PARASTOO JAVADI
San Francisco Bay Area
Summary
Technology risk and compliance leader with 12+ years building and maturing IT compliance programs across enterprise systems and cloud. Proven partner to IT, Quality, Legal, and Audit—driving audit readiness, pragmatic controls, and measurable risk reduction without slowing the business. Significant life sciences audit exposure (biopharma/CDMO, med device) from planning through leadership and execution; translate complex regulatory expectations into operational IT controls.
Overview
12
12
years of professional experience
Work History
Associate Director
Protiviti
San Francisco Bay Area
04.2020 - Current
- Company Overview: IT Internal Audit & Financial Advisory
- Own management testing & QAR across ~70 SOX apps/quarter; reduce findings before external audit.
- Build IT governance mapped to SOX/ITGC; align to NIST/ISO 27001.
- Lead IT risk assessments, SoD, emergency access, and periodic access reviews across ERP/key systems.
- Improve change management (risk-based gating, evidence automation, ticket quality).
- Run audit readiness (internal/external); manage issues to timely closure and prevent recurrences.
- Deliver exec dashboards for audit posture, risk heatmaps, remediation velocity (Power BI/Tableau).
- Partner with Cybersecurity & Legal/Privacy; streamline evidence and minimize duplicate testing.
- Lead and mentor teams; manage staffing and budgets on multi-million-dollar programs.
- Life sciences portfolio: pharma/biotech/CDMO; align to GxP, Part 11, ALCOA+; collaborate with Quality/CSV (URS/FS/DS, IQ/OQ/PQ, traceability, ER/ES).
- Harden ERP/EBR/MES/LIMS controls (SoD, access reviews, change control for validated systems) while maintaining release agility.
- Prepare for FDA/EMA & Big 4 audits; close findings on time; prevent repeats.
- IT Internal Audit & Financial Advisory
Senior IT Advisory
KPMG US
07.2013 - 03.2020
- Company Overview: Senior IT Advisory
- Tech risk, IT audit & compliance across financial services, technology, and life sciences.
- Lead SOX 404 ITGC & automated control testing; resolve design gaps and elevate evidence quality.
- For life sciences: map controls to Part 11; support risk-based validation and data-integrity remediation.
- Implement controls libraries and standardized testing; shorten audit cycles.
- Senior IT Advisory
Senior Security Specialist
E*TRADE (now Morgan Stanley)
San Francisco Bay Area
04.2016 - 05.2018
- Company Overview: Senior Security Specialist
- Support security & compliance initiatives; harden access controls.
- Improve IAM reviews and evidence automation.
- Senior Security Specialist
Education
M.S. - Information Systems
Santa Clara University, Leavey School of Business
07-2013
B.S. - Nuclear Physics
University of Tehran
01.2009
Skills
- SOX 404
- ITGC
- ERP SoD & Access Controls
- Automated Business Controls
- IT Risk Assessments & Control Design
- Audit Readiness
- Change Management for Production/Validated Systems
- Issue Management & Remediation
- Policies/SOPs & IT Governance
- GRC
- Identity & Access
- Cloud Compliance
- Metrics & Dashboards
- Vendor/Third-Party Risk
- Training & Awareness
Websites
Selected Achievements
- Pre-test/QAR model reduced audit findings and rework before external testing.
- Raised access-control maturity (SoD rulesets, firefighter access, quarterly reviews).
- Accelerated remediation via issue triage, SLAs, and dashboards.
- Fewer release exceptions through risk-based change-control & better evidence templates.
- Life sciences: Part 11/GxP readiness; better validation/change-control docs; eliminated recurring data-integrity issues.
- Led FDA/EMA & Big 4 readiness; closed findings within SLAs; prevented repeats.
Regulatory And Standards
- SOX (expert)
- GxP/CSV & FDA 21 CFR Part 11 (substantial exposure)
- GDPR/HIPAA (working knowledge)
- NIST CSF & ISO 27001 (aligned)
Core Capabilities
- SOX 404 / ITGC
- ERP SoD & Access Controls (SAP/Oracle)
- Automated Business Controls
- IT Risk Assessments & Control Design
- Audit Readiness (internal/external)
- Change Management for Production/Validated Systems
- Issue Management & Remediation
- Policies/SOPs & IT Governance
- GRC (ServiceNow/Archer or equivalent)
- Identity & Access (Azure AD/Okta/SailPoint)
- Cloud Compliance (AWS/Azure/GCP)
- Metrics & Dashboards (Power BI/Tableau)
- Vendor/Third-Party Risk
- Training & Awareness
Timeline
Associate Director
Protiviti
04.2020 - Current
Senior Security Specialist
E*TRADE (now Morgan Stanley)
04.2016 - 05.2018
Senior IT Advisory
KPMG US
07.2013 - 03.2020
M.S. - Information Systems
Santa Clara University, Leavey School of Business
B.S. - Nuclear Physics
University of Tehran
Similar Profiles
Amol Prabhakar BhavakeAmol Prabhakar Bhavake
SAP MM/WM/EWM Functional Consultant at ProtivitiSAP MM/WM/EWM Functional Consultant at Protiviti
Tabitha KomaromiTabitha Komaromi
Registration Specialist at ProtivitiRegistration Specialist at Protiviti
Divya Rani TatiparthiDivya Rani Tatiparthi
Deputy Manager at ProtivitiDeputy Manager at Protiviti
John ReynoldsJohn Reynolds
East Region Senior Financial Analyst at ProtivitiEast Region Senior Financial Analyst at Protiviti
Jennifer RobertsJennifer Roberts
Associate Chief Marketing Officer at UCSF HealthAssociate Chief Marketing Officer at UCSF Health