Download PDF

Summary

Palak is a Consultant with the IT Advisory – Risk Consulting practice and has been working with KPMG in India since May 2013.
She has three plus years of IT auditing and advisory experience including Information Risk Management in External Audit, SOX Compliance, IT Attestation, Vendor Assessment, Security Strategy, and Internal Audit review. Her experience has primarily been in manufacturing, banking, healthcare, insurance, outsourcing, financial services, and retail industries.

She is skilled in -

  • IT auditing and providing advisory services including SOX Compliance, ISAE 3402/ 3000 Attestation, Vendor Assessment, IT Security, Internal Audit, and ISO 27001.
  • Conducting end to end review in key domains of Third Party Management, Information Security Governance, Transition Management, Technology and Network Management
  • Identifying, assessing, designing, and testing business system and general information technology controls for various applications, operating systems, and databases
  • Understanding processes of client line of businesses, and preparing review reports, blueprints, to formulate security framework.
  • Interacting with both clients and on-shore engagement teams and attend meetings to gain understanding of IT environment and related processes
  • Review of IT process narratives.

Other Skills and Responsibilities:

  • Worked on multiple proposals and opportunity evaluations for various clients.

Education

20092013

B.E. Electronics and Communication Engineering

PSG College of Technology

Top 3% of class with a CGPA equivalent to 9.2

20082009

Higher Secondary Course  

Avila Convent Matriculation Higher Secondary School, Coimbatore.

Secured 98.3% in Higher Secondary Matriculation Examination

Work History

2013Present

Risk Consulting - Consultant

KPMG India

Palak has been working with the KPMG Risk Consulting team for more than three years.
She has worked on the following areas, but not limited to; - ITGC Review ,SOx Advisory and Attestation ,Vendor Security Assessment , Information Risk management ,HIPAA Assurance, PMO related activities.
Her experience with KPMG covers but is not limited to;

  • She was involved in providing assurance reports under international standards such as SOx advisory for one of the leading oil and natural gas companies in the world for three consecutive years. The engagement involved providing client specific assurance reports for key clients and key applications of the outsourcing organization. The engagement required us to conduct gap analysis on the assets to identify the current risks and perform management testing for Application General Controls (AGC) and Application Security Review (ASR), identified by the client in accordance with SOx requirements and defined based on the COBIT framework, for various SAP and non-SAP applications.The Application General Control review and the security review covered the test of design and operating effectiveness, and document the same, in the following domains – Access to Programs and Data, Program Changes, Segregation of duties assessment ,Program Development and Computer Operations ( Backups, Batch Jobs, Problem Management) . Was involved in Engagement planning, management, coordination with the team. She was expected to support operations by consistently meeting quality guidelines within the established turnaround times (or allotted budget) for assigned requests. She was awarded the Kudos Award for her outstanding performance in this engagement. Palak was also awarded "KUDOS" recognition for her contribution to the project in FY 2015.
  • Team Member for SOx audit engagement of a leading global Insurance company in the UK . During this engagement Palak served KPMG UK in conducting comprehensive test of controls in order to meet SoX requirements. Her responsibilities included testing of business process controls in the domains of Revenue, Taxation, Payroll, Treasury, Fixed Assets, Purchase to Pay and Other Expenses. She was also involved in testing of various General IT Controls testing around the business process application as well.
  • Was involved in a Vendor Security review for one of the largest American multinational telecommunications corporation in the world. The engagement included assessing for compliance all the aspects of security covering physical, network, information, logical, software, Connectivity, Business continuity, Overall contracts, Privacy, and Identification and authentication.
  • Was involved in performing ITGC's testing and ITAC's testing which focuses on and comprises of segregation of duties, IT security policies, Access controls (logical and physical), User access management, Change management, Backup recovery and restoration, Incident management and like wise and Process analysis and audit for transactions with financial implications.
  • Was involved in providing assurance reports under international standards such as HIPAA for one of the leading non profit health care provider in the world. The engagement required a detailed understanding of the processes followed by the third party vendor in storing and managing the Personal health information. Was involved in project management activities and vendor Review for a Leading Healthcare Company in US for their outsourced IT Services. 

Accomplishments:

Recipient of the "Encore Awardee Kudos" Award in 2015.
Recipient of the "Encore Awardee Super Team" Award in 2014.

Certifications

  • ISO 27001:2013 Lead Auditor by Exemplar Global, Inc.
  • ISO 22301:2012 Lead Auditor by Exemplar Global, Inc.
  • ISO 20000-1:2011 Lead Auditor by Exemplar Global, Inc.

Skills

She has acquired the following skills but not limited to;

IT Audit Review

SOx 404

Internal Audit

IRMeA

ISO 27001 - ISMS

ISAE 3402

Management Consulting

Project Management

Microsoft Office 2010

Information Security

Strong Verbal and Communication skills