARY:

• Approximately ** years of experience in Sox Assessment, ERP Systems, and Internal audit, external audit with public accounting firms like and Grant Thornton LLP & IT SOX Audit field and Project Management.

• Worked for many engagements involving SOX IT control design, testing, and remediation.

• Expertise in both Financial and IT SOX controls audit.

• Excellent knowledge of audit practices, accounting policies such as the Security and Exchange Commission (SEC) reporting requirements, Section 404, Sarbanes –Oxley Act of 2002, and PACOB guidelines reporting requirements and processes.

• Familiarity with COSO, ISO 27001, and COBIT control framework, SSAE 16, SOC, and GRC.

• Worked on projects for a leading FMCG Group internationally; in Indonesia and Vietnam and the United States as a part of Sarbanes-Oxley (SOX) Assessment purposes and as well as dealing with Big4 company audits (KPMG and Grant Thornton).

• Excellent analytical, audit documentation, inter personal and written/verbal communication skills.

• Eagerness to learn in diverse areas, as well as possess strong ability to work independently to produce desired results.

• Strong analytical skills and ability to effectively prioritize and coordinate multiple deliverables simultaneously

TECHNICAL SKILLS:

Proficient in the use of PC and various software including Excel, Word, Access, MS Visio Flowcharting, Audit software – Audit Board, Multiple operating systems, networks, databases, and ERP systems, etc.

EDUCATION:

Master of Business Administration (MBA), August 2015 to August 2016 – Trine University – Indiana, USA.

Qualified Chartered Accountant from ICAI (Institute of Chartered Accountants of India), November 2012.

Bachelor of Commerce, March 2008

PROFESSIONAL EXPERIENCE:

Grant Thornton LLP, Dallas, Texas Aug 2019 to till date

Role: Sr.IT Auditor

Working as an Sr.IT Auditor for Grant Thornton LLP, which is a public accounting firm. And I have involved in audits for different clients who are into the trucking industry, construction business, Banking, Manufacturing, Energy Infrastructure service, nation’s largest independent broker dealer, client company to market end-to-end online supply chain solution for both consumers and dealers in the motor cycle market. and health insurance. Mostly worked independently for all clients and reporting the audit results to the Senior Director level management and received appraisal from national-level partners form public accounting firms concerning my job performance.

Responsibilities:

• Managing multiple projects simultaneously, which are into different industrial sectors both for Interim & Roll Forward audit periods by adhering to PACOB guidelines, while handling walkthrough meetings independently in the position of Sr.IT Auditor for all IT general controls and reporting the audit results directly to the senior management.

• Involved in training team members at junior level whenever they face any challenges during the period of audit execution.

• Evaluate the effectiveness of clients’ information-processing controls across industries and business process cycles.

• Get strong knowledge and understanding of business strategies, challenges, and risks by proactively developing business partnerships with management, as well as maintaining a strong presence with management.

• Plan and execute IT-related audit engagements and risk assessments with a focus on strategic, operational, and regulatory risks.

• Updated the IT policies and procedures that support ITGCs and the risk control matrix.

• Developed the test plans for key ITGCs and identified the evidence required to test the key controls.

• Constructed RACMs-Risk & Control Matrices (Mapping of risks to controls) and Planning and executing structured walkthroughs to ensure correct mapping of process, relevant documentation, risk identification, and adequate controls for SOX purposes.

• Formulated detailed Test Sheets based on test details/results, generating separate reports explaining deficiencies, and proposing remediation plans for SOX purposes.

• Collaborate very closely with the finance and IT teams and align internal control initiatives.

• Involved in Communicating IT audit findings and suggesting remedial actions to the process owners.

• Build and maintain effective relationships with the business areas, including understanding changes to business processes and procedures, and discusses the impact on the control environment.

• keep abreast of emerging technologies with the IT environment and help in developing audit plans to counter whatever risks that might be associated with the application of such technologies.

• Add value to and improve the efficiency and effectiveness of the business and the IT audit function by leading best practices for standards and procedures

Equinox IT Solutions LLC.

Client: Nitto, Inc. Lakewood, New Jersey Feb 2018 to July2019

Role: Sr.IT Auditor

Worked for different clients through Equinox IT Solutions LLC, for some clients as an external auditor and for some clients worked as an internal auditor. Nitto, Inc.’s Lakewood, NJ facility is a premier manufacturer of acoustic, structural and sealing materials for the automotive industry. Nitto, Inc. also manufactures pressure sensitive tapes used in the electrical, electronic, automotive, and aerospace industries.

Responsibilities:

• Evaluate the effectiveness of clients’ information-processing controls across industries and business process cycles.

• Plan and execute IT-related audit engagements and risk assessments with a focus on strategic, operational, and regulatory risks.

• Conducted meetings & discussions on best practices and Sarbanes-Oxley requirements with internal audit, IT operations, and development team.

• Updated the IT policies and procedures that support ITGCs and the risk control matrix.

• Developed the test plans for key ITGCs and identified the evidence required to test the key controls.

• Performed annual independent testing of key controls, monitored status, and continuous follow up with the business process owners/application owners.

• Ensured that the IT Security programs are in place and followed both domestically and internationally and responsible for Self-Assessment for regulatory requirements (i.e., PCI, SOX).

• Formulated detailed Test Sheets based on test details/results, generating separate reports explaining deficiencies, and proposing remediation plans for SOX purposes.

• Collaborate very closely with the finance and IT teams and align internal control initiatives.

• Assisted with the oversight, guidance, and training on SOX and internal control procedures to the IT Process Owners.

• Involved in Communicating IT audit findings and suggesting remedial actions to the process owners.

• Build and maintain effective relationships with the business areas, including understanding changes to business processes and procedures, and discusses the impact on the control environment.

• keep abreast of emerging technologies with the IT environment and help in developing audit plans to counter whatever risks that might be associated with the application of such technologies.

• Add value to and improve the efficiency and effectiveness of the business and the IT audit function by leading best practices for standards and procedures

• Provide leadership to the team in achieving internal process improvement, effectiveness, and greater levels of competency

Saibersys Inc September 2016 to January2018

Role: Senior IT Auditor/SOX Auditor (For Risk Assessment and Sarbanes Oxley Process Implementation)

Worked for Saibersys Inc as an IT Auditor for conducting audits for different clients within the US.

• Conducted IT audits for Sarbanes-Oxley (SOX) compliance as an internal IT auditor.

• Conducted meetings & discussions on best practices and Sarbanes-Oxley requirements with internal audit, IT operations, and development team.

• Updated the IT policies and procedures that support ITGCs and the risk control matrix.

• Tested in-scope applications ITGC controls, including user access, interface, change management, backup, segregation of duties, and other security controls as required.

• Identified the evidence required to test the key controls.

• Developed the test plans for key ITGCs.

• Involved in Communicating open risks and suggesting remedial actions to the process owners.

• Guided in resolving audit findings and ensured the closure of all high-risk issues on a timely basis and evaluated the impact of business change/reengineering efforts on information security controls.

Capgemini June 2013 to Feb 2015

Role: Senior SOX Audit Consultant (For Risk Assessment and Sarbanes Oxley Process Implementation)

Worked for Capgemini as a senior consultant for its MAS (Management Assurance Services) department and performed SOX assessment for complying SOX section 404 requirements for public companies which are into different industrial sectors like manufacturing, food chain business having business worldwide and traveled to different countries to the client locations as part of the audit purpose. Apart from SOX assessment engagement involved in SAS-70 assessment as well.

Responsibilities:

• Performed annual independent testing of key controls, monitored status, and continuous follow up with the business process owners.

• Involved in recognition of key controls based on scope and risk mitigation, testing using statistical sampling methods, and ascertaining operating deficiencies.

• Assessed controls identified to conclude operating effectiveness.

• Formulated detailed Test Sheets based on test details/results, generating separate reports explaining deficiencies, and proposing remediation plans for SOX purpose.

• Assisted with the oversight, guidance, and training on SOX and internal control procedures to the Business Process Owners.

• Involved in Communicating open risks and suggesting remedial actions to the process owners.

• Created flowcharts and Standard Operating Procedures (SOP) for various business processes including General Accounting & Reporting, Procure to Pay, Cash & Bank, Payroll and Taxation, etc. for clients.

• Worked on SAP ECC & GRC concerning several business processes as a part of performing the testing of both preventive and detective key process controls

Other Assignments:

• Unilever ESIM (Shared Service Centre, Bangalore):

Performed assessment of controls for Global Master Data management Centre at Bangalore managing data for more than 22 countries in Asia, as well as Africa and Australia.

• SAS-70 assessment and Compliance assistance:

Bunge SAS-70 (KPMG Client): Conducted assessment of controls on behalf of KPMG (BIG 4) for Bunge client offshore for Accounts Receivable and Accounts Payable controls.

• Maintenance of ARIS Process Platform for a leading Manufacturing and FMCG Group globally:

Managed discussions with Process Owners and End-Users to understand the existing process and accordingly re-design/modify the regional Business flows in the ARIS (Architecture for Integrated Information System) Tool using MS-VISIO software.

TATA & ASSOCIATES, Vijayawada, India April 2011 to May 2013

Role: Internal Auditor

Tata & Associates is an audit firm, and through which worked for different clients which are into different industrial sectors like manufacturing, banking, construction.

• Lead reviews of operational and Informational technology security controls engagements to identify and reduce business risks and maximize process efficiencies.

• Conducted risk assessment of business processes across all functions and departments. Identified the business processes or areas that were key and subject to high-risk exposure.

• Prepared planning documentation (i.e., narratives, flowcharts, interviews) for business processes following IIA standards.

• Finalized the scope of coverage, audit programs, and timeline across business processes or areas in consultation with management.

• Performed fieldwork comprised of interviews and performed substantive audit procedures to meet the audit objective of the area under audit based on audit programs.

• Identified gaps and issues noted in the area under audit and ensured that the gaps/issues are supported with adequate audit evidence (as applicable).

Punnaih & Co Chartered Accountants, Vijayawada, India

Role: Trainee Auditor (Internship) September 2007 to March 2011

Worked for Punnaih & co audit firm as an article assistant while pursuing my chartered accountancy and exposed to different audit clients.

• Conducted risk assessment of business processes across all functions and departments. Identified the business processes or areas that were key and subject to high-risk exposure.

• Prepared planning documentation (i.e., narratives, flowcharts, interviews) for business processes following IIA standards.

• Finalized the scope of coverage, audit programs, and timeline, across the client's business processes or areas in consultation with management.

• Performed fieldwork comprised of interviews and performed substantive audit procedures to meet the audit objective of the area under audit based on audit programs.

• Identified gaps and issues noted in the area under audit and ensured that the gaps/issues supported with adequate audit evidence (as applicable).

• Drafted the initial audit report for the business process or area under the audit and obtain inputs/justifications or explanations for the gaps or issues noted.

• Finalized the audit report along with justification, recommendations plan for the gaps/issues noted.

• Performed follow-up of the issues/gaps reported and ensured that the gaps/issues resolved in line with the remediation/rectification plan agreed.

Contact this candidate