Zoher Mala Email & Phone Number

Toronto, CA

Managed to serve over 15 clients across industry verticals – Financial Services, BPO, Manufacturing and Service industries;Key Clients: KPMG, SunLIfe Financials, Royal Bank of Canada, Rogers Communications Inc. Brookfield Asset Management, Canadian Pacific Rail, MDS Inc., e-nxt Financials (Tata group), Nucleus Software

Toronto, Ontario, CA

Northbrook, IL, US

Ontario, CA

• Responsible for auditing complex infrastructure and applications used across Provincial government departments:- Access Controls including privileged access at the Applications and Infrastructure level- CyberSecurity.

Managing the Business Development initiatives for Arcon across Americas. This includes - 1) Building new partner and distributor network across Canada and US2) Reaching out to prospects and organizing demos with the help of pre-sales team3) Representing Arcon on events and help them organize events across Canada and US

OO

• Policy and Directive Refresh for a) Infrastructure/Network, b) Logical Access and c) Cloud Security Guideline. Received inputs from the Subject Matter Experts (IAM, Infrastructure and Cloud Teams) and socialized with a.
• Working on findings of SOX reviews and other regulatory reviews.
• CISO/CIO Reporting– Streamlined the Bi-weekly, Monthly and Quarterly reporting process:- Incorporated reports from multiple tools and data sources: End Point Detection and Response, Web Application Firewall, Advanced.
• Ensured the coverage of Cloud Controls (IaaS, PaaS and SaaS) in the key directives.
• Tracking of action points for remediating the key findings by regulators and auditors.
• Business Records Inventory – Single point of contact for the Information Security Department to manage the refresh of the Business records covering the classification, ownership, retention and security requirements for.

Using my extensive knowledge and experience in Media sector to implement a Controls Environment covering - - Entity Level Controls- IT General Controls- Business Process Controls - Automated and Manual- Implement GRC Software ‘TeamMate’ successfully- Document the gaps and putting a remediation plan in place;- Communicate the findings and action plan to the.

Toronto, Ontario, CA

Provided expertise to the Enterprise IT Risk group. Was part of the Second Line of Defense as a Subject Matter Expert for drafting Policies and Standards based on Industry standards. Highlights of the project - 1) Worked on drafting the Policies and Standards along with the first line of defense. 2) Socialized the Policies and Standards with the key.

Eden Prairie, Minnesota, US

• Oracle R12 Implementation review
• Reviewing of documentation including the project plan, steering committee meetings, Requirement analysis, testing documents, sign offs etc.
• Access controls – This includes the review of the results of a third party automated tool that gives the results of Sensitive access and Segregation of Duty Conflicts in Oracle.
• The design and operating effectiveness of the configurable controls and functional controls
• Data Migration review

Toronto, ON, CA

• Provided expertise in the areas of IT Audits in the Financial Services Sector -
• Was responsible for testing Automated Controls and IT General Controls for 2 large banks.
• Managed the testing of controls for SSAE 16 at the Data Center.

GB

Review of IT Cotrols and Business Process Controls for Fortute 500 clients. Speicialized in BFSI, Media and Entertainment and Logistics

GB

April 2003 till 2005 - PwC Toronto, CanadaApril 2007 till August 2011 - PwC IndiaIT Cotrols and Business Process Controls for Fortute 500 clients. Speicialized in BFSI, Media and Entertainment and Logistics- Review for top tier clients their IT Governance standards, Risk Assessment and Control Environment, IT General Controls and Business Process Controls.

Provided consulting services in the areas of ITGC and Application Controls (applied extensive knowledge of COSO and COBIT framework, PCAOB guidelines and Sarbanes Oxley Act 2002). The following were some of the keyareas covered during consulting:- Formulating of the SOX Methodology for the client;- Scoping for the purposes of SOX compliance based on – a).

New York, New York, US

- Ensured that the Internal Controls and applications/internet banking applications complied with the Global Standards, Procedures and Guidelines as specified in the Bank’s ‘Information Security/Internal Control Policy’- Managed Operational Audits across 50 units and 60 applications- Documented, and flowcharted the Bank’s Processes- Involved in fraud.

GB

Cisa, It Audit

Cpa, Accounting

Ca, Audit, Accounting, Tax

Cfe, Forensics And Investigations

Cwa, Costing

Bachelor Of Commerce, Accounts, Audit And Tax

Education record