Summary
Overview
Work History
Education
Skills
Websites
Selected Achievements
Regulatory And Standards
Core Capabilities
Timeline
Generic

PARASTOO JAVADI

San Francisco Bay Area

Summary

Technology risk and compliance leader with 12+ years building and maturing IT compliance programs across enterprise systems and cloud. Proven partner to IT, Quality, Legal, and Audit—driving audit readiness, pragmatic controls, and measurable risk reduction without slowing the business. Significant life sciences audit exposure (biopharma/CDMO, med device) from planning through leadership and execution; translate complex regulatory expectations into operational IT controls.

Overview

12
12
years of professional experience

Work History

Associate Director

Protiviti
San Francisco Bay Area
04.2020 - Current
  • Company Overview: IT Internal Audit & Financial Advisory
  • Own management testing & QAR across ~70 SOX apps/quarter; reduce findings before external audit.
  • Build IT governance mapped to SOX/ITGC; align to NIST/ISO 27001.
  • Lead IT risk assessments, SoD, emergency access, and periodic access reviews across ERP/key systems.
  • Improve change management (risk-based gating, evidence automation, ticket quality).
  • Run audit readiness (internal/external); manage issues to timely closure and prevent recurrences.
  • Deliver exec dashboards for audit posture, risk heatmaps, remediation velocity (Power BI/Tableau).
  • Partner with Cybersecurity & Legal/Privacy; streamline evidence and minimize duplicate testing.
  • Lead and mentor teams; manage staffing and budgets on multi-million-dollar programs.
  • Life sciences portfolio: pharma/biotech/CDMO; align to GxP, Part 11, ALCOA+; collaborate with Quality/CSV (URS/FS/DS, IQ/OQ/PQ, traceability, ER/ES).
  • Harden ERP/EBR/MES/LIMS controls (SoD, access reviews, change control for validated systems) while maintaining release agility.
  • Prepare for FDA/EMA & Big 4 audits; close findings on time; prevent repeats.
  • IT Internal Audit & Financial Advisory

Senior IT Advisory

KPMG US
07.2013 - 03.2020
  • Company Overview: Senior IT Advisory
  • Tech risk, IT audit & compliance across financial services, technology, and life sciences.
  • Lead SOX 404 ITGC & automated control testing; resolve design gaps and elevate evidence quality.
  • For life sciences: map controls to Part 11; support risk-based validation and data-integrity remediation.
  • Implement controls libraries and standardized testing; shorten audit cycles.
  • Senior IT Advisory

Senior Security Specialist

E*TRADE (now Morgan Stanley)
San Francisco Bay Area
04.2016 - 05.2018
  • Company Overview: Senior Security Specialist
  • Support security & compliance initiatives; harden access controls.
  • Improve IAM reviews and evidence automation.
  • Senior Security Specialist

Education

M.S. - Information Systems

Santa Clara University, Leavey School of Business
07-2013

B.S. - Nuclear Physics

University of Tehran
01.2009

Skills

  • SOX 404
  • ITGC
  • ERP SoD & Access Controls
  • Automated Business Controls
  • IT Risk Assessments & Control Design
  • Audit Readiness
  • Change Management for Production/Validated Systems
  • Issue Management & Remediation
  • Policies/SOPs & IT Governance
  • GRC
  • Identity & Access
  • Cloud Compliance
  • Metrics & Dashboards
  • Vendor/Third-Party Risk
  • Training & Awareness

Websites

Selected Achievements

  • Pre-test/QAR model reduced audit findings and rework before external testing.
  • Raised access-control maturity (SoD rulesets, firefighter access, quarterly reviews).
  • Accelerated remediation via issue triage, SLAs, and dashboards.
  • Fewer release exceptions through risk-based change-control & better evidence templates.
  • Life sciences: Part 11/GxP readiness; better validation/change-control docs; eliminated recurring data-integrity issues.
  • Led FDA/EMA & Big 4 readiness; closed findings within SLAs; prevented repeats.

Regulatory And Standards

  • SOX (expert)
  • GxP/CSV & FDA 21 CFR Part 11 (substantial exposure)
  • GDPR/HIPAA (working knowledge)
  • NIST CSF & ISO 27001 (aligned)

Core Capabilities

  • SOX 404 / ITGC
  • ERP SoD & Access Controls (SAP/Oracle)
  • Automated Business Controls
  • IT Risk Assessments & Control Design
  • Audit Readiness (internal/external)
  • Change Management for Production/Validated Systems
  • Issue Management & Remediation
  • Policies/SOPs & IT Governance
  • GRC (ServiceNow/Archer or equivalent)
  • Identity & Access (Azure AD/Okta/SailPoint)
  • Cloud Compliance (AWS/Azure/GCP)
  • Metrics & Dashboards (Power BI/Tableau)
  • Vendor/Third-Party Risk
  • Training & Awareness

Timeline

Associate Director

Protiviti
04.2020 - Current

Senior Security Specialist

E*TRADE (now Morgan Stanley)
04.2016 - 05.2018

Senior IT Advisory

KPMG US
07.2013 - 03.2020

M.S. - Information Systems

Santa Clara University, Leavey School of Business

B.S. - Nuclear Physics

University of Tehran
PARASTOO JAVADI