Srikanth Karna

Assist in implementing a process definition CMMI Level 3 Dev model.  Conduct periodic reviews of delivery units to ensure process adherence and help delivery to fix process issues.  Involved document preparation for process definition.  Trained personnel on tools and validation.  Identify and publish metrics to management for timely, effective decision-making.  Prepare monthly DU Level reports and presenting it to the DU Heads.  Imparted trainings on PQA, QMS Awareness, DPA

 Liaison between Information Technology and various audit groups to ensure compliance in all areas such as SOX & ISO 27001  Effectively worked with all levels of the organization to resolve user access issues while ensuring segregation of duties were established and maintained when granting access levels  Responsible for technical evaluation, testing and upgrading of information systems used for organizations ISMS initiatives.  Execute internal audits of various business areas using risk-based audit methodology  Document audit report and findings.  Assist Project Development teams for the implementation of SDLC (Software Development Lifecycle)

Execute SOX and ISO 27001 audit fieldwork autonomously in accordance with audit work programs and makes improvement recommendations  Evaluate and report internal control deficiencies/status to senior management and executive management  Develop audit procedures to evaluate the accuracy and completeness of IT Controls for all the business applications  Coordinates all audit efforts with business process owners, and global audit teams  Deliver IT SOX Compliance training to the Business/IT management and Internal Audit teams on demand Quality Responsibilities:  Perform the Regulatory Impact Determination for the IT computerized systems to assess and document the validation state of the system.  Provide an independent review of the project deliverables to ensure they meet regulatory expectations, standards and provide approval to designated deliverables.  Review and approve Test Plans, Validation protocols (Installation Qualification IQ, Operational Qualification OQ and Performance Qualification PQ), Test Script and Test Summary Report.  Approving Changes and Problem tickets across the service lines on behalf of Quality and Compliance CAB group  Making sure all the agreed deliverables, data, and information available to regulatory inspections  Conducting Quality awareness sessions to the teams on demand

Perform audit work in accordance with defined standards, and complete assignments in an efficient manner.  Work closely with business and technology audit colleagues to ensure that key risks are identified and assessed in the program of audit coverage.  Communicates audit progress and results to both department and business unit management, both verbally and in writing.  Identify ongoing compliance issues, process weaknesses and inefficiencies.  Verify and validate compliance of company controls with established policies.  Build a strong relationship with the business owners, IT management and external auditors

Implemented ISMS and achieved ISO 27001 certification for all locations of the company.  Planning and scoping of external audits, including performance of walk-throughs and preparation of audit programs (ISO 27001, SOC 1&2).  Provide direct-audit assistance to the external auditors including ISO 27001, SOC 1 & 2 related testing, as instructed.  Effectively interact and communicate results to auditees, business unit management and senior management.  Test the design and effectiveness of internal controls by completing walk throughs of business processes.  Perform internal audits and prepare reports reflecting opinion on effectiveness of system processes, non-conformities and the effectiveness of activities carried out.  Assist teams in performing risk assessments and evaluating critical IT controls for both infrastructure and business applications.  Provide advisory support to IT projects related to internal controls and risk management.  Make effective decisions and recommends changes to procedures to increase control/process efficiency.  Respond to technical assessment review and security questionnaires (RFP) from existing enterprise customers or potential customer