Shah Mohammed Noaman Uddin

• Execute ITGC testing across Access Management, Change Management, Incident Management, and IT Operations.
• Conduct walkthroughs with application/business owners to document workflows and assess control design.
• Perform ToD/ToP testing and prepare supporting documentation, rationale, and audit evidence.
• Partner with external auditors for data collection, validation, and interpretation.
• Manage semi-annual user provisioning/termination reviews, privileged access assessments, and access certifications.
• Evaluate password policy enforcement, system configuration changes, and periodic review processes.
• Conduct ITGC audits for ERP applications and identify gaps requiring remediation.
• Prepare audit reports, recommend remediation steps, and track closure with stakeholders.
• Lead IT audit initiatives to identify, evaluate, and mitigate risks.

• Led ITGC audits covering provisioning, de-provisioning, re-certification, and change management.
• Strengthened access governance and ensured compliance with regulatory and security standards.
• Executed ERM-focused audits across onboarding/offboarding, background checks, and access management.
• Identified control gaps, recommended remediation actions, and presented findings to senior leadership.
• Evaluated compliance against MSAs, MBSAs, SOWs, and contracts with business/risk owners.
• Performed risk assessments and operational control reviews across enterprise processes.
• Conducted US regulatory audits (Reg E, Reg Z) and delivered governance dashboards (WBR/MBR).
• Oversaw information security and data privacy risk assessments.
• Collaborated with external auditors, supporting evidence validation and compliance reviews.
• Led a team of auditors, providing performance guidance and driving continuous improvement.

Access Management & ITGC Controls

• Performed access provisioning, modification, and de-provisioning testing for multiple applications.
• Ensured alignment of access processes with ITGC, audit, and compliance requirements.
• Managed evidence collection, user list maintenance, and pre-audit documentation.
• Conducted access reviews with development/tool owners and provided revocation and closure reports.

SOX & Internal Audits

• Performed SOX testing on SOWs, WOs, POs, and Master Agreements to support financial accuracy.
• Validated contract execution and system setup under ESAP and NWS policy frameworks.
• Identified audit exceptions, documented justifications, and tracked remediation actions.
• Conducted ServiceNow audits to assess ticket management and escalation adherence.
• Reviewed Time & Attendance (TNA) data for policy compliance and reported violations.
• Presented monthly/quarterly compliance reports to senior management.

• Conducted user access reviews for ~1000 applications using enterprise access tools.
• Identified and assessed emerging operational risks across business environments.
• Ensured monitoring and effectiveness of key controls, identifying gaps and proposing corrective actions.
• Supported user profile creation/modification for high-value payment applications.
• Processed access requests within SLA and ensured compliance with organizational policies.