Mrigank Kumar Gaurav
Summary
- Led risk management practices for ~9 years across multiple global and Indian clients, benchmarking GRC procedures , operations, ensuring SOX, ISO and audit compliances.
- Orchestrated improvement and self-assessment of internal controls , implementing information security standards, identity access management (IAM), operational risk frameworks.
- Delivered strategic advisory and tailored insights to executives, CXO leadership and board-level stakeholders, ensuring clear communication of compliance risks, mitigation strategies, and program performance.
- Managed cross-functional distributed teams, providing mentoring to enhance performance and delivered training programs to increase risk awareness across organization.
- Developed 4 assets and enablers in SoD analysis and analytics across multiple projects, enhancing reporting efficiency and stakeholder confidence.
- Governed and refined access & change management processes and SOPs, executing user access reviews to enhance security and compliance.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Manager - Risk Advisory
DELOITTE
07.2023 - Current
- Led 4 end-to-end project lifecycles , along with opportunity identification, proposal design, risk/legal procedures, effort estimation, revenue planning, resource management, for multiple engagements, etc
- Project manager for multiple engagements in SAP GRC AC and Security, ensuring project delivery with specialization in SOD optimization and improve internal controls to fix compliance gaps
- Spearheaded development of a Python-based AI tool leveraging BERT AI model to identify and bridge gaps of any given GRC rulebook leveraging Deloitte's golden standards
- Directed creation of Power BI asset visualizing GRC EAM & SoD metrics with tailored analytics for executive leadership, business, and IT
- Ensured seamless operational execution alongside project delivery through resource utilization, time planning and charging, revenue tracking, projections, invoicing, etc
- Primary SAP GRC trainer for L&D team for internal teams, new hires, and clients, enhancing user expertise and upskilling
- Conducted multiple interviews for enhancing team capabilities with resulting team growth of over 60%
Manager - GRC & Internal Controls
GENPACT - ERC | Mondelez International
04.2022 - 07.2023
- Lead Internal Control and audit manager for SoD/Access risk management using SAP GRC for IT SOX, supporting internal/ external audits and conduct business process controls review for eight global regions
- Administered Segregation of Duties (SoD) monitoring activities globally for SOX controls for 28K+ users/ 8K+ roles
- Successfully managed 15+ KPI and SLA metrics and reviewed operational performance with SL leads monthly
- Enhanced SOPs for access and change management utilizing in-depth business process knowledge
- Completed 5-10 Internal Control improvement initiatives annually reporting their performance, impact, and benefits
- Directed automation of GCC (General Computer Controls) testing/ reviews using Process Controls (CCM) for 12 systems
- Automated violation reporting with RPA team for eight regions using Python scripts
- Governed teams of over ten members in daily operations, clients, and external stakeholders and in-house workstreams in IT/Business SOX, CCM to maintain purposeful collaborative relationships
- Accomplished multiple tasks within established timeframes.
- Managed and motivated employees to be productive and engaged in work.
Senior Consultant -GRC & Internal Controls
GENPACT - ERC | Mondelez International
08.2018 - 03.2022
- Executed GRC activities through detective checks ensuring operations are SoD-free (20~ Service Now req daily)
- Successfully reported risks for three regions monthly and resolved risks within business through remediation/ mitigation
- Led IT Audit and risk advisory improvement projects (8-10/year) in role remediation, SOD review, SOD Rulebook Baselining, RPA bot analysis , etc
- To strengthen internal controls
- Optimized rulebook/risk library to industry baseline improving risk reporting of 70+ risks and removed false positives
- Remediated over 500+ ECC roles removing SoDs based on analysis, modifying users/ technical role architecture
- Ensured critical SOX control compliance annually for global SOX Controls owner independence collaborating across multiple teams and geographies
- P erformed sensitive access analysis for 12 global SAP and non-SAP systems to ensure application security
- Analyzed functionality/sensitivity of 200+ custom tcodes from new developments/projects to include them in the SOD rulebook
- Ensured adherence to change management for changes to GRC system through CAB meetings and SOD free operation
- Implemented multiple improvement projects such as role remediation, control library updates, RPA role management, etc
- Introduced a mass management tool for Mitigation Controls to reduce workload
- Prepared SOD reviews reports and business proposals for multiple clients
Associate Consultant
ERNST & YOUNG (EY)
06.2016 - 08.2018
- Trained in SAP GRC Access Controls 10.1 (ARA, ARM, BRM, and EAM) and SAP Security
- Successfully implemented SAP GRC AC10.1 with workflow design (MSMP and BRF+), post-installation steps (ARM), connector setup, designing mitigation controls, EAM setup, BRM configurations, etc
- Prepared SoD Review reports for multiple clients in the Automotive, Electronics, Manufacturing and FMCG sectors, reporting violations, their impact and remediation pointers ensuring SOX and audit compliance
- Created business proposals based on RFPs highlighting case studies, planning, and pricing for new projects
- Delivered a 30+ member EY risk advisory practice session on SAP GRC tool to perform SOD Reviews
- Trained in various business cycles such as Order to Cash, Procure to Pay, etc
- Programmed a Python tool to generate risk analysis report/dashboard using user access data for clients
- Enhanced client satisfaction by providing tailored solutions and recommendations for their business needs.
Web Developer Intern
UNDOSTRES
06.2015 - 08.2015
- Company Overview: https://undostres.com.mx
- Designed and programmed complete mobile & desktop websites from scratch, front and back-end using Bootstrap/CSS framework using PHP, JavaScript and MySQL with simplistic designs and assisted in product development
- Integrated a payment gateway and recharge APIs into a website, optimizing the database with MySQL
- Achieved a 95% success rate in bug fixes and learned how to use Bitbucket for code versioning and collaboration
Education
Bachelor of Technology - Information Technology
Delhi Technological University (DTU) Formerly Delhi College of Engineering (DCE)
New Delhi, India06-2016
Indian School Certificate -
Career Convent College
Lucknow04-2011
Indian School Certificate Examinations -
Career Convent College
Lucknow, India04-2009
Skills
- Internal Audit Expertise
- Operational Risk Management
- SAP GRC Access and Process Controls
- SAP ECC and S4 HANA
- Fiori Security
- BI/BW
- SAP Analytics Cloud
- IAS, IES
- SAP NetWeaver
- SOX, ISO, GDPR, PCI DSS
- Advanced MS Office Skills
- Power BI
- Proficient in Python
- Experience with Generative AI Solutions
- C, C, PHP, JavaScript, HTML/CSS, MySQL, JAVA
- Communicative, Moderator, Independent, Creative
- Innovative, Analytical
- Time management
- Team leadership
Project highlights
JCB – SAP GRC Review and Enhancement & Role Redesign | Deloitte
· Conducted an SAP Security review, presenting a CFO-level report on 25+ high/critical risks, with financial impact (~$15K per observation).
· Led project by benchmarking the GRC SoD rulebook, implemented access workflows, EAM, BRM, UAR and integrating SuccessFactors for real-time access sync.
· Enhanced user access and SAP change methodology.
· Facilitated brownfield role redesign for 400 composite roles and built a repository of ~2,100 custom transactions (~200 sensitive).
BMI – SAP Security & GRC Support | Deloitte
· Provided SAP Security support across S/4HANA, Fiori, SAC, BW, MDG, BTP, IAS, and GRC, supported UAT for successful go-lives.
· Identified automation opportunities, optimized role design, and presented process improvement recommendations to CXO leadership.
HMSI – GRC Rulebook Standardization & Role Redesign POC | Deloitte
· Benchmarked SAP GRC rulebook against industry standards, refining risk criticality, sensitive access controls, and SOPs for periodic reviews.
· Built a repository of ~1,500 transaction codes (~190 sensitive) and demonstrated role design gaps through a POC, leading to a redesign proposal.
Mahindra & Mahindra – SAP GRC & Security Managed Services | EY
· Led SAP Security and GRC support, resolving 15–20 daily access issues, customizing rule sets, and enhancing SoD compliance across six BUs.
ITC – Greenfield SAP Role Design & SAP License Review | EY
· Assessed SAP licenses, user access, and custom transactions for six BUs, optimizing license allocation and compliance reporting.
· Designed SAP roles for eight business divisions, incorporating UAT feedback to resolve authorization issues.
Unilever – AC & PC Support | EY
· Developed business rules, automated process controls, and training materials for SAP GRC Access Control & Process Control.
Royal Enfield – SAP GRC AC & PC 10.1 Implementation | EY
· Implemented GRC AC having configured ARA, seven MSMP-BRF workflows, EAM with 25 FFIDs, BRM functionality, and performed risk analysis for 5,000 roles with 60+ mitigation controls.
· Led UAT, business blueprinting, and user training, serving as the primary contact post-Go-Live for issue resolution and escalations.
Certification
- Global Risk Management Institute (GRMI) - Risk Masterclass, Genpact, 2020
- Extra Miller Award, Genpact, 2019
- Spotlight Award, Ernst & Young, 2017
- Web developer training - PHP & MySQL, HP India Pvt Ltd, 2014
- Meritorious Child Scholarship, DTU, 2013
Accomplishments
- Global Risk Management Institute (GRMI) – Risk Masterclass | Genpact, 2020
- Extra Miller Award , Genpact, 2019 | Spotlight Award , Ernst & Young, 2017
- Web developer training - PHP & MySQL | HP India Pvt Ltd | 2014
- Meritorious Child Scholarship (DTU) | State Bank of India | 2013
Interests and Involvements
- Interests - Photography, technology enthusiast, travelling, music, movies, art, gaming, psychology, spirituality, etc.
- Udayan Care - Volunteer, CSR Genpact | 2019
- CRY - Child Rights - Volunteer, Delhi Technological University | 2014-15.
- IEEE - Institute of Electrical and Electronics Engineers - Member -Delhi Technological University | 2012
Timeline
Manager - Risk Advisory
DELOITTE
07.2023 - Current
Manager - GRC & Internal Controls
GENPACT - ERC | Mondelez International
04.2022 - 07.2023
Senior Consultant -GRC & Internal Controls
GENPACT - ERC | Mondelez International
08.2018 - 03.2022
Associate Consultant
ERNST & YOUNG (EY)
06.2016 - 08.2018
Web Developer Intern
UNDOSTRES
06.2015 - 08.2015
Bachelor of Technology - Information Technology
Delhi Technological University (DTU) Formerly Delhi College of Engineering (DCE)
Indian School Certificate -
Career Convent College
Indian School Certificate Examinations -
Career Convent College
Similar Profiles
Neo MojiNeo Moji
Junior Actuarial Analyst at DeloitteJunior Actuarial Analyst at Deloitte
PRIYANKA PAWAR VADAIGHARPRIYANKA PAWAR VADAIGHAR
AWS DevOps Engineer at DeloitteAWS DevOps Engineer at Deloitte
Richa NandRicha Nand
Senior Associate at DeloitteSenior Associate at Deloitte
Pavani GoudPavani Goud
Technology Analyst at DeloitteTechnology Analyst at Deloitte
Sagar YadavSagar Yadav
Manager Risk Advisory at Pierag ConsultingManager Risk Advisory at Pierag Consulting