IT Audit/ Information & Cyber Security/ IT Risk & Compliance/ IT Security Governance Specialist

IT Audit/ Information & Cyber Security/ IT Risk & Compliance/ IT Security Governance Specialist
ID : 1739
Education level  : Master's degree
Work experience level  : Expert- (more than year 7)
Work experience in total  : Years
Job type  : Online
Job time  : Maandelijks
Last date of registration :
Profile description

Having over 13 years of industry experience in the field of IT auditing (both internal and external), information and cyber security, IT Security Governance and compliance domains which span across various industries including technology outsourcing, software development, banking and finance which the exposure spread across local and multinational organizations with cross cultural work environments.

Work experience In details :
Job position
Job description

Senior Manager: Information Systems Audit - LB Finance PLC (One of top 3 finance companies in Sri Lanka) – (June 2021- to Present)

  • Role: Manage Internal IS Audit team and perform IT risk assessment, Prepare annual IT audit plan, Oversee the execution of individual audits and ensure timely execution/ coverage, produce It audit reports, Lead final issue discussions with senior management, Present the IT and cyber security audit reports to Board Audit Committee, Proactively inform senior management on significant risks or exposures related to IS controls, compliance, and/or governance requiring prompt attention, Proactive engagement with other stakeholders (internal/ external) for process improvements in enterprise information and cyber security aspects, Engage in key projects undertaken by the company and provide insights independently from cyber security etc.
  • Key Projects: Conducting IT audits covering all IT operational areas, Conduct IT risk assessments for new technology adaptations, Conduct vulnerability assessments (external facing web/ mobile apps), DM reviews, system post implementation reviews, Support on data discovery activities pertaining to investigations, BCP/DR drill activity auditing, IT due diligence assessment, phishing simulations etc.

Deputy Manager: Information Systems Audit - National Development Bank (One of top 4 commercial banks) – (January 2020 – May 2021)

  • Role: Preparation of annual audit plan, Lead the team and carried out audit assignments, Undertook special assignments, investigations and forensic analysis related to information technology, Provided value additions from information security and IT security controls to management teams on control implementation/ enhancements, Supported CISO and other IT internal stakeholders, Produced timely reports to management, Supervised the team members, presented the IT audit reports to Bank Board Audit Committee (BAC), Engaged in company`s key technology implementations, business process reengineering exercises
  • Key Projects: Bank wide phishing simulation, Conducting IT audits covering all IT operational areas, cloud security assessments, audit robotic process automations/ workflows review, vulnerability assessments, infrastructure reviews, data discovery of investigations, BCP and DR drill participation etc.

Assistant Manager: IT Security Governance and Compliance - Virtusa Corporation (Global IT consulting and IT services outsourcing company) - (January 2018 – December 2019)

  • Role: Ensured all IT service achieve service lines were adhering to established policy procedures, Governance of global IT policies and procedure, Responded to Request for Proposal (RFPs) and Request for Information (RFIs) receive from company clients, Ensure IT compliance is met for client contractual requirements, Performed periodic self-assessments to ensure IT functions are compliant against client contractual requirement, Ensured IT DR plans are executed, Engaged in external and internal audits on behalf of respective IT teams, Reviewed Virtusa client pre-contractual documents, Conducted spot check
    risk assessment on IT internal teams, Prepared security metrics for global IT and security teams, Provided periodic compliance dashboards to IT top management
  • Key Projects: ITIL Maturity assessment, IT policies, procedures and guidelines review, Conducted Control self-assessments cross various IT service lines, IT Presales support (Information security and technology perspective), Drive IT control implementations, Conduct IT Risk Assessments, Maintained IT security compliance level high for major client accounts, Lead ServiceNow IT GRC Implementation, IT DR governance, Global endpoints security governance

Lead Consultant/ Auditor: Information Systems Audit - Virtusa Corporation - (2010 October – December 2017)

  • Role: Assisted in executing a comprehensive SOX audit program, Examined the effectiveness of management compliance levels, recommended improvements for control enhancements, reviewed procedures and records for their adequacy to accomplish intended objectives, conducted special examinations at the request of senior leadership, report audit findings in a concise manner, worked with the company’s IT teams, consultants, and IA staff etc.
  • Key Projects: Conducted SOX 404 Reviews (Sarbanes-Oxley Act), Review on Client Data Security Program, Data Leakage Prevention (DLP) Review, Review on BYOD and Mobile Device Management (MDM), Reviewed the end to end IT Infrastructure integration of Virtusa and Polaris, Firewall Security Review, Privacy Review , Established a guiding control framework for Cloud Security for Organization, software compliance, Assessed the controls environment of the newly acquired company, Assessment of Cloud Controls on Fusion Cloud, Real time Oracle EBS ERP Implementation Review, Engaged on business process reengineering exercises Etc.

IT Advisor - KPMG Sri Lanka (Big 4 audit firm) – (March 2008 - October 2010)

  • Role: Planed audit engagements and developed work program timelines, risk assessments, and other planning documents, worked with the engagement team to document the business processes dependent on information technology, provided clients with insight on their IT and business risks, served as a fieldwork leader by directing the daily progress of fieldwork, informing supervisors of engagement status, Demonstrated and applied a thorough understanding of complex information
    systems, documented working papers and management letter with findings.
  • Key Projects: IT External Audits, IT Risk and Controls Assessments, System Post Implementation Reviews, SOX 404 Reviews (Sarbanes-Oxley Act), Data Migration Reviews, Requirements analysis and documentation (For a ERP implementation)
Hard skills
Soft skills
  • Other certifications and licenses

Strategic Cyber Security Management (AttackIQ), ComTIA Cloud + Intermediate, Enterprise Design Thinking Practitioner, IBA Blokchain Essentials, CSFPC, Foundation of Breach and Attack Simulation, GDPR, ISO/ IEC 27001 Information Security Associate, Six Sigma White Belt, NSE1, NSE 2 etc.

  • Gold Member of Information Systems Audit and Controls Association (ISACA) – Sri Lanka Chapter
Special notes

An expert in IT auditing (both internal and external) with hands on experience in information and cyber security, IT Security Governance and compliance domains which span across various industries including technology outsourcing, software development, banking and finance

Meer person

ID : 2042
Associate Software Engineer
Education level: Bachelor's degree
Work experience level: Intermediate- (2-4 year experience)
ID : 2041
System Engineer IT
Education level: Bachelor's degree
Work experience level: Experienced- (4-7 year experience)
ID : 2040
Associate Engineer
Education level: Bachelor's degree
Work experience level: Associate- (1-2 year experience)
ID : 2039
Education level: Bachelor's degree
Work experience level: Beginner- (internship- 1 year experience)
Mis geen enkele belangrijke kennisgeving houd jezelf update
Begin met chatten!
Wij staan u graag te woord!
Hallo 👋
Kunnen we je helpen?