Summary
Overview
Work history
Education
Skills
Timeline
Generic
Nishant Bhardwaj

Nishant Bhardwaj

London

Summary

Experienced professional with a robust background in regulatory compliance and safeguarding for regulated firms, including EMIs, PIs, TPPs, and fintechs. Demonstrated expertise in client money and asset protection (CASS), payments and transaction flows, ERP systems auditing, cybersecurity incident impact assessment, algorithm and platform assurance, technology interfaces and APIs, change governance and transformation audits, and IT general controls (ITGC). Proven track record in ensuring audit assurance over IT operational resilience and financial reporting impacts. Career goal: to leverage extensive auditing skills to enhance organisational compliance and operational efficiency.

Overview

10
10
years of professional experience
4
4
years of post-secondary education

Work history

Digital Audit Manager

PwC
London
06.2023 - 06.2025
  • Led cross-functional teams to deliver IT and digital assurance engagements, including IT general controls, application control reviews, cybersecurity assessments, and system implementation & Infrastructure audits.
  • Led the design and execution of application and automated control testing across business-critical processes supporting Client Money (CASS) , Safeguarding , and ISA/PCAOB-based audits , ensuring audit readiness and regulatory compliance.
  • Performed end-to-end money flow tracing within fintech payment ecosystems , validating automated transaction processing, reconciliation logic, and safeguarding mechanisms to support financial audit assertions around occurrence, completeness, and accuracy of revenue and client money positions.
  • Applied ISA 315 (Revised 2019), paragraph 26 & PCAOB-relevant environments , to evaluate and rely on automated and application controls relevant to material classes of transactions, ensuring that control dependencies were appropriately designed, implemented, and tested.
  • Performed detailed re-performance of management reports , validating complex financial and operational calculations through data analytics (Alteryx/excel) to ensure report integrity. Delivered targeted assurance over interfaces and APIs , assessing control points across upstream/downstream systems. Reviewed automated calculation logic within core applications (e.g., interest accruals, client money/liabilities calculations).
  • Acted as the component auditor under ISA 600 , leading coordination efforts with group and local audit teams across jurisdictions to align the scope, testing strategy, and reporting timelines for technology risk components, ensuring audit efficiency and global audit quality compliance. Further, have shown leadership by ensuring proper direction, supervision, and review of component auditor's outputs and effectively communicated scope, findings, and risks with group engagement teams.
  • Contributed to PwC's digital audit initiatives to improve efficiency and control coverage. Enhanced audit efficiency and effectiveness by leveraging AI technologies to automate data analysis, improve risk identification, and streamline control testing—delivering higher-quality insights with reduced efforts.

Technology Risk Manager

BDO
London
10.2019 - 06.2023
  • Led IT audit engagements for Financial Services clients across Banking, Wealth & Asset Management, and Insurance sectors, managing end-to-end audit lifecycle including scoping, planning, budgeting, execution, and reporting.
  • Presented IT audit findings and risk assessments directly to Audit Committees and Boards, facilitating critical discussions on IT risk impacts and control mitigations.
  • Directed external and internal audits including Financial Statement audits, ISAE 3000, Group SOx, PCAOB, and ISAE/SOC (Type I & II) reviews across diverse financial and non-financial service clients.
  • Identified sector-specific technology risks and ensured appropriate scoping and testing of controls related to Trading, Settlements, Deposits, Loans, Payment processes, Client On-boarding, and interface testing.
  • Conducted comprehensive cyber and cloud risk assessments to identify vulnerabilities, evaluate security controls, and ensure regulatory and policy compliance.
  • Assisted clients in designing and implementing robust technology risk management frameworks across multiple regulated UK and EU entities, including Business Continuity and IT resilience planning.
  • Managed and mentored audit teams performing IT General Controls (ITGC), infrastructure reviews, and automated controls testing across Financial Services and non-financial sectors.
  • Monitored regulatory changes closely, ensuring full compliance at all times.
  • Oversaw project budgets, minimizing cost overruns and financial leakage.

Technology Risk Consultant

EY
Gurgoan
07.2015 - 10.2019
  • Delivered IT audit and risk management engagements for domestic and global clients across Financial Services and other sectors, including financial audits, IT integration, IT SOX audits, SOC reporting, and Information Security risk & compliance assessments.
  • Gained deep expertise in Information Security & Risk Management, Business Continuity, Infrastructure testing, SOC 1 – Type 2 reports, and application control testing.
  • Led and executed SOC assessments and reporting engagements aligned with SSAE 18/16 standards, ensuring compliance and reliable control environment evaluation for clients.
  • Managed end-to-end IT SOX compliance audits , including detailed control mapping to COSO 2013 and COBIT 5.0 frameworks, testing IT General Controls and application controls for clients across the Americas and Europe.
  • Conducted comprehensive risk assessments and analyses of IT systems and infrastructure, identifying key risk areas and recommending appropriate control enhancements.
  • Performed full gap analyses and rigorous testing of IT General Controls, infrastructure components, and automated controls as part of internal audit assignments.
  • Contributed to the enhancement of client risk and control frameworks through Risk and Control Matrix (RACM) improvements , development of process flowcharts, and documentation of detailed process narratives.

Education

Bachelor of Technology - Electronics and Communication

Northcap University
07.2011 - 07.2015

Skills

  • Regulatory Compliance & Safeguarding : Strong understanding of safeguarding regulations applicable to regulated firms including Electronic Money Institutions (EMIs) , Payment Institutions (PIs) , Third-party Payment Providers (TPPs) , and fintechs operating prepaid cards, wallets, and international remittance services—focused on insolvency risk and client fund protection
  • Client Money & Asset Protection (CASS) : In-depth experience auditing under the FCA's Client Assets Sourcebook (CASS) for investment platforms, fund managers, and insurance intermediaries holding client money or custody assets in regulated investment activities
  • Payments & Transaction Flows : Assessment of payment service providers , payment gateways , and card scheme clearing files , including review of fund transfer data , deposit/clearing files , and automated linking of pay-in/pay-out mechanisms such as Borderless Direct Debit and SWIFT-based international transactions
  • ERP Systems Auditing : Risk and control evaluation of enterprise resource planning systems supporting financial reporting, procurement, and automated journal entries
  • Cybersecurity & Incident Impact Assessment : Cyber risk assessments and tracing of security incidents through to financial reporting impacts , ensuring audit assurance over IT operational resilience
  • Algorithm & Platform Assurance : Performed assurance over AI-driven trading/investment platforms , focusing on governance, logic integrity, and control effectiveness in automated decision-making processes
  • Technology Interfaces & APIs : Extensive experience with interface testing , microservices architecture , API integrations , and validation of external/third-party data feeds in support of financial operations and reporting
  • Change Governance & Transformation Audits : Audits over IT program development , cloud migration , data migration , and cloud interface testing , ensuring controlled change implementation aligned with regulatory expectations
  • IT General Controls (ITGC) : Comprehensive audits of change management (DevOps/ITIL) , logical access controls (including privileged access and identity access management), and computer operations (batch processing and job scheduling)

Timeline

Digital Audit Manager

PwC
06.2023 - 06.2025

Technology Risk Manager

BDO
10.2019 - 06.2023

Technology Risk Consultant

EY
07.2015 - 10.2019

Bachelor of Technology - Electronics and Communication

Northcap University
07.2011 - 07.2015
Nishant Bhardwaj