Shibani Kapoor
Digital Risk Consultant
Gurugram
Summary
Results-oriented Senior Consultant with extensive experience in IT risk management, audit, and compliance. Proven ability to manage complex digital transformation and technology risk initiatives across diverse sectors and geographies. Skilled in delivering IT internal/external audits, SOX 404 compliance, ICFR, SOC 1/2 reporting, and cybersecurity assessments for global clients.
Overview
9
9
years of professional experience
7
7
years of post-secondary education
2
2
Certifications
Work History
Senior Consultant
Ernst & Young LLP
Gurugram
10.2023 - Current
- Managed high-impact FAIT and internal audit engagements across UAE, Egypt, US, UK, Canada, South Africa, Singapore, and India, leading teams of 5–8 members and delivering comprehensive IT risk assurance
- Managed complete delivery lifecycle for Internal and External audits, covering internal audits, statutory audits, and remediation planning—serving as a single point of contact for client stakeholders and senior leadership
- Managed SOX 404 compliance programs for Fortune 500 clients, aligning with auditors, SOX compliance leads, and CTOs to execute ITGC, ITAC, IPE, and remediation testing
- Executed IT General Control reviews (ITGC) and configuration testing for SAP, Oracle and legacy in-house systems as part of financial audit support across healthcare, agrochemicals, manufacturing and banking and insurance
- Assessed and validated application and IT-dependent controls (ITAC) across finance, procurement, payroll, and other modules—enhancing automation and reducing reliance on manual testing
- Performed SOD and user access reviews (UAR), and supported RACM design and risk mapping across critical systems and processes
- Managed internal audits covering IT operations, data center governance, IT asset lifecycle, disaster recovery, cloud environments, and third-party/vendor risk
- Oversaw access control testing and remediation, including privileged access reviews and policy compliance checks via tools like SAP GRC, ServiceNow, CyberArk, and Archer
- Validated backup procedures, disaster recovery controls, and job scheduling logs (e.g., SAP SM36/SM37), ensuring alignment with business continuity protocols
- Led cross-industry audit trail compliance initiatives across India, providing strategic oversight and expert guidance to client teams on remediation efforts, while ensuring full adherence to evolving regulatory frameworks and industry standards
- Planned and delivered client-centric PMO activities, including resource planning, budgeting, documentation tracking, and audit issue management
- Presented dashboards and risk intelligence to leadership teams, facilitating CTO-level insights and actionable remediation strategies
- Contributed to successful proposal development and RFP responses, helping secure new clients and drive account growth across key sectors
- Received recognition a Business Extraordinaire Award (Q1 2024) for high-quality work that adds value for all stakeholders
- Promoted normatively from Associate Consultant to Senior Consultant 2 within 4+ years for consistent performance, technical depth, and early leadership demonstration
Team Lead – Operational Analysis
Compare & Connect
Melbourne
10.2016 - 04.2021
- Planned, coordinated, and directed quality assurance programs; formulated and implemented quality control policies
- Conducted compliance audits in collaboration with the Training Manager to assess and improve the handling of customer complaints
- Maintained and analyzed compliance data from the Compliance Manager portal to support strategic goal setting
- Managed and mentored a team of 10–15 members as part of KPI-driven leadership responsibilities
Education
Master of Professional Accounting -
Kaplan University
Melbourne, Australia 01.2016 - 01.2017
MBA - Accounting
Deakin University
Melbourne, Australia 04.2014 - 01.2016
Bachelor of Arts - Economics
Delhi University
New Delhi, India 01.2011 - 01.2014
Senior Secondary -
St. Mary’s School
New Delhi, India 01.2010 - 03.2011
Skills
- Financial Audit IT Integration (FAIT)
- Internal Controls over Financial Reporting (ICFR)
- 11G Audit Trail Compliance
- SOX 404 Compliance & Remediation
- Cybersecurity Risk Assessments & Control Reviews
- Operating System & Database Security Configuration Reviews
- SDLC & Change Management Reviews
- Vendor & Third-Party Governance Reviews
- Regulatory Compliance (ISO/IEC 27001, NIST, COBIT)
- General Controls (ITGC) – Internal & External Audit
- IT Application Controls (ITAC), Key Report Testing & IPE Review
- IT Risk Management, Risk Register & RACM Development
- Policy & Procedure Review (IT, Security, Governance)
- Backup Management & Disaster Recovery Testing
- IT Risk Management, Governance and Compliance
Consulting
Certification
ISO 27001 – Certified
Professional Expertise
- Financial Audit IT Integration (FAIT)
- Internal Controls over Financial Reporting (ICFR)
- 11G Audit Trail Compliance
- SOX 404 Compliance & Remediation
- Cybersecurity Risk Assessments & Control Reviews
- Operating System & Database Security Configuration Reviews
- SDLC & Change Management Reviews
- Vendor & Third-Party Governance Reviews
- Regulatory Compliance (ISO/IEC 27001, NIST, COBIT)
- General Controls (ITGC) – Internal & External Audit
- IT Application Controls (ITAC), Key Report Testing & IPE Review
- IT Risk Management, Risk Register & RACM Development
- Policy & Procedure Review (IT, Security, Governance)
- Backup Management & Disaster Recovery Testing
- IT Risk Management, Governance and Compliance
Timeline
Senior Consultant
Ernst & Young LLP
10.2023 - Current
Team Lead – Operational Analysis
Compare & Connect
10.2016 - 04.2021
Master of Professional Accounting -
Kaplan University
01.2016 - 01.2017
MBA - Accounting
Deakin University
04.2014 - 01.2016
Bachelor of Arts - Economics
Delhi University
01.2011 - 01.2014
Senior Secondary -
St. Mary’s School
01.2010 - 03.2011
Similar Profiles
Anagha AsokAnagha Asok
Project Coordinator at Ernst & Young LLPProject Coordinator at Ernst & Young LLP
Sneha ParalikarSneha Paralikar
Senior Consultant at Ernst & Young LLPSenior Consultant at Ernst & Young LLP
Vernon AndrewsVernon Andrews
Senior Cybersecurity Analyst at Ernst & Young LLPSenior Cybersecurity Analyst at Ernst & Young LLP
Ashish ChandraAshish Chandra
Commercial Order Creation Manager at Orange BusinessCommercial Order Creation Manager at Orange Business
Megha TanwarMegha Tanwar
HR Manager at Varank Tech Private Limited (Formerly Verchaska Infotech)HR Manager at Varank Tech Private Limited (Formerly Verchaska Infotech)