SOX 404 IT Audit & GRC Consulting at EY

As an Assistant Manager at EY (July–December 2025), I led and executed SOX 404 IT audit engagements for U.S.-based clients in the financial services sector, specifically insurance and banking. Work spanned regulatory compliance, control testing, data privacy, and AI-adjacent consulting.

Executed SOX 404 IT audits across multiple engagements, supporting regulatory compliance and audit objectives for large financial services clients. Coordinated with cross-functional stakeholders to perform SOX testing of Business Continuity and Disaster Recovery (BC/DR) plans, assessing process compliance and control effectiveness.

Performed data analysis using VLOOKUP and Pivot Tables to identify potential active system access for terminated users — a critical risk area in banking and insurance environments where access control failures can trigger regulatory findings.

Developed Risk and Control Matrices (RCMs) for Data Privacy controls in alignment with CCPA and Federal Trade Commission (FTC) requirements, helping clients build defensible compliance frameworks.

Conducted Test of Design (TOD) and Test of Effectiveness (TOE) for IT security controls including:

User access management

Vulnerability management

Segregation of duties (SOD)

Identity and Access Management (IAM) across multiple applications

Validated IT audit issues and tracked management remediation related to BC/DR and cybersecurity audits through closure, ensuring findings were resolved and documented for audit sign-off.

Contributed as a Generalist on the Mercor Intelligence project, applying analytical and consulting skills in an AI-focused engagement.