SHANIL LODHA

• As Program Manager for SOX controls Performing SOX testing for different platforms for various controls mentioned as part of ITGC SOX
• Providing data to audit about the tests performed as external auditors place reliance on our control testing effort which:
  (a)Enforces managements trust on its control environment
  (b)Ensures timely and accurate reporting of financial statements and disclosures
  (c)Reduces audit costs and improves reliability on our independent testing
  

• Break Management – Drive meetings with AD Managers to ensure Control breaks generated, post assessments, need to have remedies (allow/fix) within 30 days.

• Resolve ITRC tool issue – Liaise with support teams to resolve ITRC functionality issue.

• Generate Metrics – Create reports to show adherence to monthly assessment targets and issue management compliance

• Interacted with business executives to identify requirements and created project scopes to help meet objective
• User Access Recertification – to ensure terminated/transferred employees do not have access to apps and access levels of current users are certified by managers & app owners
• Functional ids/ privileged ids/group accounts with non-expiring passwords have adequate controls ; Emergency/ Break-glass ids are on boarded to EPV (Enterprise Password Vault)
• Access recertification and revocation leveraging various in house and external vendor applications

• Manage Post Recertification Activities for approximately 1100 applications across all lines of businesses.
  We have been working with the ISO 27001 frame work and controls procedure to perform Risk assessments and mitigation activity in an ISMS implementation environment.
  

• Experienced in team handling, Account /client Management & Delivery, client engagement.Understanding the Business, Risk and controls tested in order to assess the control environment.

• Perform RCA (Root cause analysis) on exceptions arising out of the quarterly recertification activities and handle revokes in an appropriate & timely manner.

• Primary focus on recertification of SOX/SOC1, PWC and MAS audit related applications which are time critical and sensitive.

• As part of technology drives we Develop information security awareness strategies and conduct awareness raising activities and trainings recently being DLP.

• As part of regulatory and audit requirements I ensure we have appropriate and valid supporting documents evidenced on SharePoint and/or Automated Tools.

• Periodically perform testing over Automated Recon tools and contribute to tool enhancements, with a goal to reduce issue occurrence and recurrence.

• As part of the automation agenda, lead the RSAM tool access provisioning migration project. I successfully migrated over 600 applications. We are extensively utilizing API‘s for revoke automations as well.

• Conduct Periodical 1-1 constructive meetings with team members togather feedback, discuss process uplift, areas of Opportunities and any concerns.
Perform UAT testing for recertification automation tools and Dashboards.

• To analyze and proactively address further modification / enhancement of Application Re- integrations activity.

• Assess scope for introduction of RPA (Robotics process Automation) over revocation and Reconciliation activity.

• As part of Technology Controls Employee Engagement Team, I have coordinated various programs, activities (games)
and volunteering events which have been appreciated by senior management. We make sure we have such engagements once in 2 months and/or during special occasions.

• Conducting Risk awareness sessions on topics like DLP, phishing etc to the all the employees in JPMC

• Approver updates on DB access managed applications and primary account request systems
• Responsible for collection of AD data from various domain controllers which are then used in processing of Compliance report card every month
• Responsible for facilitating internal and external audits from a
  recertification perspective
• Responsible for issue resolution related to Global Recertification Web Engine (GRWE) and IRIS request system
• As part of the training committee ensure knowledge transfer trainings and sessions for the consultants