Deeksha Kashyap
IT Compliance Specialist
Dabolim,GA
Summary
9 years of experience in Technology Audit which includes multiple compliance testing covering Third-party risk assessment, Compliance management, IT Risk Management, Internal Audit and External Audit. Audits performed on IT controls across Health-care industries, IT services, Digital Media, Banking, and financial industries.
Overview
9
9
years of professional experience
3
3
Certifications
Work History
Compliance Specialist IV
Rackspace Technology
01.2024 - Current
- Maintained PCI compliance throughout the organisation.
- Designed and delivered comprehensive security-awareness training programs, including sessions on the NIST CSF Framework for over 100 professionals, to strengthen organizational understanding of cybersecurity controls and promote a culture of security compliance.
- Led the transition from PCI 3.2.1 to PCI 4.0 throughout the organisation for maintaining compliance.
- Collaborated extensively with the relevant stakeholders to make them understand the new requirements and helped them implement the same.
- Prepared and led the SOC audit with the external auditors which resulted in on time SOC report processing. with no findings. Received accolades for exceptional Stakeholder management.
- Worked on identifying gaps within the policies as per the compliance framework and led the project. to mitigate those in policies and further in procedures and system environment.
- Currently working on PCI audit for current year compliance as per new requirements of PCI 4.0.
- Managed cross-functional compliance projects from initiation to closure, including the PCI 3.2.1 to PCI 4.0 transition, ensuring adherence to timelines, resource allocation, and risk mitigation across global teams.
Audit Manager – Governance Risk and Compliance
Commonwealth Bank of Australia
01.2022 - 01.2024
- Performed third party risk assessment for vendors based on services provided and led TPRM for very high- and high-risk suppliers globally across areas including Access Management, Change Management, IT Service Continuity, Business Continuity, Cyber Risk, Operational Security, and Data Retention policies; validated compliance with data retention requirements and published assessment reports with conclusions, observations, and action plans to mitigate risks.
- Reviewed SOC reports from supplier and published the assessment results to provide visibility of the suppliers' environment to the management.
- Assessed and reviewed all IT general controls and cyber controls, including Cloud Security controls such as identity and access management, encryption, network segmentation, and threat detection in cloud environments (e.g., AWS, Azure) that were owned and operated by the vendor. Managed more than five vendors at a given point in time, ensuring compliance with security standards across cloud-based services. Achieved and exceeded expectations on KPIs.
- Working within CBA Internal Audit team and performing and managing audits around IAM, Encryption, cyber controls, IT general controls and supplier governance on multiple audits like Transaction Monitoring and Network perimeter.
IT COSO Consultant
Wells Fargo
06.2020 - 01.2022
- Supported internal IT audit function and performed COSO testing of key IT General Controls (ITGC) and IT Application Controls (ITAC), including design effectiveness and operating effectiveness assessments.
- Performed risk analysis for new in-scope applications, created risks/controls, and executed the controls for those applications to support the compliance and regulatory based audits.
- Performed reviews for IT General Controls for areas including Manage Access, Manage Change, Manage Operations and Application controls including Interface, Configuration, Validation, Authorization and Edit Checks.
- Conducted in-house knowledge sharing sessions for imparting knowledge on basics of IT audits, IT general controls, IT application controls, Issue validations and testing documentation standards.
- Assisted leadership in managing various internal compliance activities, conducting compliance huddles and facilitating onboarding activities for new joiners.
Associate Consultant
EY
06.2017 - 06.2020
- Experience in Risk Advisory domain, largely focused on Financial Audits and Internal Audit (IA) engagements, performed independent and IA reliance testing of IT general and application controls, including evaluation of design and operating effectiveness of controls while preparing SOC 1 and SOC 2 reports for multiple IT services firm, airline services and power sector firm basis SSAE 18 standards.
- Experienced in testing HIPPA compliance across health care industry.
- Performed PCI DSS compliance testing for health care clients.
- Assisted in preparing Standard Operating Procedure of Quality management system and performing Quality Audit for a leading destination management company as per ISO 2001:9001 standard; Performed vendor Risk Management for a major professional services firm focusing on Information Security.
- Reviewed and executed controls pertaining to Logical & Physical Access and Environmental controls while performing SOC1 audit for an IT giant with thirty-five in-scope locations across the globe in a team of five individuals:
Education
B.Tech - Information Technology
Skills
IT audit and risk assessment, GRC Tools expertise - Secureframe, Archer, Service Now, Vendor Risk Management, Project Management, Internal Audit, External IT Audit, PCI DSS, SOC, HIPPA Compliance Management
Certification
CISA
Timeline
Compliance Specialist IV
Rackspace Technology
01.2024 - Current
Audit Manager – Governance Risk and Compliance
Commonwealth Bank of Australia
01.2022 - 01.2024
IT COSO Consultant
Wells Fargo
06.2020 - 01.2022
Associate Consultant
EY
06.2017 - 06.2020