Uma Mahesh

IT Auditor

Chennai,TN

Summary

IT Auditor with 4+ years of experience in ITGC, SOX 404, ISO 27001, SOC 2, and GRC audits across large enterprise environments. Hands-on experience in access management, change management, IAM, BCP/DR, patch management, and third-party risk management (TPRM). Strong exposure to COSO, COBIT, NIST frameworks, control testing (TOD/TOE), audit documentation, and stakeholder coordination.

Overview

years of professional experience

Languages

Work History

Senior Consultant

LTIMindtree

08.2024 - 08.2025

Performed vendor SOC report reviews and executed gap analysis against internal control requirements.
Supported third-party onboarding risk assessments and validated risk treatment plans and remediation timelines.
Performed SOX 404 compliance audits and ensured timely completion and submission of quarterly audit deliverables.
Identified control deficiencies, assessed inherent and residual risk, and supported risk rating and prioritization.
Conducted third-party risk assessments, including TPRM framework execution, vendor risk evaluations, and remediation tracking.
Performed ISO 27001 ISMS, SOC 2 Type II, PCI DSS, and security controls audits.
Assessed BCP/DR controls, participated in DR simulations, and validated RTO/RPO compliance.
Collaborated with IT, security, and business stakeholders to drive remediation and closure of audit findings across enterprise environments.

IT Audit Analyst

Intenso Tech Solution Pvt Ltd

02.2021 - 07.2024

Performed end-to-end IT audits from planning to fieldwork, reporting, and follow-up.
Executed ITGC audits covering access management, change management, backup & recovery, job scheduling, patch management, and SDLC controls.
Tested application controls including input validation, authorization, processing, and output integrity for business-critical applications.
Planned and performed control testing using Test of Design (TOD) and Test of Operating Effectiveness (TOE) methodologies.
Conducted IAM audits including user access reviews, privileged access, segregation of duties (SOD) analysis, MFA, and recertification cycles.
Conducted risk-based audit scoping and control walkthroughs to validate control design and risk coverage across IT processes.
Evaluated logical access provisioning workflows, including user onboarding/offboarding, access approvals, and periodic access recertifications.
Prepared audit workpapers, reports, and dashboards, collaborating with IT and business stakeholders to close audit findings.
Assist in planning and scoping IT audits by documenting risks and key control areas.
Perform ITGC testing (user access, change management, backup & recovery, patch management).
Conduct application control testing including input validation, authorization, and output integrity.
Support identity and access management (IAM) reviews, including onboarding/offboarding and segregation of duties checks.
Prepare and maintain audit workpapers, evidence logs, and compliance documentation.
Participate in vendor SOC report reviews and highlight gaps against internal requirements.
Collaborate with IT and business teams to collect audit evidence and track remediation activities.
Draft audit observations and reports for review by senior auditors.

Education

Bachelor of Science (B. Sc) - Computer

Carlox Teacher University

Gujrat

Skills

IT Audit & Compliance: ITGC, ITAC, SOX 404, ISO 27001 (ISMS), SOC 1 / SOC 2, PCI DSS

Risk & GRC: GRC, Risk Assessment, TPRM, Control Testing (TOD / TOE)

Security Controls: IAM, PAM, SOD, Vulnerability & Patch Management, Network & Security Controls

BCP / DR: Business Continuity, Disaster Recovery, RTO / RPO Validation

Frameworks: COSO, COBIT, NIST,ISO 27001

Tools: Archer GRC, SAP (Access & SOD), Salesforce, Excel,Audit Tools

IT Audit, ITGC, ITAC

SOX 404 Compliance , SOC 2

ISO 27001 / ISMS

GRC, Archer GRC

IAM Audits

BCP / DR COSO, COBIT, NIST , TPRM, PCI DSS,

Risk Assessment Access Management Change Management IT Operations

Timeline