Garima Barsaiyan

• As the Deputy General Manager for User Access Management Compliance, I play a pivotal role in ensuring the integrity and security of our organization's access management systems
• With a strong focus on compliance, I oversee the implementation and maintenance of robust access controls, ensuring that all user access aligns with regulatory requirements and internal policies
• Key Responsibilities:
• Compliance Oversight: Lead the development and enforcement of access management policies and procedures to ensure compliance with industry standards and regulatory requirements
• Risk Management: Act as the first line of defense by identifying, assessing, and mitigating risks associated with user access
• Implement proactive measures to prevent unauthorized access and data breaches
• Audit and Reporting: Conduct regular audits of user access controls and prepare detailed reports for senior management and regulatory bodies
• Ensure transparency and accountability in access management practices
• Team Leadership: Manage and mentor a team of access management professionals, fostering a culture of compliance and continuous improvement
• Stakeholder Collaboration: Work closely with IT and business units to ensure seamless integration of access management practices across the organization
• Provide expert guidance on access-related issues and initiatives

• Security Integration: Embed security controls in project design and development (e.g., 95% of projects).
• Risk Assessment: Identify vulnerabilities and threats, aiming to reduce risks by 30%.
• Threat Modelling: Maintain threat models and conduct security reviews for 100% of system designs.
• Risk Management: Manage risk assessments and controls for infrastructure and applications, ensuring 90% compliance.
• Client Data Protection: Implement security controls for TfO, protecting data for over 50 clients.
• Data Privacy: Conduct GDPR and Transfer Impact Analysis for 100% of relevant projects.
• Security Projects: Handle various security projects, completing at least 10 annually.
• Security Assessment: Assess and improve security capabilities for clients, providing recommendations for 80% of engagements.
• Audit Support: Assist audit teams with security requirements, supporting 100% of audits.
• RFP Handling: Respond to RFPs, manage client discussions, and review contracts, handling around 20 RFPs per year.
• Client Deal Support: Provide end-to-end support for client deals, from RFP to mobilization, for 15 deals annually.
• Leadership Discussions: Lead discussions with senior leadership on security principles and identity management.

&Johnson and Johnson (Internal Audit) – Across various geographical locations and for SAP & SAP GRC

• Manager J&J IT SOX SAP (EXL) team
• Develop client audit strategy for SOX audit
• Develop audit schedule for team members and prepare annual plan
• Report preparation and provide updates to client SOX program directors, senior managers, and stockholders as well as EXL executive level management about audit progress and findings/observations
• Acted as individual contributor where I was responsible to conduct control benchmarking, identify control gaps and implement new controls and methodologies
• Lead various client meetings to do risk assessments for noted control findings
• Establish coordination with external auditors to define audit strategy and plan
• Perform SOX audit (walkthroughs and testing) as per risk management procedures of auditing firm
• The scope of audit includes, but not limited to (SAP, non-SAP) IT controls, Access management, Change and Program management, Batch Job Operations, Access recertification, Database and Operating System Security, SAP Basis/ Security controls using various transactions like SUIM or RSUSR003 report, STMS, SCC4, SE06/SE03, RSAPARAM, SE16 etc., SAP (Automated) Business controls
• Responsible for building, developing & maintaining effective relationships with Key stakeholders in client organization, especially related to their risk functions
• Conducting quality review of work delivered by team members, providing feedback
• Responsible for problem solving and conflict management which may occur during audit to make sure that the end deliverables as well team spirit remain unaffected
• Help EXL management in people planning which includes project budget assessment and planning for entire financial year
• Conducting trainings pertaining audit methodology for entire team with objectives to create awareness and set standards around client deliverables
• Assess client control framework including updating risk-control matrix and help SOX project management office (SOX PMO) to identify new control requirement
• Coaching and mentoring new joiners /existing team members around internal audit methodologies and standards as well as client’s audit strategy and plan
• Assist EXL management in performance and appraisal by giving performance feedbacks of team members and identifying development plans to take the team to next level
• Security and controls assessments involving all major releases of SAP including ECC 5.0/6.0, VIRSA/GRC Release 4.0, 5.0, 5.2 and 5.3 which include all this product (Access Enforcer, Firefighter, Role expert and Compliance Calibrator)
• Automated various ITGC controls end-to-end by leading a team who were conversant in ATLRYX and UI PATH
• This helped in reducing the cost and effort to maintain compliance
• Worked on report structure and maintenance of reports from SOX perspective by using tools like Metric Stream and Cadency
• Traveled to US and China for conducting program scoping and strategy identification

• General Motors - Across all geographical locations and for SAP & SAP GRC
• Work with management to ensure a system is in place which ensures that all major risks of information security are identified and analyzed, on an annual/ ongoing basis
• Plan, organize and carry out the internal audit functions including the preparation of an audit plan which fulfills the responsibility of the department, scheduling and assigning work and estimating resource needs
• Identification of internal controls and involved in control-risk mapping
• Report to both the audit committee and management on the audit progress, any delays and keep the management up to date
• Coordinate coverage with the external auditors and ensure that each one is not only aware of the other's work but also well briefed on areas of concerns
• Conduct audits around IT controls of various GM entities spread across globe, conduct walkthrough discussions, do testing, define deliverables and create a report of observations and/or control deficiencies
• Make recommendations on the systems and procedures being reviewed, report on the findings and recommendations and monitor management's response and implementation
• Coordinate with appropriate management staff in implementing approved corrective and preventive measures to clean up and ensure risk-free management practices
• Conduct any reviews or tasks requested by management, the audit committee or chief executive, provided such reviews and tasks do not compromise the independence or objectivity of the internal audit function
• Provide both management and the audit committee with an opinion on the internal controls in the organization
• Provide trainings and knowledge sessions to other team members on SOX audits/requirement vis-à-vis SAP requirement and how to make client SOX compliant successfully
• Conducting Information Security Awareness sessions and trainings for various teams and client personnel
• Help management in preparing the plan to remediate noted control deficiency and monitor the operating effectiveness of implemented control
• Pre and Post SAP Implementation reviews
• Post GRC implementation; identify the risks involved in the users access with the help of Compliance Calibrator and then minimizing those risks with the help of designing mitigation controls
• ISO27001 Implementation and Compliance
• ISMS (Information Security Management System) Implementation for Clients on the lines of ISO/IEC 27001
• Gap Analysis vis-à-vis Plan-Do-Act-Check model
• Information Risk Assessment and Treatment
• Designing Security Roadmaps for organizations
• Creating Information Security Policies and Procedures
• Conducting Information Security Audits

• SOX testing (for 70+ clients using SAP application-Internal and External audits) - Across various geographical locations and for SAP & SAP GRC and various OS and Databases
• Multiple clients e.g
• Tata Motors, Kansai Nerolac, Essar groups of Industries, Micro Ink, ITC
• For operating systems like Windows and UNIX and Application SAP and legacy applications
• Process documentation (Visio flowcharting) based on the conducted walkthroughs and discussions
• Identification of internal controls and involved in control-risk mapping
• Streamlining processes, analyzing opportunities for control efficiencies, coordinating remediation, and managing IT SOX testing with auditors
• Work directly with Control Owners/operators to ensure SOX compliance and process efficiency
• Approva Implementation
• T-Mobile
• Assign Transaction codes and Authorization Objects for ERP, HR, CRM, EBP and BW rulebooks
• Perform false positive test for users and violated rules
• Update information in rulebook for rules that was technically three way conflicts
• Information Systems Audits (including General and Business computer controls testing)
• Multiple Clients
• Understanding the business, the processes and their interaction
• Getting the clear view of underlying infrastructure used to support the business process
• Gathering the requirement, Risk Analysis, Controls Benchmarking, Defining the audit methodology and identifying sampling size
• Compliance with policies or standards