Sneha Paralikar

• Led multiple IT regulatory audit engagements wherein her responsibilities included planning audit activities, leading client walkthroughs, reporting periodic statuses, reviewing and testing design and effectiveness of controls, documenting evidences, communicating audit findings and preparing the final audit report.
• Helped IT teams remediate numerous high risk external IT audit observations across a wide variety of control domains and applications contributing to the improvement in the banks overall IT compliance posture. Her daily activities included understanding remediation requirements for observations, liaising with multiple IT stakeholders to deduce implementation feasibility and timelines while also reviewing and presenting action plans and implementation evidence to the auditors.
• Delivered end-to-end Technology Risk Management projects, including Third-Party Risk Assessments, Business Continuity Planning, and Incident Management, aligning with ISO, COBIT, and COSO frameworks. Developed an IT Maturity Framework in-line with these regulations as part of a project.
• Supported ISO 27001 audits for clients by assisting in evidence collection, control walkthroughs, and gap assessments across ISMS domains, contributing to successful certification and compliance outcomes.
• Conducted internal control testing for ITGCs and ITACs and reviewed SOC 1 & SOC 2 reports to ensure SOX compliance. Identified and implemented 15+ control improvements through Audit Committee engagements.
• Recognized as a top performer, awarded 'EY Kudos' and 'Client Extraordinaire' for excellence in audit delivery and client service.
• Spearheaded teams of 2–3 associates, providing mentorship, technical training, and performance coaching.
• Supported business development through RFP responses, technical proposal writing, and client presentations.
• Contributed to EY Ripples sustainability initiatives.

Key Project: Information Security & Vendor Risk Assessments

• Conducted 100+ Third-Party Information Security Risk Assessments for global and domestic banking clients.
• Performed remote and onsite assessments, collaborated with cross-functional teams, and ensured timely closure of identified gaps.
• Reviewed vendor documentation (policies, procedures, controls) and assessed design and operational effectiveness of third-party security controls.
• Led and trained cross-border teams including new hires and international assessors; supervised delivery quality and client communications.
• Delivered 15+ onsite assessments, reviewed security frameworks, and ensured alignment with RBI and global standards.
• Designed and implemented IT Outsourcing Frameworks for multiple financial institutions, including supporting templates and top-management presentations, aligned with RBI Master Directions.

• Conducted over 40 Information Security Vendor Risk Assessments for an international banking client, applying extensive knowledge of ISO 27001 domains to ensure compliance and mitigate security risks.
• Provided process training to new team members, enhancing overall team capability and fostering a culture of continuous learning in information security practices.
• Developed a strong understanding of Information Security and Business Continuity Management (BCM) concepts, contributing to the establishment of robust risk management frameworks.
• Collaborated with finance sector clients on SCD Reviews, Process Risk Assessments, Compliance Audits, and Application Security Audits, ensuring adherence to regulatory requirements and best practices.
• Gained hands-on experience in security auditing across Governance, Risk, and IT Controls (GITC), effectively identifying and addressing vulnerabilities within client environments.
• Performed both manual and automated web application security reviews and penetration testing of internal and external networks, utilizing tools such as Nessus and Nmap to assess and strengthen security postures.