Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Timeline
Generic
Mahesh Kotte

Mahesh Kotte

IT & SOX Auditor
Hyderabad

Summary

As an IT Audit Consultant at ADP with 12+ years in IT governance, compliance, and risk management (spanning TCS, ADP, and Cadence), I empower organizations to build robust digital trust, resilient controls, and secure operations. A certified ISO 27001:2022 Lead Auditor, COBIT Foundation and CISA, I excel in IT General Controls(ITGC), SOX compliance, and cloud audits across SAP, Oracle, SQL, and MDM environments like JAMF and Intune. Beyond testing, I design scalable frameworks using COSO and COBIT to mitigate risks and drive secure digital transformation. I've led cross-functional audit teams of up to 10, coaching them to uncover the "why" behind controls and deliver actionable insights that safeguard enterprise value. Passionate about turning complex IT risks into strategic advantages, I bridge technology, governance, and leadership—whether optimizing cloud strategies, SOX cycles, or global compliance programs.

Overview

13
13
years of professional experience
4
4
Certifications
3
3
Languages

Work History

Consultant

ADP INDIA PVT LIMITED
12.2020 - Current
  • Worked on TPRM assessments for critical vendors and outsourced services.
  • Identified compliance, operational, and information security risks across third-party relationships.
  • Evaluated vendor control maturity against regulatory and internal risk requirements.
  • Reviewed contracts, SLAs, and regulatory obligations to identify risk gaps.
  • Provided practical remediation guidance to reduce vendor risk exposure.
  • Used ServiceNow GRC to perform structured vendor risk assessments.
  • Reviewed vendor-submitted evidence for completeness and accuracy.
  • Scored control effectiveness and assigned vendor risk ratings.
  • Identified security gaps and red flags during vendor evaluations.
  • Supported SOX 404 compliance through ITGC and third-party control testing.
  • Assessed control design and operating effectiveness for audit readiness.
  • Documented audit findings and deficiencies aligned with SOX standards.
  • Reviewed logical and privileged access controls for vendor-managed systems.
  • Tested user provisioning, deprovisioning, and access reviews (UAR).
  • Evaluated privileged access management (PAM) and least-privilege enforcement.
  • Conducted SAP ECC 6.0 access and change management reviews.
  • Performed SoD conflict analysis and sensitive transaction reviews.
  • Reviewed change approvals, transports, and testing evidence.
  • Conducted vendor categorization using criticality assessments and IRQ-based risk tiering to determine required levels of due diligence, ongoing monitoring, and control testing within the Third-party risk management framework.

Senior Analyst

ADP INDIA PVT LIMITED
09.2019 - 11.2020
  • Worked on the US external third-party review.
  • I worked on the Control Design assessment.
  • Performed walkthroughs with the control owners.
  • Worked on the assessment of continuous monitoring execution.
  • Worked on operational effectiveness assessment.
  • Reviewed and finalized reporting.
  • Reviewing the Test of Designs and the Test of Effectiveness controls.
  • Perform analytical procedures/analysis to test the effectiveness of controls.
  • Document audit procedures, and cross-reference working papers.
  • Create management representation letter comments, recommendations, and draft audit reports for management review.
  • Responsible for IT audit and SOX 404 IT internal controls testing, including IT general controls (ITGCs), application/automated controls, segregation of duties, and other application controls for SAP and JAMF as needed.
  • Performed an internal audit on ITGC components, such as access management and change management.
  • Reviewing the Test of Designs and the Test of Effectiveness controls.
  • Lead interactions with control owners and produced high-quality work papers that will help maintain and elevate reliance.
  • Performed a Test of Design (TOD) and a Test of Effectiveness (TOE) for ITGC controls based on sampling picked using sampling methodology.

MAC Administrator

Novartis Pharma(Wipro)
05.2018 - 09.2019
  • Provides IT support and technical training on hardware and software to end users.
  • Building and managing content (. pkg. mpkg and .dmg packages for deployment to macOS devices.
  • Enrolling macOS and iOS devices using automated MDM enrollment.
  • Setup and configuration of macOS and iOS devices.
  • Configuring the user environment (Configuration Profiles, plist).
  • Purchasing and distributing App Store apps using the Volume Store.
  • Involved in testing Mojave on different Macs.

Business Consultant

TCS
11.2017 - 05.2018
  • Served as a point of contact within the IT Service Desk team for an American electronic design automation (EDA) software, SFDC, and engineering services company, handling requests through calls, chats, emails, and online tickets.
  • Provides IT support and technical training on hardware and software to end users.
  • Sets up mobile Exchange email, VPN, and Internet access for users via a secure company network.
  • Deploying mobile application packages into SCCM.
  • Testing different applications deployed in SCCM on different mobile operating systems.
  • Working with service requests related to Intune, AirWatch, OneDrive, and Office 0365 issues.

System Administrator

WIPRO(Cadence Design Systems)
01.2017 - 10.2017
  • Enrolling user profiles and assigning licenses in Intune for MAM and MDM solutions to the users.
  • Applied experience with Microsoft Exchange and other Microsoft technologies, including a firm understanding of Active Directory, is key.
  • A comprehensive understanding of Mac OS, from command-line troubleshooting to resolving individual application failures.
  • Comprehensive knowledge of Windows, in issues ranging from resolving registry conflicts to troubleshooting system crashes, and performance issues.
  • Experience with troubleshooting Windows and OSX operating systems, desktops, and printers/print servers.

Team Leader

CONQUER TECHNOLOGIES
12.2012 - 10.2015
  • Responsible for diagnosing, testing and repairing Desktop Systems and Mobile Devices following Repair Procedures.
  • Handling troubleshooting issues related to hardware and software applications for both carry-in repairs and onsite repairs.
  • Installation of Windows OS and Mac OS installation on Boot Camp Partition and Virtualization software partitions.
  • Maintenance of Printers and Scanners.

Education

B.TECH - Electronics and communication Engineering

JNTU HYDERABAD
HYDERABAD, INDIA
04.2026

Skills

Microsoft Office

Certification

COBIT Foundation

Personal Information

  • Passport Number: P2116124
  • Date of Birth: 19/11/1989
  • Gender: Male
  • Nationality: Indian
  • ID Type: Passport
  • ID Number: P2116124

Timeline

ISO 27001-2022 Lead Implementor

12-2025

ISO 27001-2022 Lead Auditor

12-2025

COBIT Foundation

11-2025

Consultant

ADP INDIA PVT LIMITED
12.2020 - Current

Senior Analyst

ADP INDIA PVT LIMITED
09.2019 - 11.2020

MAC Administrator

Novartis Pharma(Wipro)
05.2018 - 09.2019

Business Consultant

TCS
11.2017 - 05.2018

Jamf Pro

11-2017

System Administrator

WIPRO(Cadence Design Systems)
01.2017 - 10.2017

Team Leader

CONQUER TECHNOLOGIES
12.2012 - 10.2015

B.TECH - Electronics and communication Engineering

JNTU HYDERABAD

Similar Profiles

CREATE PROFILE
Mahesh KotteIT & SOX Auditor