Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Timeline
Generic

MURTUZA HALWADWALA

Georgetown,TX

Summary

Seasoned Technology Risk and Compliance professional with over 8 years in IT risk management and regulatory compliance across diverse sectors. Skilled in SOX compliance, technology risk assessments, control design, and audit readiness for enterprise systems and cloud environments. Collaborates effectively with IT teams to enhance control environments and support audit programs, with knowledge of NIST, ISO 27001, COBIT, PCI DSS, SOC 1/2, FedRAMP, and GDPR.

Overview

14
14
years of professional experience
1
1
Certification

Work History

Technology, Risk & Controls Analyst

Skyward Speciality Insurance
Georgetown, Texas, Remote
06.2025 - Current
  • Support the Technology Risk & Controls program by executing and monitoring key IT General Controls (ITGCs) across access management, change management, and user access governance to ensure alignment with internal policies and SOX compliance requirements.
  • Conduct monthly quality assurance reviews of access provisioning activities across enterprise applications and systems, ensuring all access requests are properly authorized and documented by Service Desk tickets.
  • Conduct quarterly access variance analysis across internally managed applications by comparing user populations between review cycles and validating that newly provisioned access is appropriately approved and documented.
  • Perform monthly change management control testing, sampling production changes to confirm required approvals, User Acceptance Testing (UAT), and compliance with change governance procedures.
  • Coordinated the Quarterly User Access Review (UAR) process across business applications and infrastructure systems by engaging system owners and tracking completion status.
  • Compile and organize audit-ready evidence packages, including access reviews, ticketing records, and control documentation, to facilitate internal and external audit requests.
  • Partner with application owners, infrastructure teams, and IT stakeholders to resolve documentation gaps and strengthen adherence to control procedures.
  • Contribute to continuous monitoring and control improvement initiatives by identifying gaps in control execution and recommending enhancements to strengthen the overall technology risk management framework.

Senior Consultant

SOA Projects
Georgetown, Texas, Remote
09.2024 - 05.2025
  • Led and executed Sarbanes-Oxley (SOX) IT General Controls (ITGC) assessments for multiple clients, evaluating the design and operating effectiveness of controls across key domains including user access management, change management, and system operations to support Section 404 compliance.
  • Conducted technology risk and control gap assessments, reviewing existing policies, procedures, and system processes to identify control deficiencies and deliver actionable remediation recommendations that strengthened control environments.
  • Evaluated and designed IT and business process controls across critical operational cycles including Revenue, Expenditure, and Payroll, ensuring alignment with internal control frameworks and regulatory expectations.
  • Partnered with client technology and business teams to identify and assess complex technology risks, delivering practical risk mitigation strategies that enhanced governance over IT processes.
  • Performed risk-based control testing and documentation reviews to validate adherence to SOX requirements and improve clients’ overall audit readiness.
  • Supported organizations in implementing and strengthening controls aligned with PCI DSS, NIST Cybersecurity Framework (CSF), and ISO 27001, helping address audit findings and enhance security and compliance posture.
  • Worked closely with cross-functional stakeholders to communicate control gaps, risk exposure, and remediation plans, helping management strengthen internal control frameworks.

IT Risk Consultant

eTeam
Georgetown, Texas, Remote
01.2024 - 09.2024
  • Updated and maintained the enterprise risk register by collaborating with Product Security, Security Engineering, Cloud Security, and Security Operations Center (SOC) teams to ensure timely identification, tracking, and remediation of technology and operational risks.
  • Revised organizational policies to align with PCI DSS 4.0, NIST CSF 2.0, ISO 27001, and GDPR requirements, ensuring proper documentation and approval workflows.
  • Supported the transition of the GRC program to AuditBoard, assisting in the implementation of CrossComply and Third-Party Risk Management (TPRM) modules to improve governance, risk tracking, and control monitoring processes.
  • Led coordination efforts for the PCI DSS 4.0 compliance audit, ensuring timely collection and organization of required audit artifacts and evidence for new requirements effective after March 31, 2025.
  • Facilitated NIST CSF 2.0 risk assessments by coordinating with external security firms, conducting stakeholder interviews, and compiling supporting documentation for assessment activities.
  • Assisted in the development and maintenance of governance frameworks and control policies to support consistent implementation across the organization.
  • Ensured governance and compliance practices were adhered to by monitoring alignment with organizational policies, regulatory requirements, and industry standards.
  • Identified, assessed, and documented potential risks related to business operations and technology processes, working with cross-functional teams to develop appropriate risk mitigation strategies.
  • Monitored ongoing risk management and control activities, recommending improvements to enhance governance and risk processes.
  • Conducted periodic reviews and internal assessments to ensure compliance with laws, regulations, and industry standards.
  • Stayed current with changes in regulatory and security frameworks, evaluating their potential impact on organizational risk management practices.
  • Assisted in the design and evaluation of internal controls to strengthen operational effectiveness and governance practices.
  • Monitored and evaluated control processes for potential weaknesses, recommending and supporting corrective actions to address control gaps.
  • Prepared and presented governance, risk, and compliance reports to senior management, highlighting insights into risk posture and program effectiveness.
  • Developed and delivered training sessions on GRC and policy awareness, helping promote a culture of compliance and security awareness across teams.

Senior Consultant

Deloitte & Touche LLP
Austin, TX
03.2021 - 11.2023
  • Led multiple Technology Risk and IT audit engagements for public and private sector clients across insurance, aerospace, and healthcare industries.
  • Executed SOX 404 IT General Controls (ITGC) testing across key domains including user access management, change management, and system operations to evaluate control design and operating effectiveness.
  • Performed technology risk assessments by reviewing system architecture, identifying key control points, and developing risk-based audit programs aligned with industry frameworks including ISO 27001 and NIST.
  • Collaborated with IT, security, and business stakeholders to identify control deficiencies and recommend remediation actions that strengthened overall control environments.
  • Supported PCI DSS compliance initiatives for financial services clients by assessing security controls around cardholder data protection.
  • Coordinated SOC 1 and SOC 2 readiness and review activities, including evaluating control documentation and responding to client inquiries regarding testing exceptions and remediation.
  • Designed and executed risk-based audit procedures across infrastructure, applications, and business process controls to assess and enhance effectiveness of internal control frameworks.
  • Partnered with cross-functional teams to document control testing results, prepare audit reports, and communicate risk findings to senior management.
  • Identified process improvements in post-audit issue tracking and remediation workflows, enhancing timeliness and effectiveness of issue closure.
  • Managed engagement timelines, budgets, and deliverables while mentoring junior staff and supervising control testing activities across multiple engagements.

Senior Associate Compliance and Advisory

SOAProjects Inc.
Sunnyvale, CA
06.2020 - 03.2021
  • Ensured design, implementation, and monitoring of control points, including risk assessments, audit plans, audit programs, and audit reports.
  • Plan and execute audit assignments which include assessing the design and operating effectiveness of information systems adding insightful value and recommendations that address control and process opportunities and issues
  • Lead risk review meetings with cross functional teams on a timely basis across the organization which helps in understanding risks and vulnerabilities for future audits
  • Communicated recommendations to management regarding internal controls after identifying control issues.
  • Expert in understanding the Business Process and the risk associated with it and effectively communicating to the management
  • Coordinate SOC-1 and SOC-2 reviews and respond to client inquires on both the reports for testing exceptions, control remediation, etc
  • Supported external audit assessments of the Federal Risk and Authorization Management Program (FedRAMP) by liaising with control owners.

Risk Management Specialist

Cisco
Milpitas, CA
01.2017 - 05.2020
  • Performing audits of internal controls and systems with an objective to provide assurance as part of Cisco's second line of defense
  • Conducted Technology Risk Assessments to identify and rate technology risks, tracking issues and remediation to closure within Risk Management process.
  • Served as a liaison between external auditors and internal stakeholders for external audits especially for SOX and GDPR
  • Trained IT stakeholders, including project managers, architects, and application owners, on SOX deliverables, enhancing compliance understanding quarterly.
  • Supported management in executing annual audit plan, contributing to effective risk mitigation strategies.
  • Experienced in performing SaaS security audit by monitoring the cloud-based monitoring system for applications specifically around Access and Identity Management
  • Project managed Cisco's Data Privacy and Protection Audit for the Security and the Trust Organization by auditing user access management for 57 data restricted applications
  • The detailed findings on the user access control for these applications were highly appreciated and recognized up to the CIO level.

Pricing Analyst

Cisco
Pune, Maharashtra
03.2013 - 10.2016
  • Worked with complex data sets to help the Business team determine and set competitive prices for significant revenue earning Cisco products which resulted in gaining market share and helped achieve revenue goals every quarter
  • Conducted market research to deliver insights on market share, informing competitive pricing strategies for Cisco
  • Was actively involved during the Introduction of the India Price list which helped Cisco gain market in the Asia-Pacific region
  • Maintained product uplift factors and price adjustments by theater and country for Cisco products and services using Oracle forms
  • Partnered with cross-functional teams and Acquisitions on product availability, viewability, orderability, and price list inquiries
  • Developed and maintained Access database for pricing reports, capturing company sales trends to support data-driven decision-making
  • Streamlined pricing and discounting procedures, enhancing accuracy and consistency in pricing strategies
  • Received the 'Best Foot Forward' recognition for managing the highest number of pricing and discounting queries and issues for Cisco in a quarter.

Product Data Analyst

Cisco
Pune, Maharashtra
06.2012 - 02.2013
  • Managed strategic products and product families for Cisco, enabling rapid orderability for customers and contributing to increased profits.
  • Partnered with product managers on product configuration set-ups for some of the most important and high revenue earning Cisco products and services
  • Maintained accurate attributes for Cisco products in Oracle forms, supporting the sales team in closing high revenue deals.
  • Represented my team in the successful transition from Legacy tools into a new ordering environment (CCW-R) where Cisco products can now be set-up for customers with more reliability, speed, and insight
  • Resolved complex configuration issues and escalations during critical month-end and year-end closures, ensuring smooth operations.

Education

Masters in commerce - Accounting

University of Mumbai
Mumbai, India
03-2011

Bachelors in commerce - Accounting

University of Mumbai
Mumbai, India
03-2009

Skills

  • GRC
  • Risk assessment
  • ITGC
  • SOX
  • AccessGovernance
  • AuditReadiness
  • TechnologyRisk
  • Problem solving
  • Collaboration

Certification

  • Certified Internal Auditor (CIA) (In-progress)
  • Certified Information Security Auditor - 2017
  • AWS Certified Cloud Practitioner - 2021
  • AWS Certified Security Specialty - 2022
  • Active ISACA Member since 2019

Accomplishments

  • 2 times recipient of the 'Applause Award' (2021 & 2022) for my hard work and exemplary support on audit engagements.
  • Recognized for single handedly migrating workpaper documentation for close to 300 controls into Deloitte's structured tool for one of the audit engagements.
  • Recognized for my hard work for closing close to 40 controls including Auto and IT General during FY19 year. Appreciated for connecting with my colleagues and stakeholders and linking to common compliance goals.
  • Awarded as a 'Cisco Security Champion' for my passion for IT and recognition by peers based on strong technical knowledge of Cisco Products and Services.
  • Awarded with the 'Best Foot Forward' recognition for handling the highest number of Pricing and Discounting queries and issues for CISCO in a quarter.

Timeline

Technology, Risk & Controls Analyst

Skyward Speciality Insurance
06.2025 - Current

Senior Consultant

SOA Projects
09.2024 - 05.2025

IT Risk Consultant

eTeam
01.2024 - 09.2024

Senior Consultant

Deloitte & Touche LLP
03.2021 - 11.2023

Senior Associate Compliance and Advisory

SOAProjects Inc.
06.2020 - 03.2021

Risk Management Specialist

Cisco
01.2017 - 05.2020

Pricing Analyst

Cisco
03.2013 - 10.2016

Product Data Analyst

Cisco
06.2012 - 02.2013

Masters in commerce - Accounting

University of Mumbai

Bachelors in commerce - Accounting

University of Mumbai

Similar Profiles

  • Taran BemuneTaran Bemune

    Risk Analyst at Winnow IT Services Pvt LtdRisk Analyst at Winnow IT Services Pvt Ltd

  • SHRUTI TOMARSHRUTI TOMAR

    Lead Cyber Risk Analyst at Ultimate Kronos GroupLead Cyber Risk Analyst at Ultimate Kronos Group

  • ANN JOAN RAJENDRANANN JOAN RAJENDRAN

    Assistant Manager – IT Audit, Technology Risk & Controls Transformation at ERNST & YOUNG LLP – UK&IAssistant Manager – IT Audit, Technology Risk & Controls Transformation at ERNST & YOUNG LLP – UK&I

  • VIVEK CHALLAVIVEK CHALLA

    GOVERNANCE & RISK MANAGEMNET TRAINING at PROTECTE ACADEMYGOVERNANCE & RISK MANAGEMNET TRAINING at PROTECTE ACADEMY

CREATE PROFILE
MURTUZA HALWADWALA