Ganesh Lukney

Results-driven IT Auditor / ITGC Analyst / IT Compliance Analyst / IT Risk Analyst / GRC Analyst / SAP Security Consultant with 3 years of experience in IT General Controls (ITGC) testing, SOX 404 compliance, SAP Security, and Governance, Risk & Compliance (GRC). Demonstrated expertise in designing and executing risk-based audit plans, conducting walkthroughs, Test of Design (TOD), Test of Effectiveness (TOE), control testing, and remediation strategies across access management, change management, and IT operations controls. Proven track record of reducing SOX deficiencies through root cause analysis, continuous monitoring, and remediation tracking.

Skilled in SAP GRC access control reviews, privileged access reviews, Segregation of Duties (SoD) analysis and conflict resolution, and supporting SOC 1 Type II, SOC 2, and ISO 27001 compliance audits. Experienced in developing and maintaining Risk & Control Matrices (RCM), control narratives, audit documentation, and stakeholder reporting. Adept at communicating audit findings to senior stakeholders, collaborating with cross-functional teams, strengthening internal controls, and driving compliance excellence across enterprise environments.

IT Audit Analyst at BMS Info Solutions Pvt Ltd (2023-07 – Present)

• Executed TOD and TOE testing for 40+ SOX ITGC controls across Access Management, Change Management, and IT Operations domains within a large enterprise environment.
• Conducted quarterly Privileged User Access Reviews for SAP ECC 6.0, identifying Segregation of Duties (SoD) conflicts and driving remediation actions through to closure.
• Performed SAP GRC access control reviews to detect SoD conflicts and recommend appropriate remediation strategies to control owners and IT leadership.
• Supported SOC 1 Type II and SOC 2 audits, testing internal controls for design and operational effectiveness in accordance with AICPA guidelines.
• Reviewed and updated Risk & Control Matrices (RCMs) and control narratives to ensure alignment with SOX 404 and ISO 27001 compliance requirements.
• Validated IT Application Controls (ITAC), including automated and configurable controls, within SAP environments.
• Coordinated with 3+ external audit teams, achieving 100% on-time evidence submission and zero audit delays.
• Prepared and presented monthly and quarterly compliance dashboards covering remediation status, open items, and upcoming audit schedules to senior stakeholders.
• Streamlined audit evidence collection processes, reducing cycle time and improving evidence quality through continuous process improvement.
• Escalated control gaps and observations to IT leadership, ensuring timely risk resolution and issue closure.
• Utilized AuditBoard, ServiceNow, ArcherGRC, SAP GRC, and Excel-based templates for efficient audit program management.
• Conducted ITGC control assessments and performed TOD and TOE testing across Access Management, Change Management, and Backup Operations control domains.
• Supported SOX 404 audits by testing internal controls for applications and infrastructure, including SAP ERP environments.
• Collaborated with control owners to collect audit evidence, communicate control gaps, and track remediation efforts through to closure.
• Prepared walkthrough documentation, control narratives, and Risk & Control Matrices (RCMs) for SOX and ISO 27001 compliance programs.
• Conducted quarterly and annual control assessments, maintaining up-to-date RCMs and SOPs to reflect business and regulatory changes.
• Developed and updated control narratives, standard operating procedures (SOPs), and policies to support IT governance frameworks.
• Drafted and presented risk matrices and test results to senior auditors and stakeholders, ensuring clear communication of audit findings.
• Coordinated with external auditors and internal compliance teams to align audit timelines and evidence quality standards.
• Recommended and implemented process improvements based on lessons learned during testing cycles, increasing audit efficiency.

B. tech in Biotech – Mahatma Gandhi College of B. tech & Biotech (2020)