Home

SaiRam A - IT Auditor/ RISK / SOX/IT Auditor / Information Technology Auditor IT Compliance Analyst GRC Analyst / GRC Consultant Risk Analyst / IT Risk Analyst Internal Auditor / IT Internal Auditor/ Audit Consultant IT SOX Compliance Analyst

[email protected]

Location: Raleigh, North Carolina, USA

Relocation: yes

Visa: H1B

Resume file: Sairam CISA_ IT_Audit_Resume_1769113712744.docx Please check the file(s) for viruses. Files are checked manually and then made available for download.

Sairam A (Certified Information Systems Auditor CISA) 484 297 6789 Senior Analyst IT/IS Controls Testing | Cybersecurity Controls | Operational Risk & SOX Compliance | GRC & Audit Assurance Professional Summary Results-oriented IT and Information Security Audit professional with overall 12+ years of experience, including 8 years experience driving ITGC, SOX (404), SOC1/SOC2, and cybersecurity controls across financial services and global consulting environments. Proven expertise in assessing design and operating effectiveness of IT and IS controls, performing cloud control evaluations (AWS/GCP), and executing end-to-end walkthroughs for Identity & Access Management (IAM), Change Management, Computer Operations, Incident Management, Encryption, and Log Management. Certified CISA with strong understanding of NIST 800-53, COBIT, ISO 27001, COSO, and ICFR. Highly skilled in GRC tools (Archer, ServiceNow) for risk documentation, issue management, and workflow automation. Core Competencies IT/IS Controls Testing, SOX, SOC1, SOC2 Audits (Type I & II), HIPAA & ITGC Reviews NIST, COBIT, COSO & ISO 27001 Frameworks Identity & Access Management (UAR, PAM, SoD) Change Management & SDLC Controls Cloud Controls (AWS, GCP) GRC Archer/ Service Now Reporting & Risk Documentation Control Design & Effectiveness Testing Third Party Risk Management (TPRM) Regulatory Compliance (FDCPA, SCRA, BSA/AML) RCSA & Risk Assessments Issue Management & Remediation Validation Incident Management, Logging & Monitoring Cross-functional Collaboration, Agile & Audit Lifecycle Knowledge Professional Experience USAA, San Antonio, TX | April 2024 Present Lead SOX 404 and cybersecurity controls testing across multiple in-scope applications, validating design and operating effectiveness of IAM, encryption, incident management, and vulnerability management controls. Perform end-to-end walkthroughs with control owners, identifying gaps across provisioning, de-provisioning, SoD conflicts, and privileged access workflows. Execute ITGC reviews aligned with NIST 800-53 and ISO 27001, ensuring compliance with regulatory and internal audit standards. Conducted third-party risk assessments for vendors and service providers by evaluating information security, IT controls, data privacy, and regulatory compliance using frameworks such as NIST, ISO 27001, and SOC reports. Document all evidence and testing in GRC Archer, ensuring traceability and audit readiness. Recommend process improvements that reduced repeat audit findings and improved control maturity. Evaluated PCI requirements related to user access management, privileged access, password policies, and audit logging to ensure compliance with PCI DSS standards. Support automation opportunities within testing procedures, enhancing efficiency during SOX cycles. Santander Bank, Quincy, MA | May 2023 March 2024 Executed ITGC testing for user access, SoD, logical security, change management, job scheduling, and backups across cloud and on-prem environments. Conducted cloud controls reviews (AWS/GCP) focusing on IAM, data protection, encryption, and change controls. Performed quarterly RCSAs, validating control design and risk ratings. Acted as SME for internal control implementation and risk mapping using Archer GRC. Identified control gaps early in the cycle, improving remediation efficiency and reducing review timelines. Collaborated with IT operations to standardize evidence collection and improve SOX documentation accuracy. Ernst & Young (EY), Hyderabad, India | 2021 2023 Led SOC1/SOC2 audits for global clients, testing logical access, change management, and data security controls. Conducted SOX 404 ITGC testing including access provisioning, password policy reviews, and change approval evaluations. Created Risk & Control Matrices (RCMs), mapped risks to controls, and supported the design of mitigation strategies. Managed remediation tracking and validation through GRC Archer, reducing open findings. Delivered audit reports and provided recommendations to enhance control design and governance structures. Wells Fargo, Hyderabad, India | 2017 2021 Performed SOX ITGC testing across key technology applications, focusing on access management and change control. Executed BSA/AML control testing, including KYC/Customer Identification Program reviews, transaction monitoring controls, suspicious activity escalation procedures, and OFAC screening validations. Assessed adherence to regulatory requirements under BSA/AML, evaluating the effectiveness of monitoring systems and red-flag identification processes. Conducted ITGC reviews for key SOX applications, including access management and change control. Developed audit programs prioritizing IT, operational, and regulatory risks, improving audit coverage and consistency. Coordinated with Compliance and Financial Crimes Investigation teams to ensure timely remediation of AML-related deficiencies. Wells Fargo, Hyderabad, India | 2012 2017 Assessed financial risk for mortgage loan underwriting through detailed borrower analysis. Ensured regulatory compliance in all lending decisions. Reviewed financial statements, tax records, and collateral documentation. Technical Skills GRC Tools: GRC Archer, ServiceNow (Risk Management & Reporting) Tools: MS Excel, Word, PowerPoint Methodologies: Risk Assessment, RCSA, Agile (Basic) Cloud Controls: AWS & GCP Security Concepts: IAM, Encryption, Logging/Monitoring Certifications CISA Certified Information Systems Auditor (ISACA) Education Master of Business Administration (MBA), Osmania University, Hyderabad, India | 2010 2012 Bachelor of Science (Computers), Osmania University, Hyderabad, India | 2007 2010 Keywords: information technology microsoft mississippi Delaware Massachusetts Texas