Associate (Risk Consulting)

IT Controls & Compliance Leadership

​

• End-to-End IT General Controls (ITGC) Reviews:

  • Spearheaded ITGC audits across Financial Services, Healthcare, Oil & Gas, and Telecom sectors, covering:

    • Access Controls: User provisioning/deprovisioning, role-based access reviews, Segregation of Duties (SoD) analysis, dormant account management.

    • Change Management: SDLC controls, patch deployment validation, unauthorized change detection.

    • Security & Operations: ISMS policy compliance, logical/physical security audits, network security controls, data backup integrity.

  • Developed standardized testing methodologies and documentation frameworks to streamline audits.

​

​

Enterprise Application & Risk Mitigation

​

• ERP & Database Controls:

  • Conducted SAP GRC implementations and application audits (focus on Order-to-Cash, Billing, Pricing modules).

  • Evaluated UI Masking solutions for data privacy compliance.

• Fraud & Non-Compliance Prevention:

  • Identified business process risks (e.g., revenue leakage, unauthorized access) and designed mitigation controls.

  • Performed IT Application Controls (Automated Controls) testing for critical business modules.

​

Data-Driven Risk Analytics

​

• Advanced GRC Monitoring:

  • Designed Power BI dashboards to automate control testing and visualize risk trends (e.g., access violations, change approval delays).

  • Leveraged data analytics to detect anomalies (e.g., abnormal login times, excessive privilege usage).