Narayan Sathia

Experience across technology audit and advisory projects for large and mid tier clients within Banking and Insurance sector. My experience spans IT audit coverage (end to end) enhanced by exposure to advisory work related to Cyber, CBEST, resilience, governance and UK regulatory interactions

IT Governance:
- Lead audits and part of skilled person (S166) reviews for major banks and UK FMI's resulting in enhanced governance and management of IT operations. Conversant with senior stakeholder management including Board interaction to land contentious governance assessments.

Infrastructure:
- Audit Lead for Infrastructure focused reviews like End point computing, Configuration Management, Privileged access where the focus was on gauging effectiveness of underpinning IT infrastructure to critical business operations

Cyber security:
- Experience in conducting cyber security audits, skilled person reviews, NIST assessments tailored to maturity and needs of the organisation with focus on both macro (strategy , operating model) and micro (Firewall reviews brining to fore both management and governance of security

Resilience:
- Experience in conducting DR, resiliency, BCP audits with focus on IT operational efficiency.

Regulatory:
- Audit Lead for data focused audits like GLBA (Gramm Leach Bliley Act), Data Loss prevention, to better enable the Bank protect their confidential data leakage across Data at rest, motion and use. Also led the effort to document the current state operations as it relates to data privacy.
- Served as the IT lead for SOX audits where focus was on ITGC Controls, e.g. Change Management, Access administration, access recertification, Privileged (break glass access), data backup, production monitoring.

Seasoned technology risk advisor with experience of delivering end to end IT audits across IT infrastructure , cyber, resiliency, and IT governance

- Led Global technology resiliency audit, where the focus was on analyzing design of technology resiliency (Disaster Recovery, High Availability and measuring maturity against FFIEC expectations.
- Led Third Party Risk Management audit, testing done included analyzing risk assessment design and validating end-to-end risk assessment process to manage Third party providers, specifically against FFIEC cyber specifications.
- Performed data center audits which included testing of environmental factors, media management and physical security of the sites where critical applications were maintained. Specifically found issues related to hazards specified under FEMA regulations (Data center observed within flood zone)
- Participated in life cycle audit engagements like SDLC/PLC & Third party oversight which included testing QA testing sufficiency, production handover, analysis of contract SLA’s and governance over third party vendors.

- Experience of testing IT application controls and business processes within Market Risk, Liquidity Risk and Operational Risk domains, specifically exception reports related to data integrity, checking for data inconsistencies in different databases, authentication of users having access to databases, usage of encryption techniques (e.g. AES) on data stored within databases.
- Performed control reviews which include change management, performance and capacity, data interfaces, data integrity, business continuity and end user computing.

Note: This period also included a 6 month internship

The Project involved gap analysis of the functional specifications provided by the banks/clients in reference to the existing software of GNSA to provide technical specifications for the software arm of GNSA InfoTech.

- Lead the development of the insurance processing module. Authored requirement documents, architected the automation process, and implemented the application at client site in time and budget.

- Led a team of three to architect the “correction” transactions processed by the Backdating Module. This helped in allowing the bank to "revert" the transactions within the same business day.

- The Project involved implementing new federal regulations for the processing of NPA (Non-Performing Assets) accounts of the bank.