Sravani Varanasi

A skilled ITGC Analyst with 7+ Years of experience in conducting IT audits, risk assessments, and control reviews to ensure compliance with regulatory standards like SOX, COBIT, and COSO. Adept at collaborating with cross-functional teams to secure data integrity, system security, and operational efficiency.

Consultant I at Deloitte & Touche LLP (2025-08 – 2025-10)

• Strong understanding of IT General Controls (ITGC), general business controls, and cyber security risk management frameworks.
• Working knowledge of ISO 27001 (Information Security Management) and ISO 22301 (Business Continuity Management) standards.
• Hands-on experience in drafting SOC 1 Type II (basic) and SOC 2 Type II reports, including documentation of control design and operating effectiveness.
• Supported SOC attestation engagements by gathering evidence, validating controls, and coordinating with internal and external stakeholders.
• Basic understanding of Third-Party Risk Management (TPRM) including vendor risk assessment and control evaluation.
• Foundational knowledge of IT infrastructure and security components including firewalls, antivirus solutions, databases, and cloud-based environments.
• Conducted detailed walkthroughs with US-based clients and process owners to understand business processes, assess control design, and obtain supporting evidence.
• Developed comprehensive audit workpapers, performed gap analysis, and prepared clear, concise audit documentation for external CPA review.
• Proficient in GRC and workflow tools such as ServiceNow, OneTrust, and Archer for risk assessments, issue tracking, and remediation management.
• Experience in leading and reviewing work performed by small teams, ensuring quality, consistency, and adherence to audit methodologies and delivery timelines.

Associate 2 at PwC (2022-09 – 2025-08)

• Conduct in-depth reviews of IT General Controls (access controls, privilege tests, change management) to ensure compliance with industry standards (SOX compliance).
• Supported SOC 2 Type II report preparation, collaborating with change management and business control teams.
• Prepared clear and structured internal audit reports and coordinated with US clients for evidence submissions and control testing discussions.
• Ensured compliance testing aligned with US SEC and AICPA standards.
• Perform IT risk assessments, identify control deficiencies.
• Review user access management and segregation of duties (SoD) to safeguard system integrity.
• Assist in preparing for external audits by ensuring IT processes comply with regulatory frameworks like COBIT, COSO, and ISO 27001.
• Proficient with Salesforce, ServiceNow, and Archer for audit workflows and risk assessment.
• Performed control testing, compliance and quality audits, risk assessments, and internal audits using Archer and supported Business Continuity Planning activities.
• Conduct periodic control testing for control gaps, ensuring timely resolution.
• Cross team trainings to emphasize on the importance of internal controls and compliance.
• Conduct in-depth reviews of employee, their immediate family and their dependent financials and evaluate that everything is reported in the system to comply with audit standards AICPA and PCAOB.
• Review the evidence provided by staff and identify any exceptions and document the exceptions for further disciplinary procedures.

Conflict and Brand Protection Executive at Deloitte US Consulting India Offices (2022-03 – 2022-08)

• Conducted Risk Assessments and Enhanced Due Diligence (EDD).
• Worked on Suspicious Activity Reporting (SAR) process.
• Utilized advanced data analysis technique to proactively monitor and analyze large volumes of transactions as part of AML checks.
• Mailing client/CRO for the missing information and confirmation on the publicly available information.

Senior Research Associate at Shore Infotech Private Limited (2013-06 – 2016-02)

• Reviewed the client portfolios and compliance documents to perform risk assessment of the client to onboard them for 'Restricted Trades' and 'Deals'.
• Skilled in performing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) on client portfolios.
• Worked on Sanction Screening.
• Was responsible to process compliance documents obtained from client firms and put up the firms for trades and deals.
• As a part of processing the compliance documents, perform KYC, AML, CDD, EDD, Sanction checks.
• Speak to the C-level staff of the client firms for any further clarifications regarding funds managed, firm hierarchy, mergers and acquisitions and other information related to client firm to process the compliance documents provided.
• Preparation of 'Standard Operating Procedures.'
• Training new joiners and peers. Also, gave cross trainings for internal teams.
• Worked on weekly and monthly performance reports for the team.
• Managed the team in absence of 'Team Lead.'
• Escalating negative hits resulting through Google Search & Lexis Nexis report to the compliance and seeking mitigation.

Customer Service Executive (Part-Time) at HSBC (2008-05 – 2013-05)

• Handled customer calls for any fraud on their accounts. Investigate the accounts for fraudulent activities.
• Transaction Monitoring on customer accounts to identify any suspicious activity, Anti-Money Laundering.
• Reviewed existing clients to ensure that their documentation is up to date.
• Gathered client documentation from Relationship Managers in UK to perform EDD checks.
• Performed KYC screenings on customers and documented the information obtained.
• Identified and highlighted cases, red flags, and patterns associated with the laundering of illicit funds.
• Was also responsible for 'Fraud Chargebacks.'
• Initially, was responsible to work on credit card disputes from customers.

MBA in Human Resources Management and Marketing – Samatha College, Andhra University (2011-06 – 2013-06)