Swathi Darsi

• Key point of contact for the Technology Line of Business Controls Management team in performing Operational Controls Testing as a part of First Line of Defense (FLOD) team.
• Lead Control Evaluations for multiple process areas in Technology such as Application Lifecycle Management (ALM), Patch Management, Third Party Vendor risk management, Access Management etc.
• Closely involved in the discussions with stakeholders in Technology teams, Risk identification teams, Business control management teams, CIOs and their downlinks of various technology groups within the bank.
• Reporting & communicating the control evaluation results to the process owners for identifying issues and corrective actions before audit cycle

• Leading the In-flight QC reviews program on Control Evaluations performed for various Technology processes and Information Cyber Security Processes.
• Working closely with the controls execution team for some of the critical regulatory adherence programs (TCP/MRA Regulatory Adherence).
• Created QC Template for the program which is closely aligned with the Self Assurance policy and procedures.
• Created playbooks and conducted trainings on effectively performing QC Reviews.
• Knowledge and experience on Operational Risk Management Tool - Archer based SHRP (Shared Risk Platform) application .
• Administratively leading the Quality Practices program for Technology Controls Self Assurance (or Control Evaluations) team from WF India with a team size of 7.

· Provide a Compliance oversight by utilizing risk-based assessment principles to address key compliance risk management objectives

· Contractual Compliance Tests: Involved in testing the most critical obligations in contracts that are risk prone and needs mitigation in order to have a healthy relation with the clients who are being offered the services. Managing Risk and Compliance posture for the clients based on the MSA and contractual requirements.

Regulatory Compliance Tests: Performing regulatory based reviews for the internal business and for those processes complying with specific regulations like (GLBA, FHA, DODD FRANK ACT, HIPAA and SOX).

Operational Compliance Tests: Timely assessments of frequently performed activities by BU and analyzing the problem areas. (Action Plan tests, License Validations, Trainings etc.)

Delivery Lead and Single Point of Contact (SPOC) for the US based IT Attestation clients on various IT Application Controls, Business Controls based on COSO/COBIT Framework.

· GITC controls testing, application controls testing, report testing for External Audit & Internal Audit clients.

SSAE 16 Audits: Worked on multiple SOC 1 and a few SOC 2 clients to test the different application controls and the general IT controls for the Service Organizations.

SOX Compliance Audits: Worked on multiple engagements to test the IT controls linked to Organizations Business processes to ensure a fully complied quality assured SOX Audit.

Trained and supported new team members, maintaining culture of collaboration.