Chandhala V V Eswararao

CISA (Certified)
ISO 27001-2022 Lead Auditor (Certified)

Professional Summary:
Dedicated and accomplished professional with a proven track record in IT audit, security,
risk assessment, Cyber security audits of Banks (Bank CSF), and compliance across a spectrum of
regulatory frameworks, including NIST, Sarbanes-Oxley (SoX), ISO and SOC. With 6 years of
experience, I have successfully led and executed comprehensive IT audits, ensuring the alignment
of information technology controls with industry standards and regulatory requirements. My
expertise extends to conducting thorough risk assessments, developing robust risk management
strategies, and ensuring compliance with a myriad of regulatory frameworks, including NIST, ISO,
GDPR, CCPA, RBI. Seeking a challenging role where I can leverage this extensive skill set to
contribute to the organization's overall security, risk resilience, and compliance initiatives.

Certification:
 CISA certification
 ISO 27001:2022 Lead Auditor from TUV (non ICRA)
 ISO 27001:2022 Lead Auditor from BSI (ICRA)

Key Skills:
● ITGC
● IT Auditing
● Compliance Management
● Risk Management
● ISMS Implementation
● ISO 27001 (ISMS) Audit
● ISO 22301 (BCMS) Audit
 ● BCM & DR
● NIST 800-53
● NIST CSF
● CISO audits
● Bank Audits

Professional Experience:
Key Deliverables:
● Responsible for IT risk and technical compliance assessment activities.
● Conducts periodic audit reviews on SOX (Sarbanes-Oxley) and ITGC (Information
Technology General Controls) control policies.
● Participates in SOC2 Type 2 Audits.
● Develops, controls, and monitors policy compliance on the infrastructure environment.
● Utilizes Qualys for policy compliance scans.
● Develops and publishes information security policies, procedures, standards, and
guidelines.
● Participates in Business Unit Policy reviews in collaboration with clients.
● Documents ISMS (Information Security Management System) policies, procedures, and
internal documents.
● Worked on ISO 27001:2013 and 27001:2022 Information Security Management Systems.
● Responsible for interaction with the client and providing assistance.
● Monitors and tracks the progress of found vulnerabilities and maintains a historical record.
● Explains and demonstrates vulnerabilities to application/system owners.
● Provides recommendations for mitigation.
● Critically evaluate and align organizational information security and privacy practices with
the HITRUST Common Security Framework (CSF), ensuring robust safeguards.
● Oversee adherence to HIPAA regulations for covered entities and business associates,
focusing on privacy, security, and confidentiality of protected health information (PHI).

Roles & Responsibilities at Protiviti India Member Pvt Ltd (Sep 2022 to May 2023):
● Identify internal control issues in clients' IT environments.
● Develop gap analyses and provide recommendations for improvements.
● Understand core IT processes for efficiency and control optimization.
● Lead and manage ITGC and ITACs audit engagements, from planning to execution.
● Perform detailed testing of controls, identify gaps, weaknesses, and improvement areas.
● Prepare and present audit findings and recommendations to clients and senior
management.
● Utilize Root Cause Analysis (RCA) and suggest improvement opportunities.
 ● Proficiency in using IT audit and data analytical tools for extracting and analyzing data.
● Strong knowledge of ERPs (e.g., SAP, OFIN, JDE) and their native controls.
● Evaluate the effectiveness of ITGC controls around key financial applications.
● Apply current knowledge of IT trends, techniques, and risks.
● Assess security measures in key areas like Cloud Computing, Cyber Risks, Network Security.
● Perform testing of IT Application Controls, IPE, Interface Controls, and IT General Controls.
● Evaluate controls effectiveness, including TOD and TOE.
● Prepare/review policies, procedures, SOPs.
● Maintain relationships with client management and project managers.
● Demonstrate a thorough understanding of complex information systems.
● Coordinate effectively with engagement managers and client management.
● Collaborate with the engagement team to plan and develop relevant workpapers/
deliverables.
● Independently execute technology audits and cybersecurity assignments.
● Plan, organize, and monitor project operations within budgeted timelines.
● Perform comprehensive audits and assessments, reviewing administrative, physical, and
technical safeguards, and conducting risk analyses basis on HAPAA.
● Assess and improve security controls, privacy controls, and breach response procedures to
safeguard PHI.

Roles & Responsibilities at Envensys Technologies Pvt. Ltd (Dec 2016 to Sep 2022):
● Collaborate with management to understand business objectives and IT systems.
● Develop an audit plan, including the scope, objectives, and timelines.
● Identify and assess risks associated with IT general controls.
● Evaluate the design and operating effectiveness of controls to mitigate identified risks.
● Review and assess controls related to IT processes, including access management, change
management, backup management, incident and problem management, data migration,
and business continuity.
● Conduct detailed testing of IT general controls to identify control gaps, weaknesses, and
areas for improvement.
● Perform fieldwork and share daily progress with supervisors and project managers.
● Maintain accurate and detailed workpapers documenting audit procedures, findings, and
conclusions.
● Prepare and review policies, procedures, and Standard Operating Procedures (SOPs).
● Prepare audit findings, recommendations, and reports.
● Present findings to clients and senior management, highlighting areas of concern and
improvement opportunities.
● Ensure compliance with relevant regulations and standards (e.g., SOX 404, SOC-1, SOC-2).
 ● Stay updated on IT industry regulations, standards, and benchmarks (e.g., NIST, PCI-DSS,
ITIL, COBIT).
● Have proficiency in Microsoft Word, Excel, Visio, and other MS Office tools.
● Apply current knowledge of IT trends, techniques, and risks to identify security and risk
management improvement opportunities.
● Stay informed about emerging technologies and their impact on IT controls.
● Collaborate with other members of the engagement team to plan and execute the audit.
● Coordinate effectively with the engagement manager, client management, and other
stakeholders.
● Participate in technology audit and cybersecurity assignments.
● Assist in developing new methodologies and internal initiatives.
● Actively participate in a positive learning culture and contribute to the development of less
experienced staff.
● Maintain relationships with client management and project managers.
● Manage expectations of service, including work products, timing, and deliverables.

Work History:
 Deputy Manager at RSM India Ltd. – 2nd May 2024 to 7th Aug 2024.
 Manager at Protiviti India Member Pvt Ltd – 21st Sep 2022 to 25th May 2023
 IT Analyst at Envensys Technologies Pvt. Ltd – 6th Dec 2016 to 20th Sep 2022

Education:
 M.Sc from Sri Venkateshwara University - 2011