Open to opportunities

Ashish Maheshwari

@ashishmaheshwari

Message

IT Risk and Compliance Manager specializing in IT audits, ITGCs/ITACs, and J-SOX/ICFR delivery.

Netherlands

Message

What I'm looking for

I’m looking to drive end-to-end IT risk and compliance programs—especially J-SOX/ICFR—partnering with auditors and stakeholders to strengthen ITGC/ITAC testing, remediate control gaps, and build a sustainable, risk-aware internal control culture.

I’m an IT Risk and Compliance Manager with over 9 years of experience in IT Audits, IT Risk management, and IT Compliance. My work centers on IT General Controls (ITGCs) and IT Application Controls (ITACs), including SOX/J-SOX reporting, SOC (Type 1 & 2), ISAE 3402 engagements, and Internal Control over Financial Reporting (ICFR).

In my current role at Eneco, I own the end-to-end J-SOX compliance program, oversee design and operational effectiveness testing of ITGCs across Change Management, Access Management, and HR lifecycle processes, and act as the primary point of contact for the external auditor during annual J-SOX cycles. I continuously identify control gaps, lead remediation through risk/control frameworks like Risk Control Matrices (RCMs) and process narratives, and build stakeholder alignment across IT, Finance, and Operations to embed a risk-aware culture.

Experience

Work history, roles, and key accomplishments

Current

IT Risk and Compliance Manager

Current

Eneco

Apr 2024 - Present (2 years 2 months)

Own the J-SOX compliance program, overseeing design and operational effectiveness testing of ITGCs across change, access, and HR lifecycle processes for critical ERP and financial systems. Coordinate with the external auditor and lead control gap remediation while maintaining the IT risk and control framework.

J SOX Compliance Change Management Access Management HR Lifecycle Controls External Audit Coordination Walkthroughs Control Gap Remediation Risk Frameworks

Risk and Internal Control Officer

Worldline Global

Oct 2022 - Mar 2024 (1 year 5 months)

Serve as a second-line-of-defence risk function, conducting design and operational testing of internal controls across key business cycles including procure-to-pay, order-to-cash, and HR processes. Manage ISAE 3402 and ICFR engagements and maintain risk documentation such as process flowcharts and RCMs.

Internal Controls Procure To Pay Order To Cash HR Processes Flowcharting ISAE 3402 Engagements

Risk Advisory Junior Manager

Deloitte Risk Advisory BV

Jun 2021 - Sep 2022 (1 year 3 months)

Lead IT risk advisory engagements for multinational clients, including SOX external audit support and ITGC assessments across technology and media industries. Execute ITGCs across access, change, job scheduling, and network operations and perform application control reviews, segregation of duties analysis, and interface testing.

SOX (PCAOB) Support ITGC Access Management Change Management job scheduling Network Operations Segregation Of Duties Analysis IPE IUC Assessments Mentoring Junior Team Members

Assistant Manager, Risk Advisory

Deloitte Touche Tohmatsu India LLP

Jan 2021 - May 2021 (4 months)

Execute SOX and management testing engagements, including walkthroughs, risk identification, and operating effectiveness testing documented in risk and control matrices. Manage engagement delivery from planning through reporting and ensure adherence to regulatory compliance and internal policies.

SOX Testing Test Management Walkthroughs Control Design Risk And Control Matrices Regulatory Compliance Internal Policies

IT Risk Consultant

EY India LLP

Aug 2017 - Jan 2021 (3 years 5 months)

Lead and deliver IT risk engagements including SOX audit support, ISAE 3402 reviews, computer system validations, and SAP consulting across multiple client sectors. Evaluate business processes, assess risks, test IT and business process controls, and deliver an end-to-end SAP S/4HANA Plant Maintenance (PM) implementation.

SAP Consulting SAP S 4HANA Plant Maintenance (PM) Implementation Audit Methodology