Summary
Overview
Work History
Education
Skills
Certification
Areas of Expertise
Industry Experience
Hi, I’m

Nishant Juneja

CISSP, CISA
Bengaluru,Karnataka
Nishant Juneja

Summary

IT professional with 8+ years' experience specializing in IT Audits, SOX, ITGC, Cyber Security, and Identity and Access Management. Recognized for client-centric focus and adept stakeholder, project, and resource management. Skilled in requirement gathering, policy design, and implementing policy and program changes. Expertise includes fostering positive work cultures, managing audits, and providing strategic recommendations. Strong organizational, communication, and presentation skills contribute to successful project outcomes.

Overview

8
years of professional experience
3
Certifications

Work History

DELOITTE - US OFFICE OF INDIA
Bengaluru

Advisory Manager
11.2021 - Current

Job overview

  • Deloitte US Integration:
    • Collaborated with Deloitte US leadership to seamlessly integrate Deloitte USI across various stages of opportunities.
    • Optimized USI integration based on engagement needs, ensuring KPIs such as net revenue, cost, bill rate, and margins were within approved limits.
  • Audit Leadership:
    • Successfully led SOX readiness, internal/external IT audits, and cyber maturity assessments for clients across industries.
    • Managed a team of 20 professionals, including 5 seniors, ensuring timely and quality delivery.
  • Stakeholder Relationship Management:
    • Built and maintained strong relationships with internal and external stakeholders, fostering collaboration with leadership, business, and IT personnel.
  • Positive Work Culture:
    • Established a positive work culture emphasizing teamwork, open communication, mutual respect, and recognition.
    • Provided support, resources, and feedback to empower the team, fostering excellence in their roles.
  • Key Engagements:
    • Global Safety Certification Company: Coordinated a global SOX 404 assessment, ensuring the design and implementation of internal SOX controls for in-scope applications and infrastructure.
    • National Car Retailer and E-commerce Company: Executed review and independent testing of controls, determining the strategy for testing internal controls in a national car retailer and e-commerce company.
    • Multinational Life Science Technology Company: Spearheaded key initiatives for SOC1 and SOX external audits, crafting a reliance strategy for a first-year client. Ensured seamless integration of internal controls, fortifying the control environment, and establishing a foundation for ongoing compliance.
    • Multinational Health Care Company: Managed multiple SOC1 and SOC2 reporting efforts, overseeing rigorous assessments to meet stringent regulatory requirements. Leveraged in-depth healthcare compliance knowledge to contribute significantly to robust control environments, addressing unique industry challenges.

VIATRIS PHARMACEUTICALS (FORMERLY MYLAN)
Bengaluru

Assistant Manager
10.2019 - 11.2021

Job overview

  • Managed a 2-person Audit Compliance team for external and internal audits.
  • Led a 4-person Major Incident team in a 24*7 model for P1 and P2 incidents.
  • Led a 2-person Problem team for reactive and proactive problems.
  • Led a 3-person Change Advisory team for all IT-related changes and chaired the weekly CAB.
  • Mentored new hires in IT Compliance and provided training on audit testing and compliance.
  • Demonstrated a strong executive presence in meetings to enhance awareness and improve compliance controls and programs.
  • Built and maintained strong relationships with Senior Leadership, IT Staff, and peers.
  • Scaled up major incident and problem management teams.
  • Received appreciation from the CIO for excellent management of IFC audit with zero reported observations compared to previous years.
  • Compliance Expertise:
    • Demonstrated subject matter expertise in various compliance areas including SOX, NIST, ISO 27001, and ITIL.
  • Audit Planning and Remediation:
    • Assisted IT Internal Audit in annual planning, revision of RCM, and audit calendar.
    • Played a key role in the disclosure and remediation of significant deficiencies to management.
  • ITGC Applicability and Reviews:
    • Assisted in the initial application and infrastructure assessment for ITGC applicability.
    • Facilitated User Access Reviews for IT SOX applications.
  • Automation Initiatives:
    • Contributed to the automation of ITGC controls, including user termination, access reviews, password control, and privileged access reviews.
    • Played a crucial role in automating the SAP termination process, reducing reported termination observations.
  • Compliance Framework Development:
    • Developed an organization wide KPI/KRI IT Compliance Framework based on ISO 27001 and NIST 800-53.
    • Enabled the reporting of information security risk and compliance metrics to leadership.
  • Identity and Access Management Roadmap:
    • Developed a roadmap for maturing identity and access management processes.
    • Revised global access management SOP, improved AD processes, automated self-service requests, and upgraded CyberArk.

ERNST & YOUNG LLP
Gurgaon

Consultant
07.2019 - 10.2019

Job overview

  • Managed a 4-person audit team, overseeing resource allocation and time utilization.
  • Conducted thorough testing of IT General Controls to assess design and operating effectiveness.
  • Ensured the reliability of data generated by IT systems through rigorous assessments.
  • Provided comprehensive remediation and mitigation plans to address audit observations to the management team.

DELOITTE TOUCHE TOHMATSU INDIA LLP
Gurgaon

Assistant manager
08.2015 - 07.2019

Job overview

  • Coordinated a global SOX 404 Assessment, ensuring the design and implementation of internal SOX controls for in-scope applications and infrastructure.
  • Managed a 5-person audit team within the core team, ensuring optimal resource and time utilization.
  • Developed audit plans, delegated assignments, and monitored staff performance, implementing best practice improvements.
  • Executed review and independent testing of controls, determining the strategy for testing internal controls.
  • Prepared comprehensive audit reports detailing results and provided recommendations for remediation post-risk mitigation.
  • Conducted follow-up reviews of corrective action plans to ensure effectiveness.
  • Other Key Engagements:
    • Cyber Security Maturity Assessment - Multinational IT Company
    Comprehensive Cyber Security Review:
    o Reviewed the client’s current-state policies, procedures, administration, and governance of the entire cybersecurity landscape based on ISO and NIST frameworks.
    o Areas assessed included asset management, identity and access management, network security, business continuity management, and data protection.
    o Conducted weekly stakeholder meetings and bi-weekly steering committee meetings to discuss assessment progress with relevant stakeholders.
    o Provided maturity ratings for all processes based on the current state assessment and evidence review, followed by strategic recommendations.
    • Identity and Access Management Assessment - Multinational Insurance & Oil & Gas Companies
    Thorough IdAM Landscape Review:
    o Reviewed client’s policies, procedures, administration, and governance of the entire Identity and Access Management (IdAM) landscape.
    o Areas covered included user lifecycle management, identity governance, authentication & authorization mechanisms, role management, and more.
    o Aggregated detailed observations, preparing weekly decks for client sharing.
    o Developed a future strategy defining the target state model with revised policies, processes, administration, and governance capabilities.
    • ISO 27001 Compliance Gap Assessment - National Oil & Gas Manufacturing Company
    ISO 27001 Landscape Review:
    o Reviewed and audited the client’s current-state policies, procedures, administration, and governance of the complete information security landscape.
    o Provided recommendations in the form of a roadmap, encompassing policy, program, and project initiatives.
    o Assisted the Compliance leader in training employees on information security policies and procedures.

Education

Narsee Monjee Institute of Management Studies
Bengaluru, Karnataka

Executive MBA
06.2021 - 2023.04

Jaypee Institute of Information Technology
Noida, Uttar Pradesh

B.Tech. from Computer Science Engineering
06.2011 - 2015.06

Skills

Strong People Skills

undefined

Certification

Certified Information Systems Security Professional (CISSP)

Areas of Expertise

• SOX Compliance
• Information Security
• Risk Management
• Internal Controls Auditing
• Identity & Privilege Access Management
• Cyber Maturity Assessments
• IT General Controls (ITGC)
• IT Automated Controls

Industry Experience

• Life Science and Healthcare

• Insurance

• Manufacturing

• Technology Media and Telecommunication

• Consumer

• Oil & Gas

Similar Profiles

CREATE PROFILE
Nishant JunejaCISSP, CISA