Summary
Overview
Work History
Education
Skills
Professional summary
Timeline
Generic

HARSHA Vardhan

BANGALORE,KA

Summary

Proficient and experienced IT Auditor with experience in Information Security and related functions such as SOX testing and ITGC controls. Hands-on experience in testing Access management and Change management related controls along with knowledge in Incident management, and IT operation management related to SOX ITGC.

Overview

4
4
years of professional experience

Work History

Consultant

DXC Technology
BANGALORE
08.2021 - Current
  • Performing ITGC testing as Internal auditor for access management,change mangement,incident management,IT operations.
  • Collaborated with control owners to perform detailed walkthroughs and understand testing requirements.
  • Performed Test of Design (TOD) and Test of Effectiveness (TOE) for ITGC Controls based on sampling picked using Sampling methodology.
  • Test operational effectiveness to ensure continued compliance with section 404 of the Sarbanes-Oxley Act of 2002.
  • Follow up on remediation action plans for issues raised during the SOX audits.
  • Maintained up-to-date knowledge of industry regulations (SOX) and actively contributed to process improvement and compliance initiatives.
  • Prepare remediation plans and management responses for identified audit observations, including development of a Risk Matrix, and share with relevant team leaders.
  • Support management in developing Management Action Plans (MAPs) to resolve control issues and mitigate risks.
  • Maintain positive, collaborative relationships across corporate IT, business unit IT, and other key stakeholders while coordinating audit activities.
  • Assess IT General Controls (ITGCs), including application controls, computer operations, program development, and program change management, to identify control gaps.
  • Assist in collecting and documenting security-relevant evidence for external audits.
  • Coordinate with IT teams for the extraction of audit evidence and evaluation of security controls.
  • Support IT teams with remediation efforts and provide guidance to close identified audit issues.
  • Evaluate mandatory requirements prior to release of software packages/production changes.
  • Facilitate and lead weekly meetings to update change status and track remediation progress.
  • Participate in functional studies of applications, analyze test cases, and validate business requirements.
  • Identify test scenarios and test cases from functional specifications.
  • Report defects to developers and track them through resolution.

Education

B.E. -

Anna University
01.2021

Skills

  • ITGC Testing

  • SOX

  • SOX Audit

  • SOX Controls

  • Internal Auditor

  • ITIL

  • SOC 2

  • Data Privacy

  • Incident Management

  • Change Management

  • Risk Management

  • COSO

  • COBIT

Professional summary

Degree

June 2017 — July 2021

B.E


  • Having overall 4 years of experience out of which I have 3 years in IT Security & Compliance
  • Part of Test of Design (TOD) and individually handledTest of Effectiveness (TOE).
  • Good experience on ITGC Domains like AccessManagement (AM), Change Management (CM),Incident Management (IM)& IT Operations.
  • Conducting in-process reviews, validation, and/or audits of project, task, or work products.
  • Continuously provides improvement recommendations to CM, Developer, tester, and Dispatcher.
  • Worked on controls like User Provisioning, Deprovisioning, Password Parameters, User Access Reviews (UAR), High Privileged Access (HPA).
  • Advising the project managers and configuration managers on the project/task CM requirements.
  • Coordinating and responding to Internal and External audit requests.
  • Testing operating effectiveness, as part of IT Audits, by taking samples from Production Systems to ensure continued compliance with section 404 of the Sarbanes-Oxley Act of 2002.
  • Communicating the observations or gaps identified during the controls Review/IT Audit to the senior auditors and managers.
  • Maintain positive and collaborative relationship between corporate IT, business unit IT departments while working with all these teams.
  • Need to evaluate the mandatory requirements before releasing the packages.
  • Facilitates Weekly Meeting and update change status.

Timeline

Consultant

DXC Technology
08.2021 - Current

B.E. -

Anna University
HARSHA Vardhan