Anusha Gadde
Woodlandhills,CA
Summary
Professional with 10+ years of experience in ITSM, security compliance and IT Audit with Financial service industries. Skills include in depth knowledge of cybersecurity, auditing, compliance and regulatory requirements. providing assurance and advisory services to organization implementing and expanding the internal controls in a effort to meet requirements .
Additional skills and areas if expertise include: IT compliance & audit IT audit standard and compliance, physical and logical audit, risk management,analytics and data management analysis,cyber security policy and risk analysis, IT governance and compliance,security and incident management implement change control implement and design Incident problem change management trend analysis & reporting service delivery,service management, IT operations communications business process design, IT risk assessment risk, impact,and management, maturity assessment,risk assessment, control assessment, internal audit and compliance management, IT operational security evaluations utilizing industry standards
Overview
11
11
years of professional experience
Work History
Senior Governance Specialist
Republic Indemnity
Calabasas, California
01.2017 - Current
- Responsible for making sure that all SOX audits were completed and submitted on time each Monthly/quarter/Annually
- Understanding business impacts of upstream and downstream applications related to operations and SOX management, upgrades, business continuity, and leverage for daily interactions with DnA application owners and SOX Auditors
- Assisting and building relationships with DnA teams, various auditing entities, Information Digital Services and business units to collaborate on SOX and operation efficiencies
- Evaluate and report internal control deficiencies/status to senior management and executive management
- SME knowledge to support operations and all DnA SOX processes and managed applications
- Collaborate and comply with internal and external SOX Governance/Auditors, Information Security, Internal & External Audits, and the relevant DnA application owners to coordinate, create, and/or attest to as DnA delegate all relevant ITGC controls for all in-scope DnA applications
- Developing new, maintain existing, and provide requirements for SOX and ITGC controls and create monthly/quarterly control review documentation, as needed
- Assist with timely coordination and completion of all ITGC and SOX Compliance activities
- Collaborate with SOX Compliance, Privacy Compliance, Internal Audit, Information Security, and Legal to comply with SOX, ITGC, privacy, and legal requirements for all in-scope DnA applications
- Identified key controls, assessed controls for design deficiencies, and updated process
- Execute audit procedures to evaluate the accuracy and completeness of System Reports and End User Computing Spreadsheets
- Detected operating deficiencies and proposed ways to remediate control failures
- Identified mitigating controls to minimize risk exposures
- Participated in the implementation of new processes and corrective action plans to ensure SOX compliance
- Assist in providing IT SOX Compliance training to IT
- Scheduled testing of operating effectiveness in compliance with tests plans
- Schedule and implement IT security audits with system owners using NIST framework for baseline assessments
- Define the boundaries of applications / infrastructure, network diagram reviews (Visio) and gathers evidence to support the identified NIST Controls are complying
- Provided oversight for protection of confidential information on IT computer systems and developed consistent policies and processes of disaster recovery and business continuity plans
- Provided technical security engineering support for complex software, hardware, network systems; design, develop, and execute security tests of annual audit plan, vulnerability assessments and audits; risk mitigation and analysis of security threats
- Identified and evaluated risks during review and analysis of System Development Life Cycle (SDLC), including design, testing/QA, and implementation of systems and upgrades
- Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations
- Conducted reviews of data centers, to ensure availability, accuracy, and security under all conditions
- Working as Admin member to build, test and support ServiceNow for RICA
- Coordinated with IT department and external auditors during SOX IT testing
- Provide audit support for the external auditors
IT Governance Consultant
Republic Indemnity
Encino, California
04.2016 - 12.2016
- Establish and maintain Security and Compliance
- Serve as expert advisor to senior management in the development, implementation, and maintenance of information security infrastructure
- Identify key security program elements and determine which departments or offices must be involved in building a comprehensive information security program
- Provide guidance and advocacy regarding prioritization of infrastructure investments that impact security
- Lead the Privacy, Assurance and Systems Security Work Group, with responsibilities including: Developing, publishing, and maintaining comprehensive company-wide information privacy and security strategy, plans, policy, procedures, and guidelines
- Acting as the primary control point during significant information security incidents
- Advising Management on risk issues related to information security and making recommendations in support of the company\'s wider risk management programs
- Manage the development, implementation, and maintenance of information security policy, standards, and guidelines
- Work with Internal Audit to ensure departments consider information security risks in both ongoing and planned operations
- Monitor information security trends internal and external to the company and keep senior management informed about information security-related issues and activities affecting the organization
- Understand potential threats, vulnerabilities, and control techniques, and communicate this information to departmental system administrators
- IT Governance activities including development and reporting on security metrics and Change Control activities
- Led/Managed the execution of specific audit assignments; including the review and reporting process
- Reviewed and evaluated security and controls within automated and manual application systems
- Conducted tests of general and specific controls to ensure the effective application of control techniques
- Performed control analysis and evaluation, documenting existing processes and systems through use of flowcharting and business narrative techniques
- Participated in new systems development and new technology implementation projects, with a focus on ensuring that appropriate controls are developed and implemented
- Developed and executed audit plans for SOX and non-SOX IT audits
- Prepared Enterprise-wide risk assessment for use in the formulation of audit plan.
Senior Operational Specialist
IBM, Bank of Ireland
11.2013 - 06.2015
- And Responsibilities (Auditing)
- Working as security delivery specialist and responsible for overall compliance of the account
- Taking requests and providing data for the audits
- Validating the process and procedures, teams following are strictly adhere to Customer agreements
- Finding deviations or non-compliances via auditing all the documentation, policies & processes
- Assessment of internal control structures of Systems(OS) and their Subsystems depending on the security policy used by the client
- Execution of control tests
- Proper documentation to support and complete the testing within deadline
- Have been associated with CORPORATE Audit,ISAE3402,BCR ,KCO(Key Controls over Operations) etc
- Customer Relations, governance calls for account status and maintaining overall compliance of account
- Co-ordination with all stake holders ,platform teams and get the things done as per severity, Service level agreement
- Roles and Responsibilities (Patch management & Health Checking)
- Coordination for closure of security patches with strict adherence to time lines specified
- Coordination with the technical teams for timely updates (resolution plan, change implementation, closure, applicability, risk of not implementing etc) for timely closure
- Extension of APARs where they cannot be closed as per the target dates with the help of account service manager with required artifacts
- Add / remove technical contacts, housekeeping of department documents (based on inputs from the service manager)
- Escalate where APAR cannot be closed as per target dates
- Perform 'Business as Usual' health checking, to include the execution of automated health checking and the implementation of semi-automated and manual health checking across Commercial and Internal Accounts
- Score automated & manual health check returns and raise CIRATS issues for remedial work
- Identify deviations and raise such exceptions on CIRATS ensuring that all relevant data is included on the NCI record in accordance with documented procedures
- Execute health checking activities using HC automated tools e.g
- Fusion, TSCM, IEM etc
- Scanning the Server in TSCM tool (Tivoli Security Compliance Manager)
- Extracting reports for TSCM scanned servers
- Creating new domains for new policies configured in tool
- Checking whether account systems are compliant or not
- Understanding the false positives
- Initiate remediation actions to resolve deficiencies pointed out as part of audit fieldwork
- Proper documentation regarding any scheduled or adhoc work of Health Check of the server
- Reviewing the Server scans, deviations, Checklists, Templates and then approving them for SA&D (Server Activation and De-activation) activity
- Manual Loading of servers into the Enterprise Compliance Manager (ECM) for showing their status in the Dashboard for customer visibility
- ECM has few error codes – Expired , missing which is worked on by resolving SCM issues as they are in sync
- Work on Tool Issues (Collector Errors), How to fix the errors to get the valid information from the server
- Maintenance of inventory through device inventory compare between all tools and database
- Responsible for connecting servers to TSCM client on windows servers(including some troubleshooting steps eg, start and stop client services, changes in configuration file etc..)
- Work on operating system resources violations
- Work on ETS(exemption) with the ISM (Information security manager)
- Responsible for server deployments, which include application installations, operating system updates and security patches
- Security Application: Installation, troubleshooting McAfee Antivirus issues
- Managing windows server and troubleshooting technical issues involving Backup Failures, Tivoli Endpoint and operating systems.
Junior System Admin
IBM, Bank of Ireland
11.2010 - 11.2013
- Installation, Configuration, Building of Windows Severs/Virtual (VMware)server remotely
- Managing Active Directory, DNS, DHCP, Terminal Services, RAID,
- File server, Print server, Application server Administration
- Active Directory Installation and User Management
- Managing and troubleshooting of Cluster and NLB (Network Load Balancing)
- Managing TSM backup and troubleshooting
- Anti-Virus security using Symantec Antivirus Software's, Diagnosing and Rectifying
- Security Application: Installation, troubleshooting McAfee Antivirus issues
- Working on Remedy using ITIL Processes (Incident/ Problem/ Change management)
- Creating and maintaining runbook
- Providing Operating System support for more than 4000 servers that include both physical servers and virtual servers
- Evaluate planned changes to the server environment and advise of any requirements to support such changes and Implement corrective actions approved by the change management process
- Troubleshooting Tivoli monitoring alerts for windows 2000/2003/2008 servers
- Installing, Troubleshooting and Patching on Microsoft Cluster
- Working on Virtual Servers through Virtual Infrastructure client
- Migrating Physical Machines to Virtual Machines (P2V) and Virtual Machines to Virtual Machines (V2V) using VMware converter
- Configured Dell PowerEdge M1000E Chassis, Dell PowerEdge M620 & M710 HD Blades, Dell PowerEdge R820 Rack Mount Servers
- Maintained a virtual infrastructure that uses Dell Equal Logic PS41x0 Series Arrays, EMC FC Storage and, of course, Windows 2003 Servers, Windows 2008 & Windows 2008 R2 Serves, RedHat Enterprise Linux, MS SQL Servers, MS Exchange Servers, MS AD Services Servers
- Performed capacity planning and server migration planning by creating a runbook for every migration wave
- This included working very closely with the storage engineers
- Also created an alternate protocol for the VM’s that were not supported for replication due to storage limitations in a very short period of time
- Started to group non-critical production VMs (Servers) first, setup in SRM Consistency Group & Recovery Plan and migrated VMs using SRM Plan migration then applied same process to rest of the critical business Servers
- Worked with a lot of moving pieces including pieces: IPPlan, VMTools Deployment, P2V, V2V, VR, analyze the Storage requirement & project estimate, Deployment and Configuration of new Blades, OS installation and configuration
- Acted as a liaison between the management and technical staff by maintaining proper coordination & communication with Project Managers, Business managers, DBAs, Application Team, outside vendors
- Maintained VBlock Environment
- Performed level 2 and 3 troubleshooting, also provided day to day support for the infrastructure operation plus train the new hires in an environment which is more than 95% virtualized
- Environment: Windows 2000,2003,2008,2008 R2, Vm’s
Education
PRRM Engineering College, Ranga Reddy District
Skills
- Audit Preparation
- Sarbanes-Oxley (SOX)
- PPE Compliance
- MS Office
- Internal & External Auditing
- ITIL
- Change Management Process
- Microsoft SharePoint
- SerivceNow Admin
- Distribution
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Quote
There is a powerful driving force inside every human being that, once unleashed, can make any vision, dream, or desire a reality.
Tony Robbins
Timeline
Senior Governance Specialist
Republic Indemnity
01.2017 - Current
IT Governance Consultant
Republic Indemnity
04.2016 - 12.2016
Senior Operational Specialist
IBM, Bank of Ireland
11.2013 - 06.2015
Junior System Admin
IBM, Bank of Ireland
11.2010 - 11.2013
PRRM Engineering College, Ranga Reddy District
Similar Profiles
Ryan W. SmithRyan W. Smith
Marketing Director at Republic IndemnityMarketing Director at Republic Indemnity
ALICIA ALTIDORALICIA ALTIDOR
Security Officer at Indemnity Security InvestigationsSecurity Officer at Indemnity Security Investigations
Becky BowmanBecky Bowman
Market Manager; Western & Mid-West Region at Prize Indemnity, Dba Odds On Gaming / Odds On Promotions / Hole In One International — RemoteMarket Manager; Western & Mid-West Region at Prize Indemnity, Dba Odds On Gaming / Odds On Promotions / Hole In One International — Remote
LINET SERKALINET SERKA
Administrative Assistant at AluminumX DesignAdministrative Assistant at AluminumX Design
Jacqueline BarajasJacqueline Barajas
Caregiver at Private CareCaregiver at Private Care