MANCY ARORA
Delhi
Summary
Highly skilled Information Technology Auditor with background in assessing and mitigating risks related to IT systems. Strong ability to examine internal controls, evaluate data integrity, and ensure compliance with regulations. Prior work has involved successfully identifying system vulnerabilities and implementing strategic solutions to enhance security and efficiency.
Overview
7
7
years of professional experience
Work History
Senior IT Auditor
Ameriprise Financial
Gurgaon
08.2023 - Current
- Process a rich experience in the IT industry, specializing in Vendor Risk Assessment and Compliance Management.
- Leading the team as a Senior IT Risk Analyst at Ameriprise Financial LLC in Gurugram, I manage the comprehensive Third-Party Vendor Due Diligence and risk management process from start to finish.
- Possess a diverse skill set, including data analysis, risk mitigation strategies, and security incident analysis.
- Acknowledged for the creation of detailed Risk Assessment Reports and the delivery of a presentation on technology risk management initiatives to senior leadership.
- Proficient in ITGC, IT SOX, technology risk, and GDPR compliance.
- Actively provided training sessions to new joiners from three different locations: the Philippines, Kochi, and Gurgaon.
- Performed NIST and ISO 27001 risk assessments, ensuring adherence to regulatory requirements.
- Showcased expertise in stakeholder engagement, security control implementation, and IT governance.
- Attained the prestigious 'Platinum Award' for exceptional performance in third-party risk assessment at Ameriprise Financial LLC, showcasing dedication and expertise in the field.
- Monitor and report on compliance status to senior management and stakeholders, creating and managing reports and dashboards on Archer (GRC Tool).
- Developed comprehensive Standard Operating Procedures (SOPs) for various organizational processes, ensuring clarity, structure, and alignment with business objectives.
- Partnered with cross-functional teams to establish streamlined workflows, and then documented detailed SOPs to standardize and optimize the operations.
- Designed and developed Power BI dashboards for senior management, providing critical insights for governance and decision-making.
- Implement continuous improvement initiatives to enhance the effectiveness of GRC processes.
Consultant
Infosys Ltd.
Gurgaon
05.2018 - 07.2023
- Engaged in the GST project of the Indian government.
- This project envisions a user-friendly GST portal for taxpayers and tax officers.
- Part of the ISO Certification and Auditing team.
- Assist auditors in the surveillance audit of ISO certification - (ISO 20000, ISO 22301, and ISO 27001).
- Supported the client in their audit of policies and process documents.
- Closure of audit findings by submitting RCA (Root Cause Analysis) and CAPA (Corrective and Preventive Action).
- Managing the team in conducting the Security Audit, Implementation Audit, and Internal Audit.
- As part of the audit, I tested the adequacy and effectiveness of ITGC controls at the application level.
- In scope control included Batch Management, Authentication, Backup and Recovery, and Access Management controls such as Privilege Access, Role Review, and Leavers.
- As part of the SOX audit, I tested the adequacy and effectiveness of ITGC controls at the application and process levels.
- Tested ITGC controls, which include access controls, security controls, change management controls, and identifying ineffectiveness and redundancies.
- Updating and reviewing of policies, process documents, and records.
- Assisted the team in the preparation of the Roles and Responsibilities Matrix sheet and the Skills Matrix sheet.
- Conducted BCMS tests, such as the VPN test and Call Tree test, and prepared their reports.
- Preparation and updating of the BIA sheet (Business Impact Analysis).
- Briefing the Risk Register document as per ISO standards.
- Design of the SOA (Standard of Applicability) document as per the relevant standard.
- Updation of the Management Review Meeting (MRM) for the surveillance audit.
Education
Lead Auditor ISO 27001 -
02.2023
Certified Information System Auditor -
ISACA
07.2021
Chartered Accountancy -
11.2017
Bachelor of Commerce -
08.2015
Skills
- IT governance
- Information security
- Cybersecurity
- Vulnerability assessment
- Proficient in Data Visualization
- Critical Thinking Skills
- Team Leadership
- Business Analytics
- Archer
- Power BI
Areas Of Interest
- IT Audit
- GRC
- Risk Assessment
- Cyber Security
Accomplishments
- Attained the prestigious 'Platinum Award' for exceptional performance in third-party risk assessment at Ameriprise Financial LLC, showcasing dedication and expertise in the field.
Timeline
Senior IT Auditor
Ameriprise Financial
08.2023 - Current
Consultant
Infosys Ltd.
05.2018 - 07.2023
Lead Auditor ISO 27001 -
Certified Information System Auditor -
ISACA
Chartered Accountancy -
Bachelor of Commerce -
Similar Profiles
Brendan ClancyBrendan Clancy
Financial Advisor Assistant at Ameriprise Financial Jeffery J BurnsFinancial Advisor Assistant at Ameriprise Financial Jeffery J Burns
Samuel JorgensonSamuel Jorgenson
Software Engineer at Ameriprise FinancialSoftware Engineer at Ameriprise Financial
Sukriti ChoubeySukriti Choubey
Service and Operations-Professional Associate at Ameriprise FinancialService and Operations-Professional Associate at Ameriprise Financial