Open to opportunities

Anamika Roy

@anamikaroy1

Message

IT audit and GRC executive building enterprise risk programs, cyber governance, and SOX controls.

United States

Message

What I'm looking for

I’m looking to lead enterprise IT audit and GRC programs that strengthen cyber, cloud, AI governance, and privacy controls—partnering with CISOs and board stakeholders, building teams, and improving quality through risk-based analytics.

I’m an IT Audit, Security & GRC Executive with 20+ years of progressive leadership across Big 4 (Deloitte, PwC, BDO), global insurance, and manufacturing. I build IT audit and risk governance functions from the ground up, led SOX IT control programs across 250+ controls and 16 subsidiary entities, and direct cybersecurity, cloud, AI governance, and data privacy audits at the enterprise level.

Trusted as an advisor to audit committees, risk committees, and CISOs, I translate complex technology risks into board-level insights and drive enterprise risk frameworks aligned to NIST CSF, ISO 27001, and CRI. I combine deep regulatory expertise (SOX, NIST CSF, ISO 27001, GDPR, HIPAA, PCI, NYDFS, DORA) with hands-on technical proficiency across major platforms, while mentoring teams and enhancing audit quality through continuous monitoring and risk-based analytics.

Experience

Work history, roles, and key accomplishments

Director, IT Audit

Old Republic General Services

Jan 2024 - Mar 2026 (2 years 2 months)

Established a centralized IT audit function, consolidating IT audit operations across 4 regions into one program. Owned the enterprise SOX IT controls (250+ controls across 16 subsidiaries), directed cybersecurity/AI governance audits, and delivered Power BI dashboards for real-time testing visibility to Audit and Risk Committees.

SOX ITGC ITAC IT Governance Cybersecurity Risk Power BI HIPAA compliance Cloud SDLC Audits

Assistant Vice President, IT Audit

Zurich Insurance Company

Jan 2020 - Jan 2024 (4 years)

Directed 12–15 cybersecurity, privacy, cloud, and emerging-technology audits across the US and Canada, averaging 4–5 engagements per year. Led a team of 4, achieved zero material findings in external QAIP by strengthening quality assurance, and reported risk trends to Audit and Risk Committees.

& Privacy Cloud Security Emerging Technology Audits SDLC DevOps Controls Quality Assurance Risk Committee Reporting Team Leadership

IS Audit Senior Manager

BDO USA, LLP

Jan 2018 - Jan 2020 (2 years)

Managed up to 4 concurrent client engagements and 15–20 total clients across SOX, SOC, HIPAA/HITRUST, GDPR, PCI, and forensic audits. Built and standardized an IT SOX program for Erie Insurance and designed 10+ audit programs aligned to COBIT/COSO/NIST/ITIL.

COBIT COSO NIST HIPAA

IT & Internal Audit Manager

Navistar, Inc.

Jan 2017 - Jan 2018 (1 year)

Managed SOX compliance for 500+ IT controls across SAP, Oracle, JD Edwards, Workday, AS400, and homegrown applications. Implemented co-sourced testing to meet auditor milestones, assessed security controls for new system implementations, and deployed Tableau analytics to improve T&E and journal entry anomaly detection.

SOX Controls Change Management Controls Testing Tableau SAP Oracle Workday AS400 Data Analytics

Risk Advisory Manager

BDO USA

Jan 2016 - Jan 2017 (1 year)

Managed GITC, automated controls, and SOC report reviews for SOX clients across financial services and manufacturing.

GITC Testing SOC SOX Compliance Risk Advisory

Systems & Process Assurance Mgr

PwC

Jan 2015 - Jan 2016 (1 year)

Led SOX and assurance engagements, redesigning RCMs and process flows for complex enterprise environments and resolving segregation-of-duties (SOD) conflicts in SAP. Developed mitigating controls for a high-profile client.

SOX RCM Design SAP Controlling Audit Methodology Risk Management

Deputy Manager, Enterprise Risk

Deloitte

Jan 2014 - Jan 2015 (1 year)

Delivered IT risk assurance including GITC reviews, automated control testing, and IT risk transformation for global financial institutions. Contributed to IT risk governance and control improvement engagements across client environments.

GITC Reviews Automated Testing IT transformation Governance Controls Testing

Integrated Auditor (Corporate Audit)

Sealed Air Corporation

Jan 2013 - Jan 2014 (1 year)

Led SOX and operational audits across multiple facilities and performed SAP implementation reviews in LATAM. Supported audit planning, fieldwork, and issue remediation recommendations.

Operational Audits SAP Implementation Reviews Internal Audit