Darshita Peshwani
Melbourne,Australia
Summary
Experienced technology risk professional with over 7 years of experience in the consulting domain with client base spread across Australia, USA, UK, UAE, South Africa, Singapore and India across both Financial Service and Non-Financing Service sectors. In depth knowledge of leading, managing and performing IT risk audits across diverse business domains such as Banking, Information Technology, Retail, Transportation, FMCG, Manufacturing, Telecommunication and Healthcare. Specialized experience in CPS234, SOX 404 compliance, SOC/ISAE Reporting, financial audits and IT integration for FS and Non-FS clients, IT Governance Maturity Reviews, and other specialized internal audits.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Technology Risk Manager
EY Australia
Melbourne, Victoria
04.2022 - Current
- Responsible for managing and delivering integrated governance mandates covering regulatory compliance-related consulting services, including CPS234, CPS230, cloud adoption, and technology risk-related regulations in 20+ global jurisdictions.
- Leading end-to-end integrated financial audits for multiple global clients from beginning to end, including planning, agreeing on timelines with the client, execution, and submitting conclusions around various business processes such as change management, user access management, incident management, backup management, network security, and physical access management, while assessing IT risks and identifying the impact on financial audits with mitigation strategies.
- Assessing the business risks and the internal controls framework, along with the validation of the design and operating effectiveness of the preventive and detective controls within the framework, finding gaps, calculating the impact, and suggesting recommendations for remediation on SOX engagements.
- Leading SOC/ISAE assessments (GS007, 3150, etc.). Wherein responsibilities include understanding the client environment, determining the scope, identifying significant classes of transactions, detailed control testing, and preparation of SOC I and SOC II reports for clients with complex DevOps environments.
- Delivering a core banking platform (cloud-based) data migration review, I identified areas of improvement in the project governance, go/no-go criteria, defect management, data mapping issues, migration scoping, and approach issues, and presented to the board audit committee.
- Assisting a variety of financial institutions through their adoption of cloud-based technology by delivering technical cloud controls assurance and advisory services, including evaluating risk and controls specific to the migration of hundreds of IT systems to the Amazon Web Services (AWS) and Microsoft Azure cloud environments.
- Performed multiple tripartite reviews to assess the design and operating effectiveness of the client's controls against predefined control objectives based on the requirements in APRA’s Information Security Prudential Standard CPS 234, including providing limited assurance to assess the suitability of the design of controls to achieve identified control objectives and the operating effectiveness of controls across the 12-month period
- Experienced in performing pre-implementation reviews and post-implementation reviews on various business transformation projects, data migration projects, and cloud adoption projects.
- Supporting leadership with delivery plan modeling, business proposals, and managing consultants, including offshore resources, for various IT audits through completion. In addition, the preparation and maintenance of project status, including the timeline, budget, and challenges,
Senior Consultant
EY LLP
India, Delhi
12.2017 - 03.2022
- Hands-on experience in IT Governance and Implementation reviews using COBIT 2019 framework as an integrated process reference model, providing guidance on how to deliver value, optimise resources, manage performance and govern IT risks
- Worked on specialized IT internal audit engagements for Fortune 500 companies like Hardware Asset Management Review, Contractor Access Management, System go-Live Readiness Review
- Delivering security reviews for various operating systems and databases like Unix/Linux, Windows 2003, Windows 2008, Oracle, Microsoft SQL Server, Solaris, AIX and AS-400
- Reviewed IT Disaster Recovery (ITDR) governance, plans, and procedures for a multinational company and assessed overall Disaster Recovery (TDR) performance
- Developed Segregation of Duties (SoD) rule set and reviewed the access management process for OPERA and MICROS/Simphony Applications for a leading Hotel chain in India
- Worked extensively on SAP, JD Edwards, PMS and POS systems to perform IT General Controls like Logical Access Management, Change Management etc and IT Application controls around the business processes
- Managed and executed multiple end to end IT SOX Compliance audits, including control mapping of SOX framework with COSO 2013 and COBIT 5.0 models, testing of controls, coordinating with the client and reporting
- Assisted in refining the design of the processes and controls which enabled the client to continuously monitor and benchmark their controls against leading industry practices which in turn helped in streamlining the external statutory audits and reducing the number of observations as the testing performed saved 67% of the external audit cost for the client
Education
Bachelor of Technology - Computer Science And Engineering
Jaypee University of Information Technology
India07.2017
Skills
- Financial Regulation
- Technology Risk
- Project and Stakeholder Managment
- IT General Control & IT application control testing
- Sarbanes Oxley (SOX) 404 Reviews
- SSAE18/SOC Review (SOC 1 and SOC2)
- Infrastructure control testing
- Manage Services (SOX assistance)
- IT Governance and Implementation reviews
- Specialized IT internal audits
- Cloud Migration Reviews
- Program Assurance
- APRA Compliance ( CPS234/CPS230) Reviews
Certification
- Certified Information System Auditor (CISA)
- Azure Fundamentals (AZ-900)
- COBIT 5
Accomplishments
- Awarded multiple 'On Site Recognition' and 'Extra Miler/Exceptional Client Service' awards.
- Secretary and Head Girl, JUIT Youth Club.
- Chief Advisor, Director & Secretary, Rotaract Club of Waknaghat.
- Secretary General, Jaypee Model United Nations.
- Appointed as Gender Champion of the student council.
Timeline
Technology Risk Manager
EY Australia
04.2022 - Current
Senior Consultant
EY LLP
12.2017 - 03.2022
Bachelor of Technology - Computer Science And Engineering
Jaypee University of Information Technology
Similar Profiles
Stephanie JenkinsStephanie Jenkins
Consulting Support & Executive Assistant at EY AustraliaConsulting Support & Executive Assistant at EY Australia
Tafadzwa BayeTafadzwa Baye
Audit Manager at EY AustraliaAudit Manager at EY Australia
Arjun NambiarArjun Nambiar
Director - Global Trade Advisory at Deloitte AustraliaDirector - Global Trade Advisory at Deloitte Australia
Saif AhmedSaif Ahmed
Chef at L V PRASADChef at L V PRASAD
Mehtaj KaurMehtaj Kaur
Operations Assistant at ZaraOperations Assistant at Zara