Professional Documents
Culture Documents
Email: krishnakandar@hotmail.com
Contact: +91-9819573398
Profile Summary:
Over 4.5 years of progressive experience in Governance Risk & Compliance (GRC) Consulting, IT General Controls Audit
(ITGC), Internal Audit, IT SOX, Pre-Sales, Business Development and Service Delivery in the IT Industry
Well versed in Industry standards and frameworks such as ITIL v3, COBIT, complimented by certifications in ISO
27001:2013 Lead Auditor, ITIL v3 Foundation and Six Sigma Green Belt.
Certified Information Systems Auditor (CISA)
Well versed with international standards such as SOX, GxP, EU Data Protection Directive 95/46/EC, PCI-DSS, SSAE 16 SOC
I/II reports, HIPAA
Well versed with Incident Management & Change Management processes
Professional Snapshot:
Deloitte Touché Tohmatsu India Private Limited, Mumbai (12 Months) February 2016 – Present
Designation: Assistant Manager – Enterprise Risk Services
Key Responsibilities:
Performed General IT Controls testing for financial critical applications. Scope of audit consisted of areas related
to Data Center and Network Operations, Access Security, Program Change, and Application system acquisition,
development, and maintenance. Testing included Design and Operating Effectiveness evaluation of Applications,
Databases & Operating Systems
Performed Interface testing between applications and identified automated controls to be leveraged by the
Statutory Audit Team.
Conducted Walkthrough, Process Flows created by using Microsoft Visio, Extensive and Accurate documentation
of Audit Procedures.
Involved walkthrough meetings and understanding of the core IT processes.
End user awareness of the controls framework.
Rationalization of redundant controls, recommending control frequencies and identifying the control owners
Created high level Flowcharts /Process flows for its Core IT processes and identified control points
SOx Controls Testing for a major Financial Services Provider based out of UK:
Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for
SOx reviews.
Identified key controls, assessed controls for design deficiencies, and updated process.
Scheduled testing of operating effectiveness in compliance with tests plans.
Detected operating deficiencies and proposed ways to remediate control failures.
IT Audits:
Aligning the controls to the regulatory compliance requirements i.e. IT SOX 404, PCI DSS
Performed IT SOX testing for Change Management, User Access Management, Backup & Recovery areas
Identified key controls, assessed controls for design deficiencies, and updated process
Rationalization of redundant controls, recommending control frequencies and identifying the control owners
Scheduled testing of operating effectiveness in compliance with tests plans
Created high level Flowcharts /Process flows for its Core IT processes and identified control points
Review of SSAE 16 reports
Pre-Sales:
Part of Center of Excellence (CoE), responding to Request for Proposals (RFPs), extracting the data associated
with regards to information security, data privacy, compliances, audits, disaster recovery, business continuity,
process automation
Preparing the solutions/implementing controls based on best industry standards like ISO 27001, COBIT, ISO
31000, ISO 22301, etc.
Provide inputs on resourcing, sizing and budgeting as per deal size, customer environment along with effort
estimation
Representing GRC team for solution defense, proof of concepts and bids
Preparing transition plans which includes the approach methodology, detailed activities, time frame and
resources required to complete them
Collaborating and working with different resolver groups to resolve a query from sales personnel and take it to
logical conclusion
CapGemini India Pvt. Ltd. (24 months) July 2010 – June 2012
Role: Consultant/Application Technical Manager
Internship:
High Mark Credit Information Services PVT. LTD. (3 Months) May 2013 – July 2013
Role: Process Consultant
Project: Implementation of ITIL Processes of Change Management & Incident Management
Conduct discussions with various teams in the company about the current process for handling changes and incidents.
Prepare a broad level Framework on both the Processes considering High Mark policies
Prepare a detailed process flow for both the processes which contained the various phases of a change or incident
and also define various roles for the same.
Align the processes to ISO Standards and COBIT
Education:
Welingkar Institute of Management Development & Research
Post Graduate Diploma in Management (PGDM) E-Business: Specialization – Operations
Personal Information: