Samir Shah Profile, Director Mumbai

Samir Shah

Director

Likes

Followers

1880

Profile Visits

165

Total Points

Report abuse

About me

Member Since : 27 December 2011 (Mumbai)

Samir Shah

CA, CISSP, CISA, CIA, CFE

Summary

Senior professional with core skills in IT Audit, IT Risk Governance, Information Security & BCP domains.
15+ years of experience in Information Technology Risk and Auditing.
Worked for top notch Financial Services Company and Big 4 consulting firm.

Expert knowledge of business processes and Information systems.

Extensive project execution for the Financial Services and IT / ITES companies.
Exposure to project execution in various countries like USA, UK, Canada, Singapore, Hong Kong etc.
Sound knowledge of various compliance requirements like SOX, GLBA, FCPA.
Expert knowledge on Methodologies and standards like ISO 27001, ISO 31000, COSO and COBIT.

Teaching Background

Coached several batches of DISA (ICAI) course
Conducted several workshops and served as speaker at BCAS and ISACA for topics related to IT Audit, Business Continuity, Fraud Investigation, Information Security and CAAT’s.

Significant contribution to Thought Leadership publications and research materials
Worked in publications department and as a faculty with a leading coaching classes in Mumbai

Functional Skills and Technical Skills

Core skills in planning, execution and reporting for Risk based audits
In depth understanding of IT Systems and underlying business processes for Financial services and IT / ITES Companies
Expert knowledge of Business Continuity and Disaster Recovery domain
In depth understanding of Information Security concepts
In depth Knowledge of standards and methodologies like COSO, COBIT, ISO 27001, BS 25999
Knowledge of SOX, GLBA, SAS 70, PCI requirements
Expert knowledge of in house tools and third party CAATS like ACL
Knowledge and understanding of Windows & UNIX operating Systems
Knowledge and understanding of operational and security aspects of MS-SQL and Oracle databases
Knowledge and understanding of networking and related security aspects

Education

Chartered Accountant (CA)
CISA (Certified Information Systems Auditor) from ISACA, USA
CISSP from ISC²
CIA (Certified Internal Auditor) from “The Institute of Internal Auditors, USA”
BS7799 Lead Auditor from British Standards Institute, UK
DISA (Diploma in Information Systems Audit from The Institute of Charted Accountants of India (ICAI)
CFE (Certified Fraud Examiner) from ACFE
Bachelor Degree in Commerce

Work Experience

Nomura

Vice President and Head of IT Governance and Control, India

www.nomura.com

Job Content:

Technology Risk identification, classification, measurement and remediation
Managing the Governance office for Operational Risk, Internal Audit, External Audit and Regulators
Managing the Project office for ITGC initiatives in risk management
Management of the Global program of Source Code Repositories access management
Management of the Global program of Identity and Access Control
Risk assessment and mitigation of the global data organization and job schedulers
Set up and conduct of the Technology Risk Forum and Technology Risk Information Exchange Programs

<>ü

Morgan Stanley
Head of Technology Audit, India www.morganstanley.com Job Content:
IT Risk Governance involving identification of IT risk universe, risk assessment, audit planning, audit execution, audit reporting, discussions with senior management and audit committees Managing local, regional and global teams Executing Application and Infrastructure audits Continuous interaction with the management of Institutional Securities, Wealth Management and Asset Management businesses Planning and execution of audits on business processes and related IT Applications for these businesses. Planning and execution of infrastructure audits involving data centers, offshore development centers, market data infrastructure and support functions Planning and execution of IT Audits on IT and Operations vendors Development of internal standards and guidelines Continuous monitoring on local and regional IT Management
Ernst & Young	Manager
TSRS within Risk and Business Solutions www.ey.com Job Content:
Design and delivery of assurance services for Financial Services and IT / ITES clients Managing a team of consultants Design and delivery of Assurance solutions like IT Audits, Information Security assessments, Vendor risk assessments, PCI Assessments, SAS 70 Design and delivery of Consultancy services in Business Continuity, IT Risk, ISO 27001 certification and Vendor Risk Management domains Development of Thought leaderships and research publications
Global E Secure Ltd.	Practice Manager
Professional Services Department A company focused on Assurance solutions and Information Security services and part of GTL group. www.gtllimited.com Job Content:
Managing professional services department Solutions design, estimation, team deployment, client interactions and relationship for various assurance and advisory solutions like IT Audits, Business Continuity assessment and development, Certification assistance for standards like ISO 27001, SOX compliance advisory and Vendor risk assessments Team recruitment, training and deployment <>ü
Complete Business Solutions India Ltd.	External Consultant
ERP and Information Security Consulting www.covansys.com Job Content:
IT Audit for a very large public sector oil company for key applications and infrastructure components Hinesh R Doshi & Co., Chartered Accountants Partner An Audit and Accounting Firm with multinational clients. Job Content: Internal Audit of Multi National and Indian companies Application audit of Financial accounting systems Regulatory compliance and Reporting Managing team of Audit Executives and Articled trainees M. M. Nissim & Co. and Hinesh R. Doshi & Co. Articled Clerk & Audit Executive Chartered Accountancy Firms Job Content: Internal Audit of Multi National and Indian companies