Sajwani Rana (AIGP, CISM, CISA, CIA)
Salt Lake City,UT
Summary
GRC professional with proven experience leading audits, managing control environments, and driving governance initiatives within JPMorgan Chase. Adept at navigating complex stakeholder networks, enforcing compliance frameworks, and delivering strategic risk solutions. Recognized for leading end-to-end engagements, fostering cross-functional collaboration, and contributing to continuous improvement across business-as-usual (BAU) and project-based workstreams.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Senior Governance, Risk & Compliance Analyst
JPMorganChase
01.2024 - Current
- Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work
- Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations
- Lead the SOC 2 compliance program, identifying control dependencies, designing, implementing, and maintaining control effectiveness.
- Oversee ISO 27001 certification including ISMS maintenance, audit coordination, and evidence management.
- Ensure audit readiness by coordinating internal and external audits, managing evidence collection, and overseeing remediation efforts to maintain compliance.
- Perform control gap assessments and drive remediation initiatives aligned with frameworks such as the Cyber Risk Institute (CRI) Profile.
- Execute third-party IT risk assessments for initial and ongoing due diligence, identifying and mitigating potential security and privacy risks.
- Manage the review and distribution of vendor cyber risk documentation, including risk questionnaires (e.g., SIG), SOC 2 reports, security policies, to assess and mitigate outsourcing risks.
Senior IT Risk & Compliance Analyst III
The TJX Companies, Inc.
08.2021 - 12.2023
- Enable opportunities for control improvements with the objective of mitigating risk, improving compliance practices across IT Security
- Collaborate with cross-functional teams, including business line and risk teams, to design and maintain a comprehensive risk framework program
- Participate in NIST CSF Maturity Matrix assessments, identify security postures improvements through gap assessments.
- Identify, document and map in scope applications to control processes and relevant internal controls per the scope of audit
- Proactively manage audit findings, track and document status updates obtained via action owners, assist in timely execution of remediation activities.
- Conduct proactive IT Security Assessments leveraging various Industry Control Frameworks, Azure Cloud Control Assessment- Cloud Security Alliance- Cloud Control Matrix, NIST CSF
- Assist with security efforts to meet SOX, PCI, FTC and other compliance requirements.
- Support the planning and performance of IT risk-based security audits and projects, risk assessments, execution of fieldwork and communication to IT Leaders.
- Represent IT Security team to internal and external assessments and/or audits of information technology systems and processes
- Conduct thorough analyses of the risk/control environment to evaluate control effectiveness and identify areas for improvement.
- Facilitate internal risk assessment on Security control gaps and support prioritization.
- Perform root cause analysis, recommend and document corrective actions and continuous improvements addressing risks, issues, roadblocks
- Increase awareness and accountability of IT Security issues/remediation, facilitate documentation of resolutions and track progress on remediation
Information Technology Compliance Analyst
Willis Towers Watson
01.2018 - 08.2021
- For WTW's Individual Marketplace LOB work as central point of contact in the Information Security Department for IT Security compliance, Risk Assessment processes and initiatives.
- Review and update Information Security Policies as needed at least annually.
- Oversee Client's IT security/Risk assessment covering domains like Encryption, Business Continuity, IT Governance, Network, OS & Application Security, User Access management, Physical Security, IT Training & Awareness etc.
- Conduct, facilitate client security/audit calls, site visits, IT policies documentation review and remediation efforts related to Information Security.
- Interface with and lead efforts related to internal risk assessments, external audits including SOX, SOC, HIPAA, HITRUST, ISO 27000 series, regulatory, compliance, cloud infrastructure CCM/CAIQ and third-party reviews.
- Coordinate, track selected tests of information security measures, including targeted penetration test, vulnerability scans, and other controls reviews
- Oversee tasks to remediate identified risks and vulnerabilities; negotiate dates for remediation to be complete; track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting to all constituents
- Perform User Access Reviews for logical access to organization critical resources per Access Management policy. Provide support to the business with audit requests involving the IAM process. Proactively investigate/resolve any open questions raised as part of a User Access Review
- Develop, update and maintain compliance documentation covering all in scope systems and supporting technology including, but not limited to: Information Security Policies, IT Compliance Corrective and Preventive Action Plans, Annual and Quarterly Compliance Audit Procedures
- Provide reports on a regular basis, and as directed or requested, to keep Senior Management informed of the operation and progress of IT compliance efforts
Senior Information Technology Internal Auditor
Extra Space Storage
09.2017 - 01.2018
- Assist Internal Audit Director in accomplishing audit department objectives in a team environment.
- Oversee the SOX audit work of Internal auditors and provide guidance when necessary
- Plan and perform complex level financial, general IT controls and compliance audits with the objective of assessing and evaluating existing internal controls
- Test design and operating effectiveness of key application controls and IT general controls for significant IT applications to support management's SOX assessment
- Lead IT audits and project/program reviews to identify and evaluate key risks and related controls
- Perform technology audit work in audits of business processes (integrated audits)
- Verify / review audit evidence, prepare audit plans, work papers, findings, status reports and audit report of both IT and business process audits
- Coordinate multiple audit projects, including issue identification and coordination of corrective action plans in accordance with regulatory and departmental guidance.
- Test controls for SOX program and Service Organization Control (SOC) report to ensure controls are operating effectively
- Assist in organizing and maintaining the Company's documentation of its processes related to SOX, SOC, Risk Assessments
- Test the effectiveness of the Company's key controls for SOX and work with management to ensure remediation is adequately implemented for deficiencies identified.
- Participate in Information Security Governance, Risk Assessments and Incident Response Activities
- Communicate project status, concerns or issues to management in a timely manner and escalate audit issues for timely resolution
Information Technology Internal Auditor
Extra Space Storage
10.2015 - 09.2017
- Plan, conduct, and document audits of the IT infrastructure, IT General Computer Controls (ITGC) and other system and application related risk areas
- Develop and maintain internal-control documentation including flowcharts, narratives, and walkthroughs for SOX Compliance
- Execute audits of key processes and controls to ensure operational effectiveness and compliance with SOX requirements
- Assess key business and finance areas to manage financial, technological and operational risks
- Document accurate, logical and detailed work papers, clearly describing the tests, results of work performed, and conclusions reached
- Assist with technology audit work in audits of business processes (integrated audits)
- Verify or review audit evidence, prepare audit plans, work papers, findings, status reports and audit report of both IT and business process audits
- Active participation in designing and implementing a new GRC tool ACL
- Engage with the IT and Business Process stakeholders to stay informed of changes and new initiatives within the business and technology areas and sharing audit perspectives relating to risk identification and mitigation
- Coordinate Internal Audit activities with those of the IT external auditors to ensure proper audit coverage, eliminate duplicate efforts and improve the efficiency and effectiveness of audit activities.
- Managing relationship with internal and external auditors
Skills
- SOC 2 Type 2
- Third-Party Vendor Management
- Vendor Security
- ISO 27001
- NIST 800-53
- Risk Assessment
Websites
Certification
- Artificial Intelligence Governance Professional (AIGP)
- Certified Information Security Manager (CISM)
- Certificate of Cloud Auditing Knowledge
- Certificate of Cloud Security Knowledge v.4
- Certified Internal Auditor (CIA)
- Certified Information Systems Auditor (CISA)
Current Position
Sr. Governance, Risk & Compliance Analyst, JPMorgan Chase & Co., Salt Lake City, UT, 01/01/24, Present
Timeline
Senior Governance, Risk & Compliance Analyst
JPMorganChase
01.2024 - Current
Senior IT Risk & Compliance Analyst III
The TJX Companies, Inc.
08.2021 - 12.2023
Information Technology Compliance Analyst
Willis Towers Watson
01.2018 - 08.2021
Senior Information Technology Internal Auditor
Extra Space Storage
09.2017 - 01.2018
Information Technology Internal Auditor
Extra Space Storage
10.2015 - 09.2017