ANKITA R. GANGAR
***** ******* **, *** *****, CA 92129; ********@*******.***; 513-***-****; LinkedIn Career Summary
Ankita Gangar is an IT Risk and Compliance professional with diverse experience in IT Audit and Risk Management and Software Development. Ankita has worked in a vast range of industries including healthcare, technology, media and entertainment, education, and business services. Ankita collaborates with business and IT leaders to provide strategic directions and solutions to enhance process governance and controls compliance. Ankita’s extensive experience in leading IT governance, operational and compliance assessments, coupled with her ability to develop relationships, work with cross-functional teams and mentor team members enable her to be a trusted partner who delivers successful results.
Professional Experience
Roblox, San Mateo, CA (Remote)
Manager, Global Scaled Operations, Trust & Safety August 2022 - Present
Perform third-party risk management and oversight over BPOs providing customer service (CS) and moderation (MOD) services to Roblox
Perform data processing compliance assessments to ensure BPO contract compliance
Collaborate with internal (GRC, Internal Audit, InfoSec) and external (BPO) to determine corrective actions to address identified security control gaps
Implement automation to address risks associated with provisioning and deprovisioning agent access
Perform BPO spend analysis using invoice estimates by language and location using stratified data of different line of businesses within CS and MOD
Collaborate with BPO program managers to periodically perform reconciliation of active BPO agents and the access they have within Roblox systems and CS and MOD tools
Amgen Inc., Thousand Oaks, CA October 2018 - August 2022 Manager, Corporate IT Audit
Designed and executed enterprise-wide IT governance and technical audits and security risk assessments in various areas of information technology to independently assess maturity levels, identify and mitigate operational and security risks and ensure compliance with leading information security and regulatory frameworks and Amgen-wide standards
Collaborated with all levels of business and IT stakeholders including leadership to develop actionable plans to mitigate risk and remediate identified control gaps and enhance process governance
Managed end-to-end audit lifecycle including audit planning, assessment to identify key risks and applicable control frameworks, scoping, scheduling, resourcing, execution, reporting and upstream/downstream internal and client communications simultaneously for multiple audits and ensured timely completion while working in a fast-paced agile environment
Led implementation of internal department efficiency initiatives including initiatives to expand adoption of data analytics within audits, continuous monitoring of key automated controls and provide periodic reporting to Corporate Audit leadership
Assisted Chief Audit Executive in providing quarterly audit updates to the Chief Financial Officer and Audit Committee
Mentored senior associates and new hires on Amgen’s audit methodology, audit execution, time management and prioritizing tasks, provide IT Audit training to Corporate Audit department
Guided technical and non-technical Amgen stakeholders and vendors globally on Amgen’s audit methodology and compliance requirements to strengthen control governance
EY, Cincinnati, OH/ Los Angeles, CA June 2015 – September 2018 Senior Risk Advisory Consultant
Partnered with audit teams to provide financial audit IT integration support and IT SOX readiness assessments for multiple companies. Responsibilities included audit planning, leading walkthroughs, and testing of IT General Controls (ITGC), business process controls and application controls and documentation following EY’s audit methodology
Led multiple AICPA trust principles (SSAE-18 - SOC1 and SOC2) reporting engagements for clients. Responsibilities included planning engagement, developing testing strategies, mapping controls to trust principles, evaluating design and operating effectiveness of business process and IT general controls, documenting the reports
Managed internal team and client communications and expectations and successfully collaborated with multiple internal and client cross functional teams as part of engagement execution
Worked with management and client teams to develop remediation plans for identified control deficiencies and perform remediation including root cause analysis and financial statement impact analysis and substantive testing
Worked on complex IT environments, with multiple applications, data flows and interfaces and the supporting infrastructure including Windows and Linux operating system platforms, cloud platforms and ERP systems
Developed audit plans including scoping, scheduling, budget, and allocation of resources. Conducted quality review of team fieldwork, trained junior resources on EY methodology and testing procedures, and delivered performance feedback to staff
Worked in a dual-shore environment and managing team of on-shore and off-shore auditors including Staff and Seniors from EY’s Global Delivery Service, coached staff, and client’s Internal Audit team on EY’s audit methodology and SSAE 18 standards throughout the duration of employment
Questec Consulting, Mumbai, India December 2012 – July 2014 Business Analyst/ Database Developer (Client: Kotak Securities)
Worked with IT vendors to implement compliance, automation, and optimization initiatives to reduce turn-around times for key financial systems
Developed dashboards for providing client information to Internal Controls team using Microsoft Analytics suite Education and Certifications
Master of Science, Information Systems June 2014 - December 2015 University of Cincinnati, Carl H. Lindner College of Business, Cincinnati, Ohio Bachelor of Engineering, Electronics and Telecommunication University of Mumbai, Atharva College of Engineering, Mumbai, India August 2007 - June 2011 Certified Information Systems Auditor (CISA) September 2017 - Present Professional Skillset
Frameworks and
Methodologies
COBIT, NIST Cybersecurity, ISO/IEC 27000, AICPA Trust Principles (SSAE 18-SOC 1/2/3), COSO Internal controls, SOX, System Development Life Cycle methodology (Agile and Waterfall), Amgen’s Internal Audit Methodology
Technical Audit Area and
Technology Examples
IT Security – including Access, Vulnerability Management, Data Loss Prevention, Information Classification, etc., Global Data Privacy. Cloud Service Management, Enterprise Cyber Resilience Program (specific to manufacturing), Data Management - Mobile Device and Access Management, Enterprise Data Lake Implementation using AWS and Databricks, etc., Third Party Reviews for key IT Service Providers, Independent Cybersecurity Incident Review, COVID-19 Remote Work Enablement Program, Supply Chain planning system enhancement, IT general controls and application controls review for key financial systems including SAP, Oracle ERP and JDE Software and Languages Microsoft Office Suite 365, ServiceNow, JIRA, Confluence, AuditBoard, Tableau, RPA - Automation Anywhere (Beginner) and UiPath (Currently Learning), Code Readability - MS SQL, Java, .Net, Python