Summary
Overview
Work History
Education
Skills
Accomplishments
Timeline
Generic

Pranav Mangla

Mumbai,

Summary

Experienced IT Auditor with 6 years of expertise in performing and managing IT Internal and External Audit projects. Specializes in IT-SOX, financial audit support, Third Party Assurance (SOC1, SOC2, SOC2+), and readiness assessments. Adept at working with various industries including Technology, Media and Telecommunications (TMT), IT-enabled Services (ITeS), Healthcare, and Fintech for both domestic and international clients. Skilled in evaluating IT risks in software environments and implementing effective solutions to mitigate those risks.

Overview

6
6
years of professional experience

Work History

Senior IT Auditor

Cornerstone Ondemand
Mumbai
03.2022 - Current
  • Audit and Compliance Expertise: Conducted SSAE 18 SOC1/SOC2 control testing for identified security controls across five products, providing evidence to external auditors as listed in the PBC. Conducted process audits, identified new controls, and updated test procedures to effectively mitigate identified risks.
  • Cloud Security & Infrastructure Audits: Reviewed and tested ITGC controls related to change and access management around Bitbucket and GitHub, and access controls for Jenkins, which is used for creating automated pipelines for continuous deployments. Audited AWS, GCP, and Azure infrastructures, identifying and supporting the mitigation of various risks associated with cloud environments.
  • CICD & System Reliability Engineering: Reviewed Continuous Integration and Continuous Deployment (CICD) code promotions using Bitbucket code repository to production environments. Monitored System Reliability Engineering (SRE) controls related to backup, incident management, patch and vulnerability management, and network access controls.
  • Automation & Process Improvements: Led a project to fully automate Bitbucket access management via SailPoint, reducing logical access-related compliance issues by 10%.
  • Domain Validation in AWS: Reviewed and validated critical configurations for new domains in AWS, including external scans, password policies, anti-malware settings, and Splunk logging, ensuring compliance with security and compliance requirements.
  • M&A Integration: Integrated legacy controls of a newly acquired entity with the Cornerstone compliance framework and led implementation of high-risk areas for SOC compliance.
  • GCP & MLP Controls Implementation: Led a team to validate and implement RCSA controls for MLP in GCP, including asset review, IAM review, anonymization processes, release management, tools access review, installation qualification processes, and health-check monitoring, etc.
  • Compliance and Gap Assessments: Performed gap assessments of all in-scope products against PCI DSS v4 requirements. Led the implementation of a customer termination process to automate notification, review, deletion, and documentation, coordinating with teams involved to ensure continuous monitoring of critical gaps.
  • Domain Management & Production Access: Led the effort to implement a separate production domain for a newly acquired entity, automating the entire production access via SailPoint/Okta AD groups.
  • Technical Proficiency & Tool Usage: Extensive experience working with tools like Splunk for log management and reporting, SailPoint for identity and access management, and supporting tools like Jira, Wiki, and Confluence.

Consultant

Deloitte Touché Tohmatsu India LLP
Hyderabad
05.2020 - 02.2022
  • Performed risk-based audits of general IT controls and application controls covering Access management, change management, Job scheduling and Datacenter Operations, Business cycle controls, Interfaces, IPEs/IUCs (key reports testing)
  • Led and managed multiple SOC 2, SOC2+ Type I and Type II (SSAE16/ SSAE18) engagements for leading IT industries and product-based (SaaS) companies with multi/hybrid cloud infrastructure environment
    Assisted clients in designing and formulating controls to minimize IT risk on confidentiality, availability, and integrity of business information
  • Collaborated with the Deloitte US team and performed a virtualization audit for one of the largest life insurance companies in North America.
  • Completed a domestic medium-term secondment to perform an IT General Controls review for multiple IT Internal SOX engagements for Fortune 500 clients of Deloitte US.
  • Responsible for the entire lifecycle of audits, coordinating with clients, performing IT process walkthroughs, identifying risks, control mapping with different frameworks, controls rationalization, conducting and supervising fieldwork, documentation, drafting and discussing observations, identifying risk-mitigating controls, preparing final deliverables, coaching junior team members, and managing the project from planning stage to the reporting stage.

Analyst

KPMG Global Services Private Limited
Bengaluru
09.2018 - 04.2020
  • Performed testing of Design and Operating effectiveness of company-wide control environment, IT General Controls (ITGC), Business processes, and automated controls for multiple SOC1, SOC2 and SOX 404 engagements for clients of KPMG US
  • Responsible for building relationships with onshore counter teams of KPMG US and settings expectations and timelines to ensure high quality and value-driven deliverables
  • Other responsibilities included project planning, budgeting, tracking, and coaching junior team members

Education

Bachelor of Technology - Electronics And Communication Engineering

SRM University
Chennai, India
05-2018

Skills

  • Frameworks: COSO, SOX, SSAE16/ SSAE 18, GDPR and PCI DSS
  • Cloud and Virtualization Platforms: AWS, GCP Azure, KVM etc
  • ITGC Audit/Cloud Security audit
  • SOC2/SOC2 Readiness assessments

Accomplishments

  • Awarded the ‘Cornerstone Achievement Bonus’ for consistently upholding Cornerstone values in 2023.
  • Honored with the ‘Move the Dot-Individual’ award for two consecutive quarters, recognizing exceptional performance and significant contributions at Deloitte.
  • Received multiple ‘Walk the Dot-Team’ accolades for demonstrating client-centric and collaborative values at Deloitte.

Timeline

Senior IT Auditor

Cornerstone Ondemand
03.2022 - Current

Consultant

Deloitte Touché Tohmatsu India LLP
05.2020 - 02.2022

Analyst

KPMG Global Services Private Limited
09.2018 - 04.2020

Bachelor of Technology - Electronics And Communication Engineering

SRM University

Similar Profiles

  • Ketan Tambe

    Ketan TambeKetan Tambe

    Senior Customer Success Manager at Cornerstone OnDemandSenior Customer Success Manager at Cornerstone OnDemand

  • Sam Kalin

    Sam KalinSam Kalin

    Regional Vice President of Sales | Enterprise Account Management at Cornerstone OnDemandRegional Vice President of Sales | Enterprise Account Management at Cornerstone OnDemand

  • Saurabh Wadekar

    Saurabh WadekarSaurabh Wadekar

    Junior QA Engineer at Cornerstone OnDemandJunior QA Engineer at Cornerstone OnDemand

  • CHIHIRO OHTOMO

    CHIHIRO OHTOMOCHIHIRO OHTOMO

    Regional Sales Manager at Cornerstone OndemandRegional Sales Manager at Cornerstone Ondemand

  • MUYIDEEN LABAIKA

    MUYIDEEN LABAIKAMUYIDEEN LABAIKA

    Senior IT Auditor at Southern Internal Audit PartnershipSenior IT Auditor at Southern Internal Audit Partnership

CREATE PROFILE
Pranav Mangla