SAMEER MUNDHRA
Purley,UK
Summary
A highly strategic and results-driven Technology Risk leader with over 20 years of experience primarily in the Financial Services and Insurance sectors. Specialize in safeguarding critical IT infrastructure and applications through robust IT Risk and Control governance and aligning IT risk management with core business objectives. With a strong business acumen and an innovative mindset, my expertise includes developing and implementing policies and standards, conducting risk and controls assessments, managing risk registers, and leading teams in the full IT risk management lifecycle – from identification and control gap assessment to mitigation and tracking – and implementing measures to protect a bank's intellectual property. Expertise in developing pragmatic, long-term strategies encompassing Cloud, safeguarding data, and streamline operations, while mentoring teams to build high-performing, modern IT functions. Excellent communicator, experienced in building cross-functional partnerships and presenting strategy and risk assessments confidently at the Executive/Board level.
Overview
25
25
years of professional experience
7
7
years of post-secondary education
1
1
Certification
Work history
Associate Director, Audit and Assurance
Deloitte
London, UK
11.2018 - 06.2025
- Manage and lead a team of over 25 IT risk professionals to identify and mitigate technology and operational risks within the banking, fintech, and insurance sectors.
- Help clients to implement a robust IT risk and control framework to safeguard the IT assets and infrastructure and ensuring compliance.
- Spearheaded projects to help clients on key areas like cybersecurity, operational resilience, and digital transformation, making sure our recommendations directly supported their strategic objectives.
- Helped clients to help develop, document, and implement comprehensive IT risk policies and standards aligned with industry best practices and regulatory requirements.
- Implemented processes for supplier security assurance, conducting risk assessments of third-party vendors and ensuring their compliance with clients security standards.
- Led multiple cloud security assessments across Google Cloud, Microsoft Azure, and AWS—helping organizations identify critical vulnerabilities and strengthen security and enhancing the overall IT risk posture in these complex cloud environments.
- Delivered internal audit and cyber risk reviews for top financial institutions, helping clients identifying vulnerabilities across IT infrastructure and applications.
- Designed and implemented risk-based testing templates and audit programs based on industry standards like NIST, ISO, SOX and PCI-DSS standards to enhance their IT risk management and compliance efforts.
- Collaborated with cross functional teams and presented clear, concise risk assessments, and controls and remediation plans to help address identified risks, control gaps, and mitigation efforts across the technology landscape.
- Developed and delivered specialized risk and technical training, enhancing the expertise of the IT risk and control governance teams.
- Championed the sector-specific maturity benchmarks to help clients evaluate and enhance their IT risk posture compared to industry peers.
Senior Manager Tech Risk – Banking
KPMG
London, UK
11.2016 - 11.2018
- Partnered with business and technology stakeholders to assess and modernize IT, cybersecurity, and change management policies—ensuring governance frameworks remained aligned with business goals, regulatory requirements, and evolving risk landscapes.
- Designed and implemented Incident and Problem Management frameworks for enterprise clients, developing KPIs, KRIs, and escalation processes to support operational resilience, proactive risk management, and service reliability.
- Developed a comprehensive Target Operating Model for mid-sized bank, conducting current-state assessments, gap analyses, and future-state design to align IT operations with regulatory expectations and strategic business outcomes.
- Led NIST Cybersecurity Framework assessments, supporting cloud security posture improvements and helping clients reduce exposure to cyber threats through actionable remediation plan.
- Advised Bank of England on a critical data center migration and change management review, focusing on infrastructure resilience, network architecture, and governance processes.
- Led IT audit engagements for major banking clients, including Barclays, leveraging data analytics to increase audit precision, drive cost-efficiency, and deliver actionable insights.
- Managed and developed a 15-person multi-location team, fostering delivery excellence, collaboration, and support for global operations—demonstrating leadership and people development skills critical for building a high-performing technology function.
Senior Manager IT
EY
Bangalore, India
02.2012 - 10.2016
- Led a large, cross-functional team of 30 professionals across financial and non-financial services projects, delivering over 70,000 hours of work—demonstrating the ability to scale delivery operations while maintaining high quality and efficiency.
- Secured and delivered high-value internal control testing contracts, including for global institutions like HSBC, coordinating across multiple international locations.
- Deep expertise in IT compliance, audit, and regulatory frameworks—including SOX, PCI-DSS, ISO 27001, COBIT, and ISAE 3402.
- Oversaw IT audit integration and quality governance for the Risk practice, ensuring audit integrity and risk management across both Financial Services and Non-Financial Services portfolios.
- Advised clients on Identity and Access Management (IAM), identifying and addressing excessive privileged access and implementing a robust, role-based access control model.
- Led talent acquisition and team-building initiatives, managing hiring across graduate and experienced levels.
Manager IT Risk and Assurance
EY
Boston, USA
12.2010 - 02.2012
- Directed a team of 6 to perform a detailed privacy assessment for a financial institution, ensuring compliance with Massachusetts 201 CMR 17.00 data protection regulations.
- Led a team of 4 to conduct a thorough assessment of Business Continuity and Disaster Recovery plans for a global asset management firm.
- Led a team of six to assess patch management system for a major healthcare client and presented key findings to CIO and CEO.
- Led and supervised teams performing SOX audits for insurance and technology clients.
- Led a 4-member team to deliver comprehensive SSAE 16 reports for multiple banking clients.
Manager Information Risk & Compliance
TJX
Boston, USA
08.2007 - 12.2010
- Led a 15-person team to develop a cybersecurity framework in response to a credit card data breach, ensuring compliance with PCI-DSS, FTC, and state privacy laws.
- Partnered with security engineers to implement real-time threat detection using ArcSight, improving monitoring of systems handling sensitive payment data.
- Redesigned the change management process, leading to an 80% efficiency gain.
- Directed the implementation of a user access recertification system, addressing security gaps and ensuring regulatory compliance across multiple business units.
- Streamlined SOX controls testing and documentation, resulting in $1M+ annual savings in audit and storage costs.
- Fostered a positive work environment with regular team-building activities.
Experienced IT Consultant
PricewaterhouseCoopers
Boston, USA
08.2005 - 08.2007
- Led a team of 6 to conduct thorough security assessments, including penetration testing, and provided recommendations to improve the security posture of clients.
- Performed detailed risk analysis for healthcare and insurance clients, preparing them for Privacy and SOX 404 regulatory compliance assessments.
- Contributed significantly toward Oracle Financial ERP system implementation for a major banking client, collaborating with business groups and managing project delivery.
- Led a 8-person team to redesign client's asset management system, eliminating inefficiencies.
Software Engineer
FreeMarkets Inc
Pittsburgh, USA
02.2001 - 05.2002
- Collected and analysed requirements for migrating FreeMarkets auction software to Microsoft's .NET platform.
- Analysed the strategic implications of moving from Java to Microsoft's .NET platform.
- Assisted in system design and architecture for the new application based on .Net Platform and SQL server database.
Technical Consultant
Spectrum Solutions
Pittsburgh, USA
08.2000 - 02.2001
- Engaged with customers to understand their needs and business processes, then used that insight to recommend new system features and draft detailed requirements.
- Designed and developed the entire backend system for processing customer orders using Java and SQL Server.
Project Lead and Web Developer
HCL Comnet
Delhi, India
01.2000 - 08.2000
- Successfully led teams from requirements gathering through to on-time, within-budget delivery, consistently earning positive client feedback and securing follow-on work.
Education
Master of Business Administration - Management Information Systems
Bentley College
Boston, USA 01.2004 - 05.2005
Master of Science - Information Technology
Bentley College
Boston, USA 09.2002 - 05.2004
Bachelor of Commerce - Accounting
Delhi University
Delhi, India 04.1995 - 04.1999
Skills
Project Management: MS Project, Monday.Com, Trello
Database Management and Data Analytics: MS SQL Server, Oracle, DB2, MYSQL, ACL, MS Access, Monarch, IDEA, Teradata, MongoDB
Programming/ Web Development: Java, C++, C, Visual Studio. NET, C#, VB.NET, ASP, JavaScript, XML, XSL, Python
Data Modelling : MS Visio, ER Studio, Smart Draw, ACL, Monarch
Operating Systems/Platforms: Windows, UNIX, Solaris, Linux, AS400, Linux, Mainframe (ACF2, RACF), HP NonStop (Tandem)
ERP Packages: SAP, Oracle Financials, Netsuite
Cloud Applications – Office 365, GitHub, Okta, AWS, GCP, Azure
Frameworks/Reporting – NIST, AAF, CASS, SOX, JSOX, COBIT, COSO, PCI DSS, Safeguarding, ISA and Third party reporting (ISAE 3402, SSAE 16 and 18)
Tools: Splunk, Guardiam, Tripwire, SailPoint, ServiceNow, Jira, GitHub
Key Soft Skills: Strategic leadership, Client Centric, Result Oriented, Global perspective, Attention to detail, Out of box thinking, Collaboration, Risk Management, Business acumen, Budgeting and forecasting, Interpersonal communication, Analytical-thinking
Certification
Certified Information Security Auditor (CISA) Certified June 2004
Certified Information Security Manager (CISM) Certified June 2008
ISO 27001 Lead Auditor Certified December 2012
Timeline
Associate Director, Audit and Assurance
Deloitte
11.2018 - 06.2025
Senior Manager Tech Risk – Banking
KPMG
11.2016 - 11.2018
Senior Manager IT
EY
02.2012 - 10.2016
Manager IT Risk and Assurance
EY
12.2010 - 02.2012
Manager Information Risk & Compliance
TJX
08.2007 - 12.2010
Experienced IT Consultant
PricewaterhouseCoopers
08.2005 - 08.2007
Master of Business Administration - Management Information Systems
Bentley College
01.2004 - 05.2005
Master of Science - Information Technology
Bentley College
09.2002 - 05.2004
Software Engineer
FreeMarkets Inc
02.2001 - 05.2002
Technical Consultant
Spectrum Solutions
08.2000 - 02.2001
Project Lead and Web Developer
HCL Comnet
01.2000 - 08.2000
Bachelor of Commerce - Accounting
Delhi University
04.1995 - 04.1999
Similar Profiles
Caitlin Nicole OelofseCaitlin Nicole Oelofse
Chartered Accountancy Articles at DeloitteChartered Accountancy Articles at Deloitte
Aryaman ChandelAryaman Chandel
Intern at DeloitteIntern at Deloitte
Fatima Zahra NouissiFatima Zahra Nouissi
Consultante Fonctionnelle SAP PP Confirmée at DeloitteConsultante Fonctionnelle SAP PP Confirmée at Deloitte
Ashutosh PatraAshutosh Patra
Consultant at DeloitteConsultant at Deloitte
Isabella LopezIsabella Lopez
Head of School Office at Trinity SchoolHead of School Office at Trinity School