Sathyaraj P

Sathya has over 10+years of experience in Information Systems Audit, IT General Controls, Business Process controls, Risk Assessment and Cyber Security across Financial Service and technology sectors.

Performing various General IT Controls for several engagements (Financial Service and Consumer Industry). Specialized in Audit activities covering below:

• Access Security: Generic/Vendor default accounts, Password Settings, User Privilege Access, User Provisioning and De-provisioning, User Access Review and IT Segregation of Duties.
• Change Management: Approval, Testing and Review
• Data Center and Network Operations: Physical Access to Data center (Access & Review), Batch Job (Monitoring, Scheduling, Scheduler Access) and Back Up (Schedule, Monitoring, Access, Storage and Restore)
• Led the SOX compliance program for the Financial Service clients by providing support in all below areas

- IT Application scoping and de-scoping

- Testing Strategies and Test Plans

- End of year SOX assessments

- Operating Effectiveness Testing

- Issue Management

• Led a critical project on formalizing a blueprint to address a significant deficiency on toxic developer access to production.
• Performed independent reviews on application controls and functionality testing including processes for data entry, data transfer mechanisms, transaction security controls and interface controls.
• Performed SOC1 (covering SSAE 16 and ISAE 3402), SOC2 (SSAE 18) audits and deliver reports in accordance with AICPA standards for Banking and Captial Markets and Technology industries.
• Comprehensive experience in assessments and implementation across various business units for compliance to multiple industry standards, ISO 27001, ISO 9001, CMMI L3 and PCI DSS

❖ Sathyaraj led a team of consultants for execution of SOX ITGC testing and has performed QA reviews for SOX BP Testing across key business processes for a UK International telecommunication holding company. He is responsible for performing QA reviews of workpapers

❖ Adept at training internal users & customers on relevant SOX, ITGC, SOC1, SOC2 and ISMS procedures and best practices

ISO 27001:2013 implementation:
✓ Information Security Policy making considering risk as well as business objectives.
✓ Understanding the organizational process followed and making appropriate procedures.
✓ Proactive assessment and evaluation of IT risks.
✓ Suggesting controls when the risk faced is above the organizational risk acceptance criteria.
✓ Preparing KPI Metrics to provide management an overview on the effectiveness of implementation of various security measures.

✓ Worked as Lead and Sr. Information System Consultant
✓ Risk assessment of various projects, ITGC testing, HR, and Admin.
✓ Risk assessment in various stages of application development for compliance with the organization's policies, standards, procedures, and applicable external requirements.
✓ Evaluation of IT operations based on approved policies and procedures.
✓ Performed specific internal audits to determine whether information systems are protected, controlled, and provide value to the organization.
✓ Preparation of audit scope and managing external audits.
✓ Auditing network operating systems, IT general controls, ISMS standard controls and cloud security controls.

Health Checking: Servers Security Configurations are periodically checked in order to meet the security standards requested by the customer every month for vulnerabilities in OS, Applications and Sub-Systems using TSCM tool. For reported violation we raise CIRATS. Make sure that the environment is audit compliant in many different ways.

Patch Management: In this process we initiate the cycle of Patch up gradation on the various platforms like OS, Application and Sub-System. Once the latest patches are released, we investigate and obtain client approvals. After that we send it to the SSO team to be tested on the Test, Preproduction and then finally apply it on the Production servers.

ITGC Testing:

• Access Security: Generic/Vendor default accounts, Password Settings, User Privilege Access, User Provisioning and De-provisioning, User Access Review and IT Segregation of Duties.
• Change Management: Approval, Testing and Review
• Data Center and Network Operations: Physical Access to Data center (Access & Review), Batch Job (Monitoring, Scheduling, Scheduler Access) and Back Up (Schedule, Monitoring, Access, Storage and Restore)