Krishnamohan Kandar

Email: krishnakandar@hotmail.com
Contact: +91-9819573398

Profile Summary:
 Over 4.5 years of progressive experience in Governance Risk & Compliance (GRC) Consulting, IT General Controls Audit
(ITGC), Internal Audit, IT SOX, Pre-Sales, Business Development and Service Delivery in the IT Industry
 Well versed in Industry standards and frameworks such as ITIL v3, COBIT, complimented by certifications in ISO
27001:2013 Lead Auditor, ITIL v3 Foundation and Six Sigma Green Belt.
 Certified Information Systems Auditor (CISA)
 Well versed with international standards such as SOX, GxP, EU Data Protection Directive 95/46/EC, PCI-DSS, SSAE 16 SOC
I/II reports, HIPAA
 Well versed with Incident Management & Change Management processes

Professional Snapshot:
Deloitte Touché Tohmatsu India Private Limited, Mumbai (12 Months) February 2016 – Present
Designation: Assistant Manager – Enterprise Risk Services
Key Responsibilities:
 Performed General IT Controls testing for financial critical applications. Scope of audit consisted of areas related
to Data Center and Network Operations, Access Security, Program Change, and Application system acquisition,
development, and maintenance. Testing included Design and Operating Effectiveness evaluation of Applications,
Databases & Operating Systems
 Performed Interface testing between applications and identified automated controls to be leveraged by the
Statutory Audit Team.
 Conducted Walkthrough, Process Flows created by using Microsoft Visio, Extensive and Accurate documentation
of Audit Procedures.
 Involved walkthrough meetings and understanding of the core IT processes.
 End user awareness of the controls framework.
 Rationalization of redundant controls, recommending control frequencies and identifying the control owners
 Created high level Flowcharts /Process flows for its Core IT processes and identified control points
SOx Controls Testing for a major Financial Services Provider based out of UK:
 Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for
SOx reviews.
 Identified key controls, assessed controls for design deficiencies, and updated process.
 Scheduled testing of operating effectiveness in compliance with tests plans.
 Detected operating deficiencies and proposed ways to remediate control failures.

HCL Technologies, Noida (19 Months) May 2014 – January 2016

Role: GRC Consultant
Responsibilities include handling deals from various verticals and geographies, understanding the scope from a GRC, BCP/DR
and Information Security standpoint, coordinating with various teams to provide an optimum solution that would be
compliant with standards, best practices and meeting all security requirements as stated.

IT Audits:
 Aligning the controls to the regulatory compliance requirements i.e. IT SOX 404, PCI DSS
 Performed IT SOX testing for Change Management, User Access Management, Backup & Recovery areas
 Identified key controls, assessed controls for design deficiencies, and updated process
 Rationalization of redundant controls, recommending control frequencies and identifying the control owners
 Scheduled testing of operating effectiveness in compliance with tests plans
 Created high level Flowcharts /Process flows for its Core IT processes and identified control points
 Review of SSAE 16 reports
Pre-Sales:
 Part of Center of Excellence (CoE), responding to Request for Proposals (RFPs), extracting the data associated
with regards to information security, data privacy, compliances, audits, disaster recovery, business continuity,
process automation
 Preparing the solutions/implementing controls based on best industry standards like ISO 27001, COBIT, ISO
31000, ISO 22301, etc.
 Provide inputs on resourcing, sizing and budgeting as per deal size, customer environment along with effort
estimation
 Representing GRC team for solution defense, proof of concepts and bids
 Preparing transition plans which includes the approach methodology, detailed activities, time frame and
resources required to complete them
 Collaborating and working with different resolver groups to resolve a query from sales personnel and take it to
logical conclusion

Capability Development: Data Privacy Framework

Role: Lead a team to develop a Data Privacy Framework for HCL Technologies.
 Understand the underlying concepts of privacy and study in detail the principles of data privacy
 Study of existing privacy frameworks followed across the globe
 Deriving areas specific to strategic, tactical and operational layers to implement data privacy
 Detailing of each areas to determine coverage points and its components
 Advising on technology solutions wherever applicable
 Develop an assessment methodology to assist in implementation of data privacy framework

CapGemini India Pvt. Ltd. (24 months) July 2010 – June 2012
Role: Consultant/Application Technical Manager

Project: Major Oil Services Company based out of Oslo, Norway

The said client is a leading global provider of engineering and construction, technology products, execution, service and
integrated solutions headquartered in Oslo. The project involves managing and testing engineering applications, change
management, release management, etc.
Responsibilities include:
 Handling change requests raised by the users with regards to different applications
 Coordinating with the users/technical support people to know the impact of the release
 Maintained reports for all change requests and monitor all metrics impacting business
 Handling communications with the end users, change management, server management, and experts for the
different applications
 Handling license procurement and application upgrades from vendor
 Coordinate the Change Release Board (CRB) meetings and Change Advisory Board (CAB) meetings
 Release new versions/new applications among the users
 Prepare release strategy; implement the same as agreed with the client
 Testing of software applications as a part of initial assessment
 Act as a third line support person and solve incidents raised by the users
 Coordinate with the problem management staff to identify the root cause of the issue and provide input

Internship:
High Mark Credit Information Services PVT. LTD. (3 Months) May 2013 – July 2013
Role: Process Consultant
Project: Implementation of ITIL Processes of Change Management & Incident Management
 Conduct discussions with various teams in the company about the current process for handling changes and incidents.
 Prepare a broad level Framework on both the Processes considering High Mark policies
 Prepare a detailed process flow for both the processes which contained the various phases of a change or incident
and also define various roles for the same.
 Align the processes to ISO Standards and COBIT
Education:
Welingkar Institute of Management Development & Research
 Post Graduate Diploma in Management (PGDM) E-Business: Specialization – Operations

Vidyalankar Institute of Technology – Mumbai University

 Bachelors of Engineering in Information Technology

Personal Information:

Date of Birth: 12-Sep-1987

Nationality: Indian
Gender: Male
Marital Status: Single
Permanent Address: 301/A, Shikhar Apts., Gokuldas Pasta Rd., Dadar (E), Mumbai – 400014
Languages known: English, Hindi, Bengali and Marathi