About
IT Audit and GRC professional with 3.5 years of experience in ITGC, ITAC, SOX 404 compliance, ISO 27001, risk management, and third-party risk assessments. Strong exposure to control testing (TOD & TOE), audit fieldwork, evidence validation, and compliance documentation across applications, infrastructure, and vendor environments. Proven ability to support end-to-end audits, collaborate with stakeholders, and strengthen IT control effectiveness and security posture.
Skills & Expertise (11)
Work Experience
IT Auditor
Tech Mahindra
May 2021 - Nov 2024
Performed IT audit activities covering ITGC, ITAC, and SOX 404 controls for in-scope applications and infrastructure. Performed end-to-end control testing, including walkthroughs, Test of Design (TOD), and Test of Operating Effectiveness (TOE). Reviewed logical access controls, including user provisioning, de-provisioning, privileged access reviews, and periodic access certifications. Assessed change management controls by validating RFCs, approvals, impact analysis, UAT evidence, and deployment records. Performed IT operations control testing such as incident management, backup monitoring, job scheduling, and recovery testing. Worked on Sampling methodologies to select test samples and documented testing results in structured audit workpapers. Conducted ISO 27001 control assessments, focusing on access control, asset management, incident management, and business continuity domains. Supported risk assessment activities by identifying IT risks, mapping controls, and documenting mitigation measures. Performed Third-Party Risk Management (TPRM) reviews, including assessment of vendor security questionnaires, SOC 2 reports, and policy documents. Verified the presence of mandatory vendor documents such as SOC 2 reports, NDAs, MSAs, and security commitments. Reviewed SOC 2 Type II reports to identify control gaps and assess reliance on third-party services. Validated security control implementation, including MFA enforcement, password configurations, endpoint protection, DLP and firewall access rules. Coordinated with application owners, infrastructure teams, and control owners to collect and validate audit evidence. Documented control deficiencies, observations, and audit findings, supporting audit reporting and issue tracking. Assisted in follow-up testing to verify remediation of audit findings and update closure status. Maintained audit documentation including RCMs, evidence trackers, risk registers, and compliance records. Supported preparation of audit summaries and reports for internal reviews and stakeholder discussions.
Education
B.Tech - Raghu Institute of Technology
- · Afghanistan
