Nikhil Singh

Results-driven IT Audit and Compliance Professional with nearly a decade of experience spanning Big-4 consulting, global secondments, and Fortune-500 engagements. Specialises in Governance, Risk Management, and Compliance (GRC), leading end-to-end audits across IT General Controls (ITGC), IT Application Controls (ITAC), IT Security Assessments (ITSA), and complex regulatory programmes. Deep practitioner expertise across SOX (PCAOB/ISA), ISO 27001, SOC 1 & 2, COBIT, GDPR, PCI-DSS, and NIST.

Proven ability to automate compliance workflows, operationalise control frameworks, and deliver measurable risk reduction across on-premises, SAP, Oracle, SaaS, and multi-cloud environments.

Senior SOX Analyst - Insight Global (via Hire IT)

(2025-06)

• Lead end-to-end IT compliance and audit-readiness engagements across ERP platforms, enterprise applications, operating systems, and databases, ensuring full alignment with SOX, SOC 1/2, and internal risk frameworks; coordinate directly with technical owners and business stakeholders to close control gaps on schedule.
• Designed and automated audit workflows and evidence-collection processes using custom scripts and tooling enhancements, materially reducing manual effort, improving accuracy, and accelerating readiness cycles for recurring audits and control-testing programmes.
• Executed comprehensive controls testing and gap remediation for SOX and SOC assessments, covering access management, change management, IT operations, security configurations, and system-level controls across complex application and infrastructure landscapes.
• Collaborated with cross-functional teams — ERP, security, infrastructure, and application owners — to streamline compliance processes, implement control improvements, document technical procedures, and support continuous monitoring at scale.

Assistant Manager 2 (Secondment – UK) - Deloitte India - UK

(2021-11 - 2025-06)

• Developed and implemented IT compliance frameworks ensuring adherence to SOX (PCAOB, US GAAP, ISA), CIA, ISO 27001, SOC 2, and COBIT; partnered closely with finance leadership and key stakeholders to sustain effective IT governance across SAP-centric environments.
• Designed Risk Control Matrices (RCMs) aligned with ITGC, SOX, SOC, ISAE 3402, and industry-standard security frameworks, enhancing ERP governance and elevating control assurance across client portfolios.
• Built scripted automation for compliance testing and data extraction, significantly improving audit efficiency and enabling timely remediation and documentation.
• Managed Identity and Access Management (IAM) controls supporting identity governance, user access reviews, and Segregation of Duties (SoD) analysis across multiple enterprise workstreams.
• Evaluated cloud security posture (AWS, SaaS, Azure) and strengthened CI/CD governance, hardening the organisation's IT compliance and cybersecurity stance.
• Led cross-functional teams to deliver risk management strategies, ensure cybersecurity compliance, and drive IT process improvements across ERP systems, consistently meeting project deadlines and deliverables.
• Recognised with the Arjuna Award for Change & Innovation and the Move-the-Dot Award for cross-team collaboration and measurable business impact.

Associate Consultant – Management Consulting (Transformation) - KPMG Global Services - Pune

(2021-04 - 2021-08)

• Implemented Information Security Management System (ISMS) policies and conducted IT risk assessments, leading the client to achieve ISO 27001 certification.
• Developed vendor risk management frameworks aligned with SOC 2, GDPR, and IT compliance policies, strengthening third-party governance.
• Evaluated SaaS platform solutions and secured AWS and Azure environments via CI/CD pipelines for federated compliance governance, collaborating with DevSecOps teams.
• Automated security controls using Terraform and Kubernetes, enhancing multi-cloud compliance and reducing configuration-drift risk.

Corporate Vendor Management – IT - FoodCloud.in

(2016-07 - 2018-05)

• Managed vendor risk, GRC, and third-party assurance programmes encompassing SOC 2, ISO 27001, SOX, and BCMS, reinforcing IT compliance and information-security frameworks.
• Led IT security assessments, user access reviews, third-party due diligence, and cloud security audits, promoting governance, regulatory adherence, and ISMS certification.
• Developed IT risk assessment models to identify vulnerabilities and implemented control enhancements, improving compliance with both internal policies and external regulatory requirements.

Master of Science - Cyber Law & Information Security - National Law Institute University (NLIU) (2019 - 2021)

Bachelor of Technology - Entrepreneurship & Management - NIFTEM, Haryana (National Institute of Food Technology, Entrepreneurship & Management) (2012 - 2016)