Summary
Overview
Work History
Education
Skills
Areas Of Interest
Accomplishments
Timeline
Generic
MANCY ARORA

MANCY ARORA

Delhi

Summary

Highly skilled Information Technology Auditor with background in assessing and mitigating risks related to IT systems. Strong ability to examine internal controls, evaluate data integrity, and ensure compliance with regulations. Prior work has involved successfully identifying system vulnerabilities and implementing strategic solutions to enhance security and efficiency.

Overview

7
7
years of professional experience

Work History

Senior IT Auditor

Ameriprise Financial
Gurgaon
08.2023 - Current
  • Process a rich experience in the IT industry, specializing in Vendor Risk Assessment and Compliance Management.
  • Leading the team as a Senior IT Risk Analyst at Ameriprise Financial LLC in Gurugram, I manage the comprehensive Third-Party Vendor Due Diligence and risk management process from start to finish.
  • Possess a diverse skill set, including data analysis, risk mitigation strategies, and security incident analysis.
  • Acknowledged for the creation of detailed Risk Assessment Reports and the delivery of a presentation on technology risk management initiatives to senior leadership.
  • Proficient in ITGC, IT SOX, technology risk, and GDPR compliance.
  • Actively provided training sessions to new joiners from three different locations: the Philippines, Kochi, and Gurgaon.
  • Performed NIST and ISO 27001 risk assessments, ensuring adherence to regulatory requirements.
  • Showcased expertise in stakeholder engagement, security control implementation, and IT governance.
  • Attained the prestigious 'Platinum Award' for exceptional performance in third-party risk assessment at Ameriprise Financial LLC, showcasing dedication and expertise in the field.
  • Monitor and report on compliance status to senior management and stakeholders, creating and managing reports and dashboards on Archer (GRC Tool).
  • Developed comprehensive Standard Operating Procedures (SOPs) for various organizational processes, ensuring clarity, structure, and alignment with business objectives.
  • Partnered with cross-functional teams to establish streamlined workflows, and then documented detailed SOPs to standardize and optimize the operations.
  • Designed and developed Power BI dashboards for senior management, providing critical insights for governance and decision-making.
  • Implement continuous improvement initiatives to enhance the effectiveness of GRC processes.

Consultant

Infosys Ltd.
Gurgaon
05.2018 - 07.2023
  • Engaged in the GST project of the Indian government.
  • This project envisions a user-friendly GST portal for taxpayers and tax officers.
  • Part of the ISO Certification and Auditing team.
  • Assist auditors in the surveillance audit of ISO certification - (ISO 20000, ISO 22301, and ISO 27001).
  • Supported the client in their audit of policies and process documents.
  • Closure of audit findings by submitting RCA (Root Cause Analysis) and CAPA (Corrective and Preventive Action).
  • Managing the team in conducting the Security Audit, Implementation Audit, and Internal Audit.
  • As part of the audit, I tested the adequacy and effectiveness of ITGC controls at the application level.
  • In scope control included Batch Management, Authentication, Backup and Recovery, and Access Management controls such as Privilege Access, Role Review, and Leavers.
  • As part of the SOX audit, I tested the adequacy and effectiveness of ITGC controls at the application and process levels.
  • Tested ITGC controls, which include access controls, security controls, change management controls, and identifying ineffectiveness and redundancies.
  • Updating and reviewing of policies, process documents, and records.
  • Assisted the team in the preparation of the Roles and Responsibilities Matrix sheet and the Skills Matrix sheet.
  • Conducted BCMS tests, such as the VPN test and Call Tree test, and prepared their reports.
  • Preparation and updating of the BIA sheet (Business Impact Analysis).
  • Briefing the Risk Register document as per ISO standards.
  • Design of the SOA (Standard of Applicability) document as per the relevant standard.
  • Updation of the Management Review Meeting (MRM) for the surveillance audit.

Education

Lead Auditor ISO 27001 -

02.2023

Certified Information System Auditor -

ISACA
07.2021

Chartered Accountancy -

11.2017

Bachelor of Commerce -

08.2015

Skills

  • IT governance
  • Information security
  • Cybersecurity
  • Vulnerability assessment
  • Proficient in Data Visualization
  • Critical Thinking Skills
  • Team Leadership
  • Business Analytics
  • Archer
  • Power BI

Areas Of Interest

  • IT Audit
  • GRC
  • Risk Assessment
  • Cyber Security

Accomplishments

  • Attained the prestigious 'Platinum Award' for exceptional performance in third-party risk assessment at Ameriprise Financial LLC, showcasing dedication and expertise in the field.

Timeline

Senior IT Auditor

Ameriprise Financial
08.2023 - Current

Consultant

Infosys Ltd.
05.2018 - 07.2023

Lead Auditor ISO 27001 -

Certified Information System Auditor -

ISACA

Chartered Accountancy -

Bachelor of Commerce -

MANCY ARORA