Gopalakrishna G

Results-driven IT Audit and Governance, Risk, and Compliance (GRC) professional with around 10 years of overall experience, including strong expertise in SAP GRC, IT General Controls (ITGC), Third-Party Risk Management (TPRM), ISO 27001 internal audits, access governance, and compliance assessments. Experienced in supporting internal and external audits, performing control validations, conducting risk assessments, and ensuring compliance with information security and governance standards. Demonstrated ability to bridge business operations and IT controls through a unique combination of manufacturing operations experience and audit compliance expertise.

Strong understanding of ERP-driven business processes, SAP access governance, user access reviews, Segregation of Duties (SoD), vendor risk assessments, audit evidence validation, and information security governance.

Internal Auditor – TPRM & ISO 27001 at Capgemini (2023-03 – 2026-04)

• Executed Third-Party Risk Management (TPRM) assessments for vendors and service providers by evaluating security, operational, and compliance risks.
• Reviewed vendor security artifacts including ISO 27001 certifications, SOC reports, information security policies, vulnerability assessment reports, business continuity documents, and compliance evidence.
• Conducted ISO 27001 internal audits to assess the effectiveness of Information Security Management System (ISMS) controls and organizational compliance posture.
• Coordinated audit activities including planning discussions, walkthroughs, evidence collection, control validation, observation tracking, and remediation follow-ups.
• Analyzed audit evidence such as access review reports, screenshots, approval records, system-generated reports, and policy documents to ensure compliance with audit requirements.
• Identified control gaps, documented observations, and discussed remediation recommendations with stakeholders.
• Collaborated with internal teams, business owners, and security teams to support governance initiatives and improve control effectiveness.
• Supported internal and external audit readiness activities by ensuring timely availability of required evidence and documentation.

SAP GRC -Internal Audit Analyst at Gabriel India Limited (2021-12 – 2023-02)

• Supported SAP GRC and IT audit activities focused on access governance, IT controls, and compliance monitoring.
• Performed User Access Reviews (UAR) to validate user access appropriateness and identify excessive or unauthorized access.
• Assisted in Segregation of Duties (SoD) analysis and collaborated with stakeholders for remediation and mitigation activities.
• Reviewed user provisioning, role modifications, access removals, and privileged access management processes.
• Validated compliance of SAP access management activities against organizational policies and audit requirements.
• Coordinated with business users, process owners, and application teams during internal and external audits.
• Collected, reviewed, and validated audit evidence including access reports, approval records, screenshots, and system-generated logs.
• Supported ITGC assessments related to logical access controls, user management, password compliance, and approval workflows.
• Assisted in audit observation tracking, remediation follow-ups, and governance reporting activities.
• Participated in improving access governance and compliance monitoring processes within SAP ERP environments.

Production Planning / Material Management / Supply Chain Operations at Gabriel India Limited (2016-06 – 2021-01)

• Managed production planning and material coordination activities to support uninterrupted manufacturing operations.
• Coordinated with procurement, warehouse, logistics, and production teams to ensure timely material availability.
• Monitored inventory levels, material movements, production schedules, and supply chain activities to support operational efficiency.
• Worked extensively on ERP-driven operational processes related to production planning, inventory management, and material transactions.
• Prepared operational reports, tracked production status, and supported management review activities.
• Collaborated with cross-functional teams to minimize production delays and improve process efficiency.
• Participated in operational process improvement initiatives and compliance-related activities.
• Developed strong understanding of end-to-end business processes, ERP workflows, and process-level controls.
• Gained practical exposure to business operations which later helped in understanding risk, control, and audit perspectives.

Bachelor's Technology – Acharya Nagarjuna University (2019)

Diploma Engineering – Government Polytechnic college (2016)