Murtuza Halwadwala

• Company Overview: (Accounting Firm) Remote
• Led and performed Sarbanes-Oxley (SOX) IT audits for multiple clients, ensuring full compliance with Section 404 requirements, conducting thorough assessments of IT processes, internal controls, and information systems, significantly improving the audit readiness and compliance posture of clients.
• Conducted gap analysis and reviewed existing policies and procedures, identifying key deficiencies and providing actionable recommendations that enhanced compliance and minimized audit risks across the board.
• Assessed and designed IT and business process controls for critical operational cycles, including Expenditure, Revenue, and Payroll/Personnel cycles, ensuring streamlined and effective control mechanisms tailored to the specific needs of the client.
• Partnered with client teams to assess complex business and technology risks, providing strategic risk mitigation solutions and recommending best practices that strengthened risk management and minimized vulnerabilities.
• Reviewed and tested IT SOX controls, ensuring alignment with regulatory requirements and enhancing client understanding and adherence to SOX compliance standards.
• Spearheaded the development and implementation of compliance controls for PCI DSS 4.0, NIST CSF, and ISO 27001, enhancing organizational efficiency and ensuring the prompt resolution of audit gaps and vulnerabilities.
• Conducted SOX readiness assessments for clients, providing insight into their compliance posture and advising on necessary corrective actions to achieve compliance.
• Utilized technology-based tools like AuditBoard to improve audit efficiency, resulting in more streamlined audit processes and more effective communication with stakeholders.
• Collaborated with cross-functional teams to provide clear, actionable recommendations on audit findings, which were well-received by senior management and resulted in improved internal control systems.
• Contributed to audit reports and presentations, effectively communicating complex findings to senior management and facilitating timely corrective actions, particularly in the area of User Access Management.

• Updated and maintained the risk register by collaborating with Product Security, Security Engineering, Cloud Security, and the Security Operations Center (SOC) teams to ensure timely addressing and remediation of risks.
• Managed the revision of organizational policies to meet PCI DSS 4.0, NIST CSF 2.0, ISO 27001, and GDPR requirements, ensuring documentation, approval, and centralized maintenance.
• Transitioned the GRC program to AuditBoard, focusing on the implementation of CrossComply and Third-Party Risk Management (TPRM) modules.
• Led the PCI DSS 4.0 compliance audit, ensuring timely evidence collection for new requirements effective after March 31, 2025.
• Facilitated NIST CSF 2.0 assessments by coordinating with third-party security firms, conducting interviews, and providing necessary documentation and follow-ups.
• Assisted in the development and maintenance of governance frameworks and policies to ensure effective implementation across the organization.
• Ensured that governance practices were effectively adhered to, maintaining alignment with organizational and regulatory standards.
• Identified, assessed, and documented potential risks related to business operations, collaborating with various departments to develop risk mitigation strategies.
• Monitored risk management processes and recommendations provided for continuous improvement.
• Ensured compliance with relevant laws, regulations, and industry standards through regular audits and assessments.
• Stayed current with changes in regulations, assessing their impact on company operations and adapting practices as needed.
• Assisted in the design and implementation of internal controls to ensure operational effectiveness and efficiency.
• Monitored and evaluated control systems and processes for potential weaknesses, implementing corrective actions as necessary.
• Prepared and presented comprehensive reports on governance, risk, and compliance activities to senior management.
• Developed and delivered training programs on GRC-related topics, fostering a culture of awareness and adherence to policies and procedures.

• Spearheaded and executed multiple client engagements (public & non-public) across Insurance, Aerospace, and Healthcare industries.
• Skilled in Sarbanes-Oxley Section 404 (SOX 404) Compliance, Financial Statement Integrated IT Audit, IT
• Provided consultation on engagements by applying ISO 27001 & NIST cyber standards to evaluate risks on audit and department wide initiative to
establish audit framework for emerging technologies.
• Supervised and executed PCI compliance framework for banking clients to ensure cardholder data is protected.
• Experienced in testing business process controls like Revenue Recognition for in-scope applications and systems.
• Risks & Controls Assessment, and 3rd party reporting (SSAE 16/SAS 70/ SOC) type engagements
• Solid understanding of infrastructure, IT general system controls, business process controls; practical audit experience conducting risk assessments and executing audit programs
• Evaluate key business/IT risks and controls to prepare audit programs and communicate defined scope with stakeholders by reviewing the system architecture and designing effective test plans.
• Identify control deficiencies and present findings to key business/IT stakeholders that assisted management in timely mitigation of issues impacting considerable number of customers and potential regulatory concerns.
• Identify improvements in post audit issue closure process for the team including identifying resources/budget that enhanced timely closure of regulatory and non-regulatory issues.
• Collaborate with business audit teams to prepare audit reports, document/review test results and manage budgets and resources.
• Exhibited project management skills, including developing project plans, budgets, and deliverable schedules.
• Supervised, trained, and developed junior staff and interns through on-the-job coaching and timely feedback.
• As a Lead Senior, directed the daily audit progress, and managed team performance.

• Assisted the firm on technology companies, IT application and infrastructure audit.
• Responsible for ensuring the design, implementation, and monitoring of control points including risk assessments, audit plans, audit programs, and audit reports.
• Plan and execute audit assignments which include assessing the design and operating effectiveness of information systems adding insightful value and recommendations that address control and process opportunities and issues.
• Lead risk review meetings with cross functional teams on a timely basis across the organization which helps in understanding risks and vulnerabilities for future audits.
• Responsible for communicating recommendations to the management of Internal controls after carefully identifying control issues.
• Expert in understanding the Business Process and the risk associated with it and effectively communicating to the management.
• Coordinate SOC-1 and SOC-2 reviews and respond to client inquiries on both the reports for testing exceptions, control remediation, etc.
• Liaise with control owners to support external audit assessments of the Federal Risk and Authorization Management Program (FedRAMP) and assisted in the updating security documentation such as the system security plan (SSP), policies and procedures.
• Function as a coordinator for meetings, documents request, and other Internal Audit, and Compliance matters.
• Sound knowledge of Windows, Linux, Oracle, SQL, Networks, Firewalls, Cloud computing.

• Performing audits of internal controls and systems with an objective to provide assurance as part of Cisco's second line of defense.
• Actively involved in Technology Risk Assessments in support of the Risk Management process wherein identifying technology risks, rating identified risks and tracking issues and remediation's to closure.
• Served as a liaison between external auditors and internal stakeholders for external audits especially for SOX and GDPR.
• Involved in training IT stakeholders like project managers, architects, and application owners on SOX deliverables on a Quarterly basis.
• Assisting the management in the effective and efficient execution of the annual audit plan have ensured that the resulting findings are well understood by senior management.
• Experienced in performing SaaS security audit by monitoring the cloud-based monitoring system for applications specifically around Access and Identity Management.
• Project managed Cisco's Data Privacy and Protection Audit for the Security and the Trust Organization by auditing user access management for 57 data restricted applications.
• The detailed findings on the user access control for these applications were highly appreciated and recognized up to the CIO level.

• Worked with complex data sets to help the Business team determine and set competitive prices for significant revenue earning Cisco products which resulted in gaining market share and helped achieve revenue goals every quarter.
• Facilitated in helping Cisco with valuable market share information.
• Was actively involved during the Introduction of the India Price list which helped Cisco gain market in the Asia-Pacific region.
• Maintained product uplift factors and price adjustments by theater and country for Cisco products and services using Oracle forms.
• This would help the systems populate the correct prices for products and services.
• Partnered with cross-functional teams and Acquisitions on product availability, viewability, orderability, and price list inquiries.
• Designed and maintained an Access database to retain pricing reports and record company sales trends.
• Streamlined the pricing and discounting process.
• Attributes for Cisco products and services are now easily set and are available for customers to order.
• This also has opened prospects for more system automation and reduced the manual efforts.
• Awarded with the 'Best Foot Forward' recognition for managing the highest number of Pricing and Discounting queries and issues for CISCO in a quarter.

• Partnered with product managers on product configuration set-ups for some of the most important and high revenue earning Cisco products and services.
• Maintained the correct attributes for Cisco products in Oracle forms which helped the sales team to close out on high revenue deals.
• Represented my team in the successful transition from Legacy tools into a new ordering environment (CCW-R) where Cisco products can now be set-up for customers with more reliability, speed, and insight.
• Handled strategic product and product families for CISCO enabled the company to make them Orderable for customers in no time, which in return have earned good profits.
• Appreciated on several occasions for taking care of complex configuration issues and escalations especially during critical month-end and year-end closures.