Santosh Kumar Thiyagarajan

skt160@hotmail.com 9003502036

Summary
7+ years of experience in Internal Audit, Cloud Audit, SOX Audit, ITGC Audit, Service Delivery and Project
management working with global IT giants; TAFE Ltd, IBM India, HCL Technologies, Capgemini Technologies Ltd
and Wipro Technologies Ltd.

Experience
Wipro Limited - Technical Lead Jan 2021 – Till Now

• Experienced in Cloud Audit, Review and Monitor Security: MFA, Encryption, Security Groups, CloudWatch,
RDS, Key management, IAM, Serverless computing etc. on AWS and Azure cloud environment
• Conducting internal security assessments to ensure continued compliance.
• Understanding applicable regulations, guidelines and industry best practices to manage risk and ensure
compliance.
• Developing, maintaining, or auditing security documentation such as policies, standards, and procedures.
• Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
• Identifies and formally documents deviations from published standards, estimates risk level, recommends
appropriate mitigation countermeasures in operational and non-operational situations.
• Expertise in Application Security and Risk Management.
• Provide adequate security and compliance against specific standards such as NIST Framework, ISO27001,
SOX, PCI and other regulatory requirements.

Capgemini Technologies – Consultant Jun 2020 - Jan 2021

• Lead the Readiness Review Program for New applications and applications migrating to cloud environment
prior Go live.
• Experienced in Cloud Audit, review and monitor Security: MFA, Encryption, Security Groups, CloudWatch,
RDS, Key management, IAM, Serverless computing etc. on AWS and Azure cloud environment
• Performed TOD (Test of Design) and TOE (Test of operating effectiveness).
• Identified risks and integrity controls by assisting in mapping and documentation of processes.
• Conducting follow-up on both open and past due internal audit and SOX observations.
• Developing detailed audit observations and recommendations to management both verbally and inwriting in
the form of work papers.
• Record rest results and give support for an informed, objective opinion of the risk exposure.
• Assisting in organizing third-party compliance assessments and audits.
• Conducting internal audits and SOX testing; to include compliance with policies and procedures and
assessing the design and operating effectiveness of the internal control structure.
• Communicate project status to members of the team in an efficient manner

HCL Technologies - Lead Quality Aug 2018 - Jun 2020

• Leading the team in all phases of Client audit assignments including planning, execution, reporting and
follow up
• Monitored, Reviewed and Ensured ITGC controls are enforced and proper evidences are generated based
on frequency for Audits
• Compiled evidences for each ITGC control based on risk and frequency of the control to demonstrate
compliance with SOX and PCI DSS.
• Managed and Monitored day to day Logical access request for New Hire, Terminated and Transferred
employees
• Perform quarterly, semi-annual and annual audit of client internal controls to mitigate risk.
• Communicated any violation of controls to appropriate team members and ensure compensating controls
were implemented
• Developed and improve multiple processes in the areas of IT Security like User Access Management and
Program Change Management
• Archer Submission of User ID audit evidences in each questionnaire for all SOX and PCI applications.
• Review the daily SOX reports from Compliance monitor and ensure the team collects all the evidence.
• Oversee PEN testing process and follow up the remediation of PEN test findings in archer.
• Communication of Compliance training and removal of user access if training timeline is not met.
• Managed various projects with 3rd party vendors and outsource partners to fulfil business vision, goals and
objectives

IBM India - Service Delivery Specialist Aug 2015 - Jul 2018

• Conducting security audits for existing systems, processes and 3rd party providers.
• Performing ITGC control Reviews and Reporting the weekly status to the Global and zone level
management.
• Ensure risk assessment registers are maintained and risk assessments performed by the delivery units.
• Building SOP based on technical inputs from Control Owners and own process knowledge• Providing
support in Security incident management, Change Advisory Board and weekly access review meeting.
• Served as single point of contact for internal security issues and escalations.
• Involved in regular security awareness training for employees and vendors to ensure compliance
• Coordinated in Business Impact Assessment and Risk Analysis of supporting IT infrastructure
• Coordinated disaster recovery planning, testing, implementation and participate in business continuity
planning
TAFE - IT Support Engineer Dec 2013 - Feb 2015
• Assist manager in internal audits and process reviews.
• Review Access controls for backup media for systems and applications
• Document control deviation including type of failure, root cause, business impact including financial impact
Issues
• Support IT Infrastructure service levels for corporate IT for entire Video conferencing and its operations.
• IT vendor management towards support Management, Asset and Enterprise service Desk Management.
• Vendor Management towards IT Support Service (Warranty, AMC service providers).
• Assist end user's for problem determination related to desktop PC, Printers, Laptops, OS, SW, Wi-Fi
Access, Video Conferencing, Antivirus, DLP, etc. as L1 support

Education

● Anna University of Technology, Coimbatore B.Tech. Information Technology 2008 - 2011

Licenses & Certifications

● AXELOS Global Best Practice - ITIL V3 Foundation

● BSI - ISO 27001 Lead Auditor