Sai Gadia

Sailesh (Sai) is a Partner in KPMG’s Technology Risk practice with over two decades of Information Technology (IT) risk, cybersecurity, and management advisory experience. His current and past clients include some of the leading entities in healthcare, insurance, consumer goods, retail, banking, investment management, and energy.

Professional and Industry Experience

He led the incubation of KPMG’s Cloud Risk Consulting offerings in the United States and is the architect of KPMG’s global Cloud Governance and Controls Assessment (CGCA) methodology.

Cloud Security and Risk Consulting engagements

• Led several engagements to craft Cloud Computing policy, information security design and configuration, cloud usage surveys, and cloud vendor governance programs involving AWS, Azure and GCP.
• Led IT architecture reviews of public cloud migrations for various organizations including one of the world’s leading provider of financial services, a Fortune 100 international retailer, and a Top 5 Bank in the United States.
• Led several engagements to assess the current state of Cloud Computing Governance at large global organizations and present roadmap and recommendations to senior leadership and Board of Directors.
• Led several engagements to help clients design and implement controls for SAAS cloud-based ERP software implementations.
• Assessed an international funds transfer company’s project/ program management processes, including people, processes, and technology. Provided recommendations and roadmap for improvements and attaining their future state requirements.
• Conducted pre- and post-implementation assessments in order to identify sources of risk and provide practical alternatives to mitigate and remediate risks. In addition, provided strategic planning for go-live cutover activities, post-go-live monitoring, system testing, and production planning.

Publications and Speaking Engagements

• CIO.com article on ‘No Longer If, But When: Companies Must Adopt Cloud or Be Left Behind’
• CIO.com article on ‘Taking control of cloud ERP’
• Editorial Adviser of the ISACA Journal and AICPA Journal of Accountancy.
• Invited to speak at the Financial Services-Information Sharing and Analysis Center (FS-ISAC) Cloud Security Working Group on February 20, 2018.
• Coauthor of the book “IT control objectives for cloud computing” published by the Information Systems Audit and Controls Association (ISACA).
• Speaker at the SIFMA Annual conference in New York, March 2017.
• Speaker at the ISACA North American Computer Audit, Control and Security (NACACS) conference in April 2013.
• Invited to speak on Cloud computing benefits and risks at the FEI Twin Cities monthly meeting on January 10, 2012.
• Authored article on “Cloud Computing Risk Assessment” in Volume 4, 2011 of the ISACA Journal.
• Authored article on “Cloud Computing – An auditor’s perspective” in Volume 6, 2009 of the ISACA Journal.
• Speaker at the North American Computer Audit, Control and Security (NACACS) conference in April 2010.
• Invited to speak at Creighton University, College of Business Administration’s Information Security Assurance Lab on March 9, 2010.