Akul Tiwari

IT General Controls (ITGC/GITC) & IT Application Controls (ITAC) – Application Security & Database Security Review.

• Championed the development of Risk Control Matrix (RCM) and drafted an Information Request List (IRL/PBC) by identifying the control objectives and control activities for 10+ applications.
• Conducted process walkthroughs with control/process owners to develop radical understanding of IT processes, sub processes and existing controls. Leveraged the business process understanding to perform Test of Design & Implementation (D&I) & Test of Operating Effectiveness (TOE) for ITGC & ITAC in various domains such as access to programs & data, program changes, program development, computer operations as per KPMG Audit Methodology. Performed Information Provided by Entity (IPE) testing for completeness and accuracy and assessed the effectiveness of IT Automated Controls.
• Performed testing of application controls, key reports, interface controls, integrations, segregation of duties, user access review, password configurations, separation of environment, change management, backup and recovery, data migration, batch job scheduling, incident and problem management. Documented the identified exceptions and obtained management response.
• Performed testing of controls for various applications such as SAP, CRM, ServiceNow, Splunk and underlying infrastructure - Operating System (Windows) and Database (Oracle, SQL).

Cyber Maturity Assessment:

• Assessing the current state of the control environment against the NIST CSF requirements to identify any gaps in compliance.
• Providing overall maturity rating and identifying risks due to non-compliance.
• Recommending mitigation procedures to bridge the gaps identified.
• Assisted in preparing compliance graphs based on the assessment performed.
• Preparing a Cyber Maturity Assessment report that details all the gaps identified, corresponding risks and mitigation procedures to be deployed.

Data Privacy & Security:

• Led end to end data privacy implementation program for a leading financial institution of Kuwait.
• Assisted in data privacy engagement which involved GDPR and CBK CSF gap assessment, development of privacy policies, procedures, guidelines and templates relating to Data Breach Management, Data Inventory, Data Retention, Data Anonymization and Pseudonymization, Privacy by Design, and Data Subject Rights for a leading manufacturing company.
• Conducted end to end data privacy engagement for a multinational bank. The scope of the engagement included creation of Data Flow Maps across the data lifecycle for key processes, assessment of current privacy posture of the entity and development of data privacy training and awareness material along with different privacy policies and procedures. He was also responsible for providing recommendations for the gaps identified and have provided a deliverable report of assessment to the client pertaining ISO 27701:2019 (PIMS) certification.
• Assisted a major e-commerce entity with global footprints to enhance their privacy posture by implementing various data privacy policies, guidelines, data subject rights templates and developing consent mechanism framework.
• Assisted a major telecom group company in implementation of data privacy compliance framework covering 20+ data privacy and other relevant sectoral regulations.
• Worked with one of the leading financial services company and was responsible for designing and implementing data protection frameworks, including drafting data privacy policies and related templates such as Data subjects rights form, Privacy notice, Consent form, etc. creating personal data inventories, performing Data Protection Impact Assessment and conducting privacy training sessions for multiple stakeholders within the organization.

Vulnerability Testing:

• Assisted in conducting vulnerability assessments and security reviews through a comprehensive testing process to identifying weaknesses and vulnerabilities within the systems that affect the confidentiality, integrity and availability of electronic protected health information and other sensitive company data.
• Assisted in conducting web application security assessments (e.g., exploiting web app vulnerabilities such as sql injection, cross-site scripting, parameter manipulation, session hijacking).
• Analyze vulnerability test reports and suggest remediation / mitigation plan.
• Update security tools for logging /monitoring, and increasing coverage of existing tools.
• Responsible for executing programs for user awareness, compliance monitoring, and security compliance.
• Use advanced level of understanding in their cyber specialization their general understanding of several cyber related disciplines to investigate and analyze all response activities related to cyber incidents.

• Completing project intake processes to provide proposals to clients for various projects in data privacy domain
• Managing project teams during span of projects and ensuring that client expectations are met
• Managed reporting requirements - quarterly achievements, issues, solutions and, subsequent presentation on higher management meetings
• Hands-on experience and knowledge of privacy and data protection laws such as the GDPR, CCPA, CPRA, UK Data Protection Act, COPPA, HIPPA and other privacy and data protection laws across the globe
• Serving as SME for data privacy projects including privacy survey assessments, reviewing privacy policies etc
• Data Privacy Regulatory Mapping - Provided support to the client, one of the big four accounting firms, by researching and interpreting privacy laws across the globe, and mapping them against privacy controls as per the GDPR to create a risk inventory benefiting the client in transferring data from one jurisdiction to another
• Summarizing those privacy laws to highlight key obligations of the client as data controller/processor
• Also, reviewing and analyzing privacy enforcement actions to maintain a repository of the changes made to the data protection regime
• Privacy Risk Assessment (PIA) - Provided support to the client, one of the largest semiconductor manufacturer in the US, by analyzing risks involved in processing of personal data in various business transactions
• Documenting risks and determining if PIA is required
• Assisted in conducting PIAs
• Privacy Survey Assessment - Assessing the need of privacy surveys based on the nature of personal information collected to comply with data privacy obligations for EMEA region
• Also creating data flow maps for these processes
• DSARs (Data Subject Access Requests) - Managed DSARs for the client, one of the big four accounting firms
• Managed deliverables - 1
• Communicated work product delivery dates to the client
• 2
• Provided set deliverable format using tools such as Excel and Word
• 3
• Ensured our team is meeting review targets and that we are aligned with delivery dates
• 4
• Compiling deliverables in agreed format and sending them to the client
• Corporate Due Diligence - Provided support to the client, a European multinational technology company, in conducting due diligence of multitude of contracts and documentation to assess risks involved in entering into business with another technology support company
• Multiple research projects - Managed teams, created guidance notes and resolved escalations on various legal research projects in various sectors such as data protection regime, banking, IT, health and governmental regulatory regime
• Multiple contracts management projects - Managed teams, created guidance notes and resolved escalations in various contracts management projects involving redlining, negotiation, vetting and abstraction.

• Analysis of US Staffing Agreements (MSAs, Work Orders/Purchase Orders, Marginal Agreements, Agency Referral Agreements etc.) based on company standards and daily negotiations with clients in case of conflicts with company standard clauses
• Providing support to the staffing team in understanding of the Agreements and completing the legal documentation
• Contract Drafting/Vetting; Drafting contracts for the company on daily basis based on the business requirements and based on applicable legal provisions
• Sending them to the client for confirmation
• Negotiations with the client in case of any desired changes from either party's side
• Data Auditing; Making sure that all the executed agreements are in line with the negotiations and the standard accepted terms
• Maintaining a record of all the executed Agreements to review and update the Agreements as per the change in requirements and termination dates.

• Document review: - Analysed and reviewed documents provided by clients related to day to day business transactions for an ongoing litigation and provided support in culling out documents carrying significance in the litigation
• - Raised escalations and managed documents based on daily production targets while maintaining daily production trackers
• - Provided support in managing project deliverable before final delivery
• Contract Lifecycle Management: - Analysed, reviewed and abstracted core provisions of contracts(Dealership agreements, License agreements, MSAs, SLAs, SOWs and other attached amendment agreements and exhibits) provided by clients for compliance purposes
• - Raised daily escalations based on analysis and re-framed the abstractions based on reply provided by the clients
• - Managed contracts and production trackers based on daily production targets - Project deliverable analysis
• Project management and production tool analysis: - Worked on a demo litigation project to analyse and assimilate information on working of the tool, its interface, convenience and response time to provide legible documentation to the company whether to buy the tool for live projects
• - Attended daily calls with the seller to discuss and get clarifications on certain key issues related with the tool.