Summary

Overview

Work history

Education

Skills

Certification

Timeline

Sonali Jayswal

Dubai,UAE

Summary

Results-driven IT Audit Manager with proven expertise in IT systems, risk management, and cybersecurity practices. Skilled in leading cross-functional teams and implementing robust audit frameworks to strengthen IT governance, reduce vulnerabilities, and enhance regulatory compliance. Demonstrated success in transforming audit processes to improve operational efficiency and foster a culture of continuous improvement. Recognized for strong analytical thinking, problem-solving capabilities, and commitment to safeguarding information assets and driving organizational resilience.

Overview

years of professional experience

Certification

Work history

Associate IT Audit Manager, Internal Audit

Juma Al Majid Holding Group L.L.C

Dubai

02.2025 - 06.2025

Assist the Group Chief Audit Officer in developing a risk-based IT audit plan.
Perform general and application control reviews for IT applications and systems across JAM subsidiaries.
Review IT policies, procedures, change management, and configuration management processes; develop recommendations to strengthen controls and improve IT governance.
Support the audit team in data extraction from ERP systems, data mining, and analytics using Excel or audit tools such as ACL for non-IT audits and special engagements (ad-hoc reviews, investigations, etc.).
Conduct IT security audits to assess risks related to cyber threats, data leakage, unauthorized access, and other security concerns; contribute to testing security controls and recommending improvements.
Ensure timely completion of audit engagements within agreed budgets; maintain regular communication with Internal Audit Manager and IT Audit Manager on project timelines.
Develop audit working papers with clear documentation and sufficient evidence to support audit conclusions, in line with HIA methodology.
Prepare audit reports and communicate findings, risks, recommendations, and management responses; participate in presenting results and tracking remediation progress.

Senior Consultant, Technology Consulting

Protiviti Middle East Member Firm

Dubai

01.2024 - 01.2025

Managed end-to-end proposal processes, including conducting clarification calls, drafting proposals based on scope of work, delivering proposal presentations, and estimating budgets.
Implemented end-to-end Business Continuity Management Systems (BCMS) for strategic clients across the GCC in line with ISO 22301 and UAE's NCEMA standards. Led on-ground activities across project lifecycles and developed risk impact matrices to mitigate potential project risks. Supported clients during external audits and ISO 22301 certification processes.
Conducted gap analyses, reviewed and drafted Business Continuity Plans and ISO 22301 controls, and performed Business Impact Analysis, Threat Assessment, Site Risk Assessments, and IT Risk Assessments.
Developed Disaster Recovery strategies for IT disaster recovery setups, aligning with business-defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for critical applications.
Performed audits in accordance with ISO 20000 standards, focusing on Information Technology Service Management (ITSM) processes and controls within client IT departments.
Reviewed the effectiveness of ITSM controls, including Asset & Configuration Management, Service Catalogue Management, Business Relationship Management, Service Level Management, Supplier Management, and Information Security Management.
Provided recommendations to enhance the design, delivery, operation, and control of IT services based on audit findings.
Executed ISO 20000:2018 and ISO 27001:2013 implementations for an Abu Dhabi government entity, ensuring compliance with ISO requirements, preparing mandatory documentation, and supporting external audit and certification.
Conducted IT Risk Assessments for UAE government and private sector entities in alignment with local regulatory requirements. Developed Risk Registers, Process Universes, IT/IS Audit Plans, and identified risks across IT processes, applications, infrastructure, projects, information security, and ICS governance. Categorized risks based on impact and likelihood.

Consultant, Technology Consulting

Protiviti Middle East Member Firm

Dubai

01.2023 - 12.2023

Managed and reviewed the RCSA program related to application and infrastructure for various government, semi-government, and private entities across industries such as banking, financial services, and information technology in the UAE and India.
Performed IT audits including tests and reviews covering IT Governance, IT Risk Assessments, IT Strategy, IT Infrastructure Management, IT Application Management, Change Management, Backup Management, Minimum Security Baseline Review, Configuration Management Review, Log Management, Incident Management, Patch Management, IT Asset Management, and IT Compliance Management in alignment with ISO standards and frameworks.
Conducted testing and reviews for the Test of Design (TOD) and Test of Operating Effectiveness (TOE) of controls in accordance with ISO 27001:2013, NESA (UAE IA), and ISO 22301 standards.
Performed detailed IT Disaster Recovery (DR) audits, including assessment of IT DR policies and procedures, verification of alignment with business requirements, and review of Business Impact Analysis (BIA) to identify RTOs and RPOs for developing IT DR Plans.
Conducted Business Continuity audits by reviewing BCMS policies and procedures against NCEMA and ISO 22301 standards. Assessed controls related to BIA, recovery strategies, BCPs, IT DR Plans, BCM & IT DR testing, performance monitoring, and training plans. Evaluated client preparedness and response during the pandemic to ensure continuity of critical operations.
Conducted testing and reviews for various financial and in-house developed applications, including understanding application functionality and reviewing input, output, interface, processing, management, and IT general controls.

Consultant2, Management Consulting, and Risk Advisory

Ardent Advisory and Accounting

Dubai

03.2022 - 01.2023

Performed testing and documentation of IT Application Controls, Information Produced by the Entity (IPE), and Interface Controls through code reviews and IT Automated Control testing.
Prepared policies and procedures for a leading industry player in Dubai and provided recommendations for improvements aligned with future objectives.
Conducted risk assessments, developed Risk Control Matrices (RCMs), prepared working papers, and drafted internal audit reports, scope of work, engagement letters, proposals, and final presentations for a major holding group in Abu Dhabi.
Executed Continuous Control Monitoring, performed Segregation of Duties (SoD) analysis, and conducted ITGC reviews for UAE-based stakeholders.
Prepared and conducted reviews for UAE compliance audits, including The National Electronic Security Authority (NESA), National Emergency Crisis and Disaster Management Authority (NCEMA), BCM (ISO 22301), and IT General Controls audits.

Consultant, Technology Risk

Ernst & Young LLP

Pune, India

07.2021 - 12.2021

Served as Lead Consultant for engagements with clients in the insurance and investment banking sectors.
Managed complex Sarbanes-Oxley (SOX) and Internal Audit engagements, including budgeting, coaching team members, reviewing deliverables, overseeing engagement execution, managing client communications, resolving scope or conflict-related issues, and participating in all phases—planning, fieldwork, reporting, follow-up. Also provided IT audit training to staff.
Demonstrated expertise in IT General Controls, including logical access management, change management, computer operations, access recertification, and password management. Drafted risk, testing, and control documentation for IT Application Controls.
Identified technology risks and assessed related processes and controls for both design and operating effectiveness.
Coordinated with global stakeholders to review data lineage and IT controls around in-house applications, identifying risks across various business processes.
Assisted in proposal development, conducted internal team trainings, and contributed to knowledge-sharing initiatives by preparing learning materials leveraged across the practice.

Associate Consultant, Business Consulting

Ernst & Young LLP

Pune, India

07.2020 - 06.2021

Supported IT audit and Sarbanes-Oxley (SOX) engagements for clients in the insurance and investment banking sectors.
Assisted in planning, fieldwork, reporting, and follow-up phases of internal audits, while preparing working papers, testing controls, and documenting findings.
Contributed to IT General Controls testing, including logical access, change management, computer operations, and access recertification.
Assisted in drafting risk and control documentation for IT Application Controls and performed testing to assess design and operating effectiveness.
Coordinated with senior consultants and global stakeholders to gather data, understand in-house applications, and support risk identification related to business processes.
Participated in internal training programs and knowledge-sharing initiatives; supported proposal preparation and team documentation efforts.

Analyst 1& 2, Business Consulting

Ernst & Young LLP

Pune, India

10.2018 - 06.2020

Performed IT Risk Management and Internal Audit in line with BCBS 239 requirements for a leading investment bank. Coordinated with global stakeholders to review data lineage, assess IT controls around in-house applications, and identify risks across various business processes.
Conducted walkthroughs and performed Design and Implementation (D&I) testing for IT processes. Documented process flow descriptions and diagrams based on discussions with stakeholders, and recorded testing results in the client tool for interface and key control evaluation.
Executed SOX control testing for general IT controls, including the onboarding of applications. Liaised with application control owners across global locations to validate application scope and ensure control alignment.
Led end-to-end review processes—from scope definition to remediation—for identified gaps across IT domains such as disaster recovery, change management, incident management, and information security, based on vendor services and data access levels.

Education

Bachelor of Computer Applications - First Class Honors

Savitribai Phule Pune University

Pune

Skills

Interface & IT General Controls
Sarbanes-Oxley and Internal audit
ICOFR Framework
UAE Information Assurance Compliance - NESA audits
Financial Audit IT (FAIT)

ISO 27001 implementation and audits
ISO 22301 implementation and audits
NCEMA audits 7000:2021
IT Application controls
IT Security and Network Audits

Certification

CISA (Qualified)
Certified ISO 27001:2013
Certified ISO 22301: 2019

Timeline

Associate IT Audit Manager, Internal Audit

Juma Al Majid Holding Group L.L.C

02.2025 - 06.2025

Senior Consultant, Technology Consulting

Protiviti Middle East Member Firm

01.2024 - 01.2025

Consultant, Technology Consulting

Protiviti Middle East Member Firm

01.2023 - 12.2023

Consultant2, Management Consulting, and Risk Advisory

Ardent Advisory and Accounting

03.2022 - 01.2023

Consultant, Technology Risk

Ernst & Young LLP

07.2021 - 12.2021

Associate Consultant, Business Consulting

Ernst & Young LLP

07.2020 - 06.2021

Analyst 1& 2, Business Consulting

Ernst & Young LLP

10.2018 - 06.2020

Bachelor of Computer Applications - First Class Honors

Savitribai Phule Pune University

Sonali Jayswal

Summary

Overview

Work history

Associate IT Audit Manager, Internal Audit

Senior Consultant, Technology Consulting

Consultant, Technology Consulting

Consultant2, Management Consulting, and Risk Advisory

Consultant, Technology Risk

Associate Consultant, Business Consulting

Analyst 1& 2, Business Consulting

Education

Bachelor of Computer Applications - First Class Honors

Skills

Certification

Timeline

Associate IT Audit Manager, Internal Audit

Senior Consultant, Technology Consulting

Consultant, Technology Consulting

Consultant2, Management Consulting, and Risk Advisory

Consultant, Technology Risk

Associate Consultant, Business Consulting

Analyst 1& 2, Business Consulting

Bachelor of Computer Applications - First Class Honors

Similar Profiles

Hadi Al GhoulHadi Al Ghoul

GIBIN JOHNGIBIN JOHN

Amer Al MahmoudAmer Al Mahmoud

Shahbaz ArsalanShahbaz Arsalan

Sana MariamSana Mariam