Summary
Overview
Work History
Education
Skills
AWARDS
Accomplishments
Languages
Timeline
Generic

Hima Bhatia

Toronto,ON

Summary

Experienced Information Security and Data Privacy professional with over 5 years of work experience in conducting IT Audit (controls testing) and providing independent and objective assurance to stakeholders through solution-oriented and creative problem-solving skills. Proficient in Internal and External Audit, devising successful improvement strategies and implementing cybersecurity governance frameworks. Sector-spanning expertise in Health, Consumer, Telecommunications, and Banking across Central America, Canada, and India.

Overview

6
6
years of professional experience

Work History

Senior Consultant

KPMG LLP
03.2024 - Current
  • Independently tested the ITGC's for the areas pertaining to access management, change management, IT Operations management and segregation of duties.
  • Independently performed business process walkthrough, tested the design and operating effectiveness as part of internal/external audit engagements and recommended best practices for robust control environment and compliance.
  • Independently re-performed the data migration testing, SDLC reviews, ITGC Testing and ITAC testing and communicated the results to the senior management.
  • Assessed the risks of IT Audit findings, identified mitigating controls, and incorporate in IT Process framework continual improvement
  • Presented findings and recommendations to executive-level stakeholders, effectively communicating key insights and action plans.
  • Performed the review of SOC reports and evaluated the same for multiple clients.
  • Assisted manager in pre-planning phase of the audit and worked directly with the partner on end-to-end GL conversion project for one of the leading MNC
  • Facilitated a training session to mentor senior consultants/consultants about the approach to be followed for testing GITC and ITAC
  • Coached senior consultants, consultants and new hires helping them enhance their skills and contribute more effectively to projects.

Senior IT Auditor

Deloitte Canada
11.2023 - 02.2024
  • Conducted comprehensive SOC 1 and SOC 2 audits, defining clear scopes and aligning objectives with organizational goals.
  • Reviewed and analyzed previous SOC reports, addressing identified issues and ensuring implementation of necessary improvements.
  • Led pre-assessment activities, identifying potential risks and developing detailed audit plans with well-defined timelines.
  • Performed detailed risk assessments, considering inherent and residual risks, and prioritized areas for examination.
  • Designed and executed effective testing procedures in alignment with audit objectives and industry standards.
  • Maintained meticulous documentation of audit processes, findings, and conclusions, ensuring transparency and accountability.

IT Auditor

Cogeco Telecommunications
05.2023 - 08.2023
  • Conducted IT risk assessments to provide exception/exposure reporting & remediation plans to the IT Audit Director.
  • Performed business cycle controls (BCCs), IT general controls (ITGCs) review, Migration Testing, and segregation of duties analysis.
  • Assessed the risks of IT security audit findings, identified mitigating controls, and incorporated IT process framework continual improvement.
  • Recommended improvements to the existing compliance landscape based on the industry best practices.
  • Assessed in-depth evaluations of systems, networks, and applications to gauge their security posture.
  • Assisted in the development and updating of IT standards, policies, procedures, and repeatable processes by collaborating with technical SME's.

Associate Consultant

KPMG Global Services
05.2021 - 07.2022
  • Performed review responsibilities and delegated tasks to the team related to the design and operating effectiveness of IT systems and related controls in support of organizational information/data security, IT systems and their components.
  • Lead walkthrough meetings to understand the processes for IT Application controls (Interface, Configuration, and IPE) as well as ITGC's and obtain evidence to perform the testing.
  • Improved overall team performance by introducing them to new technological concepts, provided individual and group training, guided individuals to become better security professionals.
  • Collaborated with Client's IT Security Teams to establish an effective information security audit program in addition to analyzing and interpreting IS audit results. Furthermore, reported results, thereby providing recommendations to the system owner(s).
  • Lead and supported the assessment, monitoring and remediation of compliance issues including working with third-party auditors.

Analyst

EY Global Delivery Services
06.2019 - 05.2021
  • Performed IT security audits for client's information systems, platforms, and operating procedures in accordance with established policies, framework & corporate standards for efficiency, accuracy, and security.
  • Collaborated with Client's IT Security teams to ensure that security controls and mechanisms are integrated into the architecture, in addition to recommend security enhancements for existing systems.
  • Responsible for performing Infrastructure security reviews at OS and DB Level (assessment of security, password configurations and privileged access).
  • Collaborated with the IT Management team to align governance for standards, policies, and procedures with core IT disciplines of Security, Support services, Infrastructure, Application Development & Management, Change Management and Risk Management.
  • Worked on various SOC1/SOC2 reports involving constant client communication and assisting the client from the design phase towards the drafting of the SOC Report.
  • Prepared placemats to ensure IT processes and controls are efficient, maintained and managed appropriately.

Education

Master of Science - Information Systems Security

Concordia University
Montreal, QC
12-2023

Bachelor of Science - Electronics & Communication Engineering

Guru Nanak Dev University
Amritsar, Punjab, India
06-2019

Skills

  • IT Audit/ GRC: SOX, C-198, FAIT, NIST, PCI-DSS, Internal Audit, ITAC, GITC, SOC Reports, Infrastructure Reviews (OS and DB), Data Analysis, SDLC Review, GL Conversion
  • Cybersecurity: Systems Security, Vulnerability Management, Privacy and Data Security Controls, Identity and Access Management, Database Activity Monitoring
  • Programming: Java, Python, C, C, MySQL
  • Tools: CyberArk, Imperva, Idea CaseWare, SailPoint, ServiceNow, Jira

AWARDS

  • Spot Awards (KPMG LLP) – November 2024 and March 2025
  • Busy Season Star Performer (KGS) – October 2021 and September 2021
  • Calmer of the Storm (KGS) – September 2021 and August 2021
  • Onsite Recognition (EY) – January 2021
  • Spot Award (EY) – October 2020

Accomplishments

    Golden Key Academy Member - High Achieving Graduate Student, in Dean's list of top 10 % students

    Concordia University, Montreal

Languages

English
Full Professional
Hindi
Full Professional
Punjabi
Full Professional
French
Elementary

Timeline

Senior Consultant

KPMG LLP
03.2024 - Current

Senior IT Auditor

Deloitte Canada
11.2023 - 02.2024

IT Auditor

Cogeco Telecommunications
05.2023 - 08.2023

Associate Consultant

KPMG Global Services
05.2021 - 07.2022

Analyst

EY Global Delivery Services
06.2019 - 05.2021

Master of Science - Information Systems Security

Concordia University

Bachelor of Science - Electronics & Communication Engineering

Guru Nanak Dev University

Similar Profiles

CREATE PROFILE
Hima Bhatia