Summary
Overview
Work History
Education
Skills
Accomplishments
Key Performance Indicators
Knowledge Areas
Leadership And Soft Skills
Personal Information
Summary Of Experience
Timeline
Generic
Garima Barsaiyan

Garima Barsaiyan

Pune,Maharashtra

Summary

Performance-driven cybersecurity risk and audit professional with 17 years of experience. Consistently achieves and exceeds expectations through leadership in complex projects. Expertise includes IT governance, SOX-404, internal and external audits, information security, third-party risk assessment, security architecture and solutions, supplier onboarding and supplier risk management, application security assessments, responding to RFPs, and representing the Info Sec team in client sales deal discussions. Worked at Deloitte and Touché (Big 4 firm) as an IT Engineer with an M.B.A. in Advanced Information Technology. Proficient in SAP General Computers Controls (GCC), SAP Segregation of Duties (SOD), SAP Business Computer Controls, Oracle DB, HP-UNIX, AIX, and Windows Testing. Well-versed in user access, change management, BCP/DR controls, policy/framework creations and review. Experienced in automating ITGC controls end-to-end using tools like ALTARYX and UI PATH. Strong communication and presentation skills with significant exposure to close client interactions and coordination during Information Security audits and SOX Audits. Practical industry experience spans across Financial Services, Retail, Consumer Goods, Telecommunications, Life Sciences, Transportation, Hospitality, and Automotive/Industrial sectors. Adept at defining, analyzing, and collaborating with various teams to achieve project goals on time while fulfilling self-responsibilities and commitments. Extensive experience in performing Audit lifecycle related activities including creating audit charters, defining scopes, control benchmarking based on IIA & PCAOB guidelines. Thorough knowledge of data privacy requirements with familiarity in GDPR, PCI-DSS, SOC Reporting, ISO 27001, NIST COBIT COSO GDPR Security by Design Privacy by Design. Worked on control monitoring and reporting tools like Cadency and Metrics Stream. Good understanding of issues and ability to identify areas for improvement in the control environment using acquired technical experience. Excellent team player capable of coaching training mentoring working effectively within a global team environment.

Overview

18
18
years of professional experience

Work History

Deputy General Manager

Vodafone Intelligent Solutions
11.2024 - Current
  • As the Deputy General Manager for User Access Management Compliance, I play a pivotal role in ensuring the integrity and security of our organization's access management systems
  • With a strong focus on compliance, I oversee the implementation and maintenance of robust access controls, ensuring that all user access aligns with regulatory requirements and internal policies
  • Key Responsibilities:
  • Compliance Oversight: Lead the development and enforcement of access management policies and procedures to ensure compliance with industry standards and regulatory requirements
  • Risk Management: Act as the first line of defense by identifying, assessing, and mitigating risks associated with user access
  • Implement proactive measures to prevent unauthorized access and data breaches
  • Audit and Reporting: Conduct regular audits of user access controls and prepare detailed reports for senior management and regulatory bodies
  • Ensure transparency and accountability in access management practices
  • Team Leadership: Manage and mentor a team of access management professionals, fostering a culture of compliance and continuous improvement
  • Stakeholder Collaboration: Work closely with IT and business units to ensure seamless integration of access management practices across the organization
  • Provide expert guidance on access-related issues and initiatives

Technology Security Manager

Accenture Technologies India Pvt. Ltd.
07.2021 - 10.2023
  • Security Integration: Embed security controls in project design and development (e.g., 95% of projects).
  • Risk Assessment: Identify vulnerabilities and threats, aiming to reduce risks by 30%.
  • Threat Modelling: Maintain threat models and conduct security reviews for 100% of system designs.
  • Risk Management: Manage risk assessments and controls for infrastructure and applications, ensuring 90% compliance.
  • Client Data Protection: Implement security controls for TfO, protecting data for over 50 clients.
  • Data Privacy: Conduct GDPR and Transfer Impact Analysis for 100% of relevant projects.
  • Security Projects: Handle various security projects, completing at least 10 annually.
  • Security Assessment: Assess and improve security capabilities for clients, providing recommendations for 80% of engagements.
  • Audit Support: Assist audit teams with security requirements, supporting 100% of audits.
  • RFP Handling: Respond to RFPs, manage client discussions, and review contracts, handling around 20 RFPs per year.
  • Client Deal Support: Provide end-to-end support for client deals, from RFP to mobilization, for 15 deals annually.
  • Leadership Discussions: Lead discussions with senior leadership on security principles and identity management.

Manager

EXL Services India Pvt. Ltd.
01.2014 - 07.2021

&Johnson and Johnson (Internal Audit) – Across various geographical locations and for SAP & SAP GRC

  • Manager J&J IT SOX SAP (EXL) team
  • Develop client audit strategy for SOX audit
  • Develop audit schedule for team members and prepare annual plan
  • Report preparation and provide updates to client SOX program directors, senior managers, and stockholders as well as EXL executive level management about audit progress and findings/observations
  • Acted as individual contributor where I was responsible to conduct control benchmarking, identify control gaps and implement new controls and methodologies
  • Lead various client meetings to do risk assessments for noted control findings
  • Establish coordination with external auditors to define audit strategy and plan
  • Perform SOX audit (walkthroughs and testing) as per risk management procedures of auditing firm
  • The scope of audit includes, but not limited to (SAP, non-SAP) IT controls, Access management, Change and Program management, Batch Job Operations, Access recertification, Database and Operating System Security, SAP Basis/ Security controls using various transactions like SUIM or RSUSR003 report, STMS, SCC4, SE06/SE03, RSAPARAM, SE16 etc., SAP (Automated) Business controls
  • Responsible for building, developing & maintaining effective relationships with Key stakeholders in client organization, especially related to their risk functions
  • Conducting quality review of work delivered by team members, providing feedback
  • Responsible for problem solving and conflict management which may occur during audit to make sure that the end deliverables as well team spirit remain unaffected
  • Help EXL management in people planning which includes project budget assessment and planning for entire financial year
  • Conducting trainings pertaining audit methodology for entire team with objectives to create awareness and set standards around client deliverables
  • Assess client control framework including updating risk-control matrix and help SOX project management office (SOX PMO) to identify new control requirement
  • Coaching and mentoring new joiners /existing team members around internal audit methodologies and standards as well as client’s audit strategy and plan
  • Assist EXL management in performance and appraisal by giving performance feedbacks of team members and identifying development plans to take the team to next level
  • Security and controls assessments involving all major releases of SAP including ECC 5.0/6.0, VIRSA/GRC Release 4.0, 5.0, 5.2 and 5.3 which include all this product (Access Enforcer, Firefighter, Role expert and Compliance Calibrator)
  • Automated various ITGC controls end-to-end by leading a team who were conversant in ATLRYX and UI PATH
  • This helped in reducing the cost and effort to maintain compliance
  • Worked on report structure and maintenance of reports from SOX perspective by using tools like Metric Stream and Cadency
  • Traveled to US and China for conducting program scoping and strategy identification

ERP Lead Auditor

Mphasis an HP company
08.2010 - 01.2014
  • General Motors - Across all geographical locations and for SAP & SAP GRC
  • Work with management to ensure a system is in place which ensures that all major risks of information security are identified and analyzed, on an annual/ ongoing basis
  • Plan, organize and carry out the internal audit functions including the preparation of an audit plan which fulfills the responsibility of the department, scheduling and assigning work and estimating resource needs
  • Identification of internal controls and involved in control-risk mapping
  • Report to both the audit committee and management on the audit progress, any delays and keep the management up to date
  • Coordinate coverage with the external auditors and ensure that each one is not only aware of the other's work but also well briefed on areas of concerns
  • Conduct audits around IT controls of various GM entities spread across globe, conduct walkthrough discussions, do testing, define deliverables and create a report of observations and/or control deficiencies
  • Make recommendations on the systems and procedures being reviewed, report on the findings and recommendations and monitor management's response and implementation
  • Coordinate with appropriate management staff in implementing approved corrective and preventive measures to clean up and ensure risk-free management practices
  • Conduct any reviews or tasks requested by management, the audit committee or chief executive, provided such reviews and tasks do not compromise the independence or objectivity of the internal audit function
  • Provide both management and the audit committee with an opinion on the internal controls in the organization
  • Provide trainings and knowledge sessions to other team members on SOX audits/requirement vis-à-vis SAP requirement and how to make client SOX compliant successfully
  • Conducting Information Security Awareness sessions and trainings for various teams and client personnel
  • Help management in preparing the plan to remediate noted control deficiency and monitor the operating effectiveness of implemented control
  • Pre and Post SAP Implementation reviews
  • Post GRC implementation; identify the risks involved in the users access with the help of Compliance Calibrator and then minimizing those risks with the help of designing mitigation controls
  • ISO27001 Implementation and Compliance
  • ISMS (Information Security Management System) Implementation for Clients on the lines of ISO/IEC 27001
  • Gap Analysis vis-à-vis Plan-Do-Act-Check model
  • Information Risk Assessment and Treatment
  • Designing Security Roadmaps for organizations
  • Creating Information Security Policies and Procedures
  • Conducting Information Security Audits

Assistant Manager (Sr. Consultant)

Deloitte and Touché AERS India Pvt. Ltd and Deloitte Haskin and Sells India Pvt. Ltd.
03.2007 - 08.2010
  • SOX testing (for 70+ clients using SAP application-Internal and External audits) - Across various geographical locations and for SAP & SAP GRC and various OS and Databases
  • Multiple clients e.g
  • Tata Motors, Kansai Nerolac, Essar groups of Industries, Micro Ink, ITC
  • For operating systems like Windows and UNIX and Application SAP and legacy applications
  • Process documentation (Visio flowcharting) based on the conducted walkthroughs and discussions
  • Identification of internal controls and involved in control-risk mapping
  • Streamlining processes, analyzing opportunities for control efficiencies, coordinating remediation, and managing IT SOX testing with auditors
  • Work directly with Control Owners/operators to ensure SOX compliance and process efficiency
  • Approva Implementation
  • T-Mobile
  • Assign Transaction codes and Authorization Objects for ERP, HR, CRM, EBP and BW rulebooks
  • Perform false positive test for users and violated rules
  • Update information in rulebook for rules that was technically three way conflicts
  • Information Systems Audits (including General and Business computer controls testing)
  • Multiple Clients
  • Understanding the business, the processes and their interaction
  • Getting the clear view of underlying infrastructure used to support the business process
  • Gathering the requirement, Risk Analysis, Controls Benchmarking, Defining the audit methodology and identifying sampling size
  • Compliance with policies or standards

Education

Certificate program in CyberSecurity for Leaders -

India School of Business
02-2025

Control Objective for Information and related Technology 5 (COBIT) Foundation - undefined

Information Systems Audit and Control Association
04.2016

Certified Information Security Manager (CISM) - undefined

Information Systems Audit and Control Association
12.2013

Certified Information Security Auditor (CISA) - undefined

Information Systems Audit and Control Association
06.2010

ISO27001 Lead Auditor -

BSI Management Systems
06.2008

Master’s in business administration -

International Institute of Information Technology
02.2007

Certificate in Supply Chain Management - undefined

Symbiosis Centre for Distance Learning
01.2007

Bachelor of Engineering (Hons.) - Information Technology

Government Engineering College
12.2005

Skills

  • Knowledge about SOX (404), ITGCs, Process Controls and Controls Automations
  • COSO/ COBIT/ ITIL and NIST Framework
  • IIA, PCAOB guidelines
  • SAP
  • Risk, Compliance and Governance
  • IT Risk Assessment and Threat Modelling
  • ISO 27001 and ISMS
  • SOC reports
  • Identity and user Access Management, Privilege Access Management (PAM), Change Management etc
  • RFPs, Client Proposals
  • Third Party and Supplier Risk Assessment, Application Security Assessments
  • US GAAP, GDPR, PCI-DSS, HIPPA
  • Risk Assessment and Treatment
  • SaaS, PaaS and related security requirements
  • Reporting and compliance tools like Cadency, Metric Streams, eQsmart, ACTT, CSI

Accomplishments

  • Awarded ‘Go Getter’ award in current organization
  • Awarded ‘Spirit of Winning’ award in Mphasis an HP Company
  • Received many clients’ appreciations in previous as well as current organization
  • Awarded the certificate of ‘Doing right things’ in Accenture
  • Received appreciation rewards from various clients for supporting them in their security related requirements/audits

Key Performance Indicators

Reduced audit cycle time by 20% through process improvements, reliance strategy and automation., Achieved a 98% compliance rate in SOX audits across multiple clients., Identified and mitigated 80% of high-risk issues within the first quarter of implementation., Maintained a client satisfaction score of 4.8/5., Implemented automation tools that resulted in a 15% reduction in audit costs., Successfully mentored and developed 10+ junior team members, leading to a 30% increase in team productivity.

Knowledge Areas

  • SOX (404) Audit
  • ITGCs, Process Controls and Controls Automations
  • COSO/ COBIT/ ITIL and NIST Framework
  • IIA, PCAOB guidelines
  • SAP and SAP GRC
  • IT and Security Governance and Strategy
  • IT Risk Assessment and Threat Modelling
  • ISO 27001 and ISMS
  • SOC 1, SOC 2, SOC 3
  • Controls, Application Security
  • Identity Access Management (IAM)/ User access management (UAM)/ Privilege Access Management (PAM), Change Management
  • RFPs, Client Proposals
  • Third Party Assessment, Supplier Risk Assessments, ASAs, Cloud Security, Network Security
  • Knowledge about various laws like US GAAP, GDPR, PCI-DSS, HIPAA
  • Risk Assessment and Treatment
  • SaaS, PaaS and related security requirements
  • Reporting and compliance tools like Cadency, Metric Streams, eQsmart, ACTT, CSI

Leadership And Soft Skills

  • Execution and Problem-Solving
  • Consulting
  • Leadership
  • Reporting
  • Organizing

Personal Information

  • Gender: Female
  • Marital Status: Married

Summary Of Experience

17, IT Governance, SOX - 404, Internal and External audits, Information Security, Third Party Risk assessment, Security architecture and solutions, Supplier on-boarding and supplier risk management, Application security assessments, Responding to RFPs, Representing the Info Sec team in client sales deal discussions, Financial Services, Retail, Consumer Goods, Telecommunications, Life Sciences, Transportation, Hospitality, Automotive / Industrial

Timeline

Deputy General Manager

Vodafone Intelligent Solutions
11.2024 - Current

Technology Security Manager

Accenture Technologies India Pvt. Ltd.
07.2021 - 10.2023

Manager

EXL Services India Pvt. Ltd.
01.2014 - 07.2021

ERP Lead Auditor

Mphasis an HP company
08.2010 - 01.2014

Assistant Manager (Sr. Consultant)

Deloitte and Touché AERS India Pvt. Ltd and Deloitte Haskin and Sells India Pvt. Ltd.
03.2007 - 08.2010

Control Objective for Information and related Technology 5 (COBIT) Foundation - undefined

Information Systems Audit and Control Association

Certified Information Security Manager (CISM) - undefined

Information Systems Audit and Control Association

Certified Information Security Auditor (CISA) - undefined

Information Systems Audit and Control Association

Certificate in Supply Chain Management - undefined

Symbiosis Centre for Distance Learning

Certificate program in CyberSecurity for Leaders -

India School of Business

ISO27001 Lead Auditor -

BSI Management Systems

Master’s in business administration -

International Institute of Information Technology

Bachelor of Engineering (Hons.) - Information Technology

Government Engineering College
Garima Barsaiyan