Saurav Nath

SOC2 and SOC3

• Led SOC 2 and SOC 3 audits for various sectors, ensuring compliance with AICPA guidelines for Confidentiality, Integrity, and Availability.
• Mapped controls to COSO framework and AICPA Points of Focus to align with audit requirements.
• Monitored and implemented AICPA updates to maintain compliance with attestation bodies.
• Managed the end-to-end audit lifecycle, including client onboarding, risk assessment, execution, and reporting.
• Guided junior auditors in preparing accurate and effective audit workpapers.
• Managed audit complexities during system migrations (Workday, eSSL, Palo Alto systems).
• Mapped CUEC for cloud service providers, aligning client and vendor controls for SOC 2/SOC 3 compliance.

FAIT Audits

• Conducted FAIT Audits for clients from Technology & Aviation sector.
• Performed an assessment on the design and operating effectiveness of the ITGCs covering Manage Change, Manage Access, Backup, Operations Job Scheduling, Problem management, Incident Management etc.
• Performed testing of automated application controls for various ERP systems like Oracle ERP Cloud, Microsoft Dynamics 365, Oracle EBS etc for business process like P2P, O2C, Fixed Assets, Inventory etc.

SOC1 / SSAE 18 and ISAE 3402 Audit

• Led SOC 1 and ISAE 3402 dual opinion audits, assessing internal controls for financial reporting and operations.
• Evaluated logical security, patch management, and network controls to safeguard sensitive data and ensure system integrity.
• Reviewed change management, incident management, and backup processes for effective risk mitigation and business continuity.
• Audited configuration and operations job management to ensure system performance supports financial reporting.
• Developed and applied testing approaches to restore servers, validating decommissioned systems during the audit period.
• Provided actionable recommendations to enhance control design and effectiveness, ensuring industry compliance.
• Experience in handling various OS types (AIX, Windows, Linux, Solaris, mainframe datasets etc) for logical security controls like Default credential settings, Account password security settings etc

Conducted comprehensive risk assessments, mitigating potential compliance issues proactively.

• Oversaw corrective action plans in response to audit findings, ensuring timely resolution of identified issues.
• Conducted user access review and reconciliation of users having administrative access to iPay application and responsible for suggesting corrective action plans.
• Responsible for implementing role based access provisioning to the applications.
• Responsible for drafting the user access management and password security policy.

• Assisted with internal and external audits to confirm compliance with applicable laws and regulations.
• Managed relationships with regulators, maintaining open lines of communication to ensure transparent operations.
• Performed periodic client due diligence and vendor risk assessment
• Files STRs (Suspicious transaction reports) and high value cash transaction report for AUSTRAC & MAS

• Conducted thorough investigations for suspicious transactions, reducing financial risks and potential losses in NA, EU and IN market places
• Collaborated with cross-functional teams to improve fraud detection strategies and minimize organizational risk exposure by utilizing techniques like IP spoofing, ID theft, Family frauds, identify abuse patterns etc
• Implemented targeted training programs to enhance staff knowledge on fraud prevention best practices.
• Prevented significant financial losses by identifying high-risk accounts and initiating appropriate countermeasures.