Nikhil Aggarwal
Senior Consultant
LinkedIn,HR
Summary
Nikhil is an experienced Information Technology Risk and Controls professional, with close to 7 years in this field working both in internal and external audit. Nikhil possesses the skills and experience to assess organizational technology risk against various requirements. Specialize in IT audits and compliance, including security reviews, pre- and post-implementation reviews, SOX compliance efforts, technical change management, IT security, application controls, IT operations and business continuity planning.
Overview
7
7
years of professional experience
6
6
years of post-secondary education
4
4
Certifications
2
2
Languages
Work History
Senior Consultant
EY GDS India LLP
Gurugram
07.2019 - Current
- Performed IT SOX assessment as part for Internal Audit of one of the largest Heath care organization
- Developed SOD conflict Extractor Solution which is an automated tool to identify Segregation of Duties conflicts from an ERP system.
- Core SME in Center of Excellence in SAP where we performed testing of SAP IT General controls testing (ITGCs) and Business process controls (ITACs).
- Prepared RFPs and RFQs for technology risk related projects
- Core SME in Centre of Excellence on IT Health check where we assess different domains in field on Information Security including IT Security, Business Continuity, Privacy, etc.
- Identify and design controls for client, based on different SOC Reporting standard including SSAE 16/18, ISAE3402 and Trust Service Criteria of AICPA.
- Actively managing teams for conducting IS Audits, IT General Controls & application Controls for Audit Support Engagements
- Prepared and deliver trainings for ITGCs, SOD reviews, IT Health checks and Cyber Security.
Assistant Manager
Grant Thornton India LLP
Hyderabad
12.2018 - 07.2019
- Performed Service Organization Controls & Reporting (SOC 1, SOC2) by identifying, drafting and testing controls around organization’s processes, security trust principles and reporting as per the SSAE 18 standard
- Performed IT General Controls (ITGC) assessment for ERP applications like SAP, Dynamics and Oracle as part for Financial Audit for varied industry sectors like Pharma, Technology, manufacturing etc
- Actively managing teams for conducting IS Audits, Vendor Risk Management Engagements, IT General Controls & Application Controls for Audit Support Engagements
Consultant
Ernst and Young LLP
Hyderabad
01.2016 - 12.2018
- IT SOX 404 Compliance engagement. Validated operating effectiveness of controls for business processes, IT General Controls and IT Application Controls.
- Performed Service Organization Controls & Reporting (SOC 1, SOC 2) by identifying, drafting and testing controls around organization’s processes, along with IT General Controls including logical access security, physical & environmental security, security trust principles and reporting as per the SSAE 16 standard.
- Performed IT General Controls (ITGC) assessment for ERP applications like SAP, Dynamics and Oracle as part for Financial Audit for varied industry sectors like Pharma, Aviation, IT, Infrastructure, Healthcare, etc. including large organisations.
- Actively managing teams for conducting IS Audits, Vendor Risk Management Engagements, IT General Controls & Application Controls fo Audit Support Engagements.
- End to End implementation assistance of HITRUST Common Security Framework for a legal process outsourcing company including project planning, gap analysis, risk assessment, policy & procedure development, conducting internal readiness audit and assistance in Self-Assessment and Validated-Assessment.
- Implementation assistance of Data Leakage Prevention(DLP) solution for a pharmaceutical company including project planning, identification and assessment of critical information sources, framing the rulesets for the DLP Server and monitoring the effectiveness of the DLP solution.
Information Security Engineer
Infosys Limited
Bangalore, Karnataka
06.2015 - 01.2016
- Performed internal risk assessments to help create optimal prevention and management plans.
- Maintained and tested corporate response plans.
- Made recommendations for mitigating identified risks.
- Designed training manuals to increase security awareness throughout the organisation.
- Facilitated company wide security awareness and training
- Sessions.
Intern
Mahindra Special Services Group
Bangaluru
06.2014 - 07.2014
- Assisted in Vulnerability Assessment and Penetration Testing of company’s clients
- Delivered Training and Awareness sessions to employees of client organization.
- Developed a solution create a customized VAPT report for client.
Education
Master of Science - Cyber Law and Information Security
Indian Institute of Information Technology
Allahabad 06.2013 - 05.2015
Bachelor of Technology - Electronics and Communication Engineering
Guru Gobind Singh Indraprastha University
08.2009 - 05.2013
Skills
SAP Segregation of Duties
SOC1 (SSAE 16 / ISAE 3402)AICPA Trust Service PrinciplesRisk ManagementInformation Security ManagementData PrivacyData Loss PreventionCertification
Certified Information Systems Security Professional (CISSP®), Certificate Number: 570027
Additional Information
- Received 6 Extra Miler Award and On-site Recognition for extraordinary performance in EY GDS
- Received 2 Spot Awards for exceptional client service during service with Grant Thronton
- Received 4 Spot Awards for exceptional client service during 3 years of service with EY LLP
- Anchor in RoboGear, Robotics club with Infosys
- Co-ordinator in Techhive, Bcognizance, e-magazine in IIITA, Nov’13 and April ‘14
- Volunteer in “COLDFIRE”, Effervescence MM13 Fest, IIITA
- Senior member of ‘TECHNICAL SOCIETY OF GTBIT’ core team
Timeline
Certified Information Systems Security Professional (CISSP®), Certificate Number: 570027
01-2020
Senior Consultant
EY GDS India LLP
07.2019 - Current
Assistant Manager
Grant Thornton India LLP
12.2018 - 07.2019
DSCI Certified Privacy Lead Assessor (DCPLA)
12-2017
Consultant
Ernst and Young LLP
01.2016 - 12.2018
Information Security Engineer
Infosys Limited
06.2015 - 01.2016
Certified Ethical Hacker (CEH) , Certificate Number: ECC64631733711
01-2015
Intern
Mahindra Special Services Group
06.2014 - 07.2014
ISMS Lead Auditor (ISO/ IEC 27001), BSI India : ENR-00106025
01-2014
Master of Science - Cyber Law and Information Security
Indian Institute of Information Technology
06.2013 - 05.2015
Bachelor of Technology - Electronics and Communication Engineering
Guru Gobind Singh Indraprastha University
08.2009 - 05.2013