• Instituted IT General Controls and IT operational controls to comply with SOX and regulatory compliance as well as Data Protection and Privacy requirements. • Performed IT Security Risk Assessments. Develop and maintain Key Risk Indicators, Key Performance Indicators, systems for recording, reporting, monitoring and dispositioning of Operational Risk events. • Developed security risk assessment; Advises System Owner on requirements in alignment with security risk assessment results, thereby supporting IT compliance across multiple systems or applications. Ownership and control of Risk Register.• Independently put together a variety of Security Authorization deliverables including System Security Plans (SSP), Security Assessments Reports (SAR), Risk Assessment Plans.• Conduct security audits and vendor assessments including Policies management, Standards, Process Mapping, Risk & Control Matrices, Inherent Risk Assessments, and Internal Control testing to identify vulnerabilities and remediation plans. • Provides operational risk management support which involves participating in risk assessments, managing system weaknesses, and providing ongoing risk monitoring, threat management and mitigation support.• Drive remediation activities with stakeholders, including developing remediation plans, tracking, and reporting remediation progress.• Coordinated and executed IT Controls for large On-site and Off-Shore Teams. • Performing third-party risk assessments by conducting and evaluating inherent risks questionnaires, vendor surveys, and assessing due diligence documentation following HTS program standards, and formulating and providing effective challenge into the risk assessment process.• Reviewed SOC Audit reports to evaluate vendor control environment and identify key risks. Coordinated the execution of SOC 2 Reviews.

• Directed and coordinated the New York Department of Financial Services requirements for the protection of sensitive customer information including an incident response plan, annual penetration testing and vulnerability scans• Participate in annual risk assessment process. • In collaboration with Vendor Management function, built Third Party Risk Management Program from the scratch.• Evaluation of vendor Internal controls and risks via inquiry and review of SOC reports. Performed Third Party security assessments• Monitoring of controls environment to assess maturity levels and maintain adequate test coverage based on changing risk profile. • Develop and maintain Key Risk Indicators, Key Performance Indicators, systems for recording, reporting, monitoring and dispositioning of Operational Risk events. • Conducted risk based approach assessments of IT business segments to ensure effective internal controls are in place• Responsible for identifying and addressing emerging risks related to third party risk management, e.g., use of subcontractors, monitoring of supplier concentration and dependence levels

• Directed and coordinated the New York Department of Financial Services requirements for the protection of sensitive customer information including an incident response plan, annual penetration testing and vulnerability scans• Participate in annual risk assessment process. • In collaboration with Vendor Management function, built Third Party Risk Management Program from the scratch.• Evaluation of vendor Internal controls and risks via inquiry and review of SOC reports. Performed Third Party security assessments• Monitoring of controls environment to assess maturity levels and maintain adequate test coverage based on changing risk profile. • Develop and maintain Key Risk Indicators, Key Performance Indicators, systems for recording, reporting, monitoring and dispositioning of Operational Risk events. • Conducted risk based approach assessments of IT business segments to ensure effective internal controls are in place• Responsible for identifying and addressing emerging risks related to third party risk management, e.g., use of subcontractors, monitoring of supplier concentration and dependence levels

• Team Lead responsible for planning, scheduling, performing walk throughs, assessment of risks, identifying key controls, documenting and flowcharting processes and controls, developing the Audit Scope and Audit Program, perform testing, identify exceptions, develop audit reports, discuss findings with management, obtain management responses and action plans to remediate weaknesses.• Operational and compliance Reviews

• Sarbanes Oxley – Financial/Accounting and Information Technology Systems, Development of Control Framework, Periodic Testing and Reporting.• Operational Audits; Program Management, Billing and Collections, Contracts, Procurement, Inventory Control, HR & Payroll, Project Cost Accounting, Bidding and Pricing Process, Sales Compensation Plans, Treasury, Emergency Hotline, T&E Reviews including Incentive Plans, Duplicate Payments.• IT Reviews ; Disaster Recovery/Business Continuity, System Implementation/Post Implementation systems reviews, Outsourced service provider reviews, Change Controls • Financial Reviews; Consolidations Process, 10K/10Q Disclosure Reviews, Spreadsheet Reviews, Amortizations and Deferrals, Reconciliations, Accounting for Pension and Tax Liabilities, Accounting for Currency Fluctuations and Hedges.• Compliance Reviews; Export/Import Regulations, Ethics, DCAA, Licensing.• Worked with Audit Director in performing company wide Risk Analysis, identifying areas for audit, establishing audit plans and benchmarking existing systems against industry best practices.

Design, implementation and testing of Sarbanes Oxley (SOX) process • Worked as team leader (groups of three senior auditors), as team member and independently. • Key participant in the SOX process for – Purchasing, Accounts Payable, Contracting, Restricted Access, Internal Use Software and Oversees Operations (EMEA). • Contributed in improving the efficiency and effectiveness of the SOX documentation and testing process. This included – evaluation of management’s documentation, identification of key controls, reviewing managements test plans, performing independent tests.• Identified process weaknesses and assisted in remediation efforts.

• Performed operational (~70%) and financial audit (~30%). This included special projects and audits of outsourced services.• Performed support work for the company's public accountants (PWC) for the year-end 2001and 2002 audits. Significant interface with the company’s external auditors. • Worked in teams as team leader and team member. • Key findings included issues related to revenue recognition and billing, inventory control, cash management, and cost accounting.• Extensive experience in contract (long and short term) audits.• Evaluated controls in the following IT areas – System Migration, Network Security, Disaster Recovery, Access Controls and Change Management.• Extensive Analytical Reviews of Financials of Key Divisions.

• Team Lead responsible for planning, scheduling, performing walk throughs, assessment of risks, identifying key controls, documenting and flowcharting processes and controls, developing the Audit Scope and Audit Program, perform testing, identify exceptions, develop audit reports, discuss findings with management, obtain management responses and action plans to remediate weaknesses.• Operational and compliance Reviews