Scribd
Upload
71 views4 pages

Infosys GRC Interview Preparation Complete

Uploaded by

coolbmohit999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
71 views4 pages

Infosys GRC Interview Preparation Complete

Uploaded by

coolbmohit999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Infosys GRC Interview Preparation – Mohit Yadav

1. IT Computer System Validation (CSV)

2. Audits & Compliance

3. Risk Management & Controls Assessment

4. Role-Specific & Behavioral Questions

5. General & HR Questions

What is Computer System Validation (CSV)? Why is it important?


Computer System Validation (CSV) is the process of ensuring that IT systems used in
regulated industries function as intended and comply with regulatory requirements such as
FDA 21 CFR Part 11. It ensures system reliability, data integrity, and compliance.

Can you explain the GAMP 5 framework? How does it apply to CSV?
GAMP 5 (Good Automated Manufacturing Practice) is a risk-based approach to validation. It
classifies systems into categories and provides guidelines on testing and documentation. It
helps ensure compliance in life sciences industries.

What are the different software lifecycle methodologies (Waterfall, Agile, DevOps), and how
do they impact CSV?
Waterfall follows a sequential approach, making validation straightforward but rigid. Agile
and DevOps involve iterative development, requiring continuous validation (e.g., automated
testing) to ensure compliance.

What is 21 CFR Part 11 compliance, and how does it relate to CSV?


21 CFR Part 11 is an FDA regulation that ensures the security and integrity of electronic
records and electronic signatures in regulated industries. CSV ensures that systems meet
these compliance requirements.

Can you walk us through an end-to-end validation process you’ve worked on?
The validation process includes:
1. User Requirements Specification (URS)
2. Functional Specification (FS)
3. Installation Qualification (IQ)
4. Operational Qualification (OQ)
5. Performance Qualification (PQ)
6. Validation Report
I've followed these steps to validate GxP systems in my projects.
What are IQ, OQ, PQ in validation? Can you provide an example of each?
IQ (Installation Qualification) ensures proper system installation.
OQ (Operational Qualification) verifies functionality under expected conditions.
PQ (Performance Qualification) confirms the system meets user requirements in real-world
scenarios.

What are some challenges you have faced while performing validation activities?
Challenges include:
- Managing validation in Agile environments
- Keeping documentation up to date
- Addressing audit findings
- Ensuring compliance with evolving regulatory standards

What are some key differences between internal and external IT audits?
Internal audits are conducted within the organization to ensure compliance and identify
gaps before an external audit. External audits are performed by independent auditors to
certify compliance with regulatory standards.

How do you ensure audit readiness for GxP systems?


Audit readiness involves:
- Maintaining up-to-date validation documentation
- Ensuring compliance with GxP and regulatory guidelines
- Regular internal audits and risk assessments
- Training teams on compliance requirements

What is an audit trail, and why is it important?


An audit trail is a secure, time-stamped record of system activities that ensures data
integrity, traceability, and compliance with regulatory standards such as 21 CFR Part 11.

Have you worked with GDPR or SOC 2 compliance? If so, what were your responsibilities?
Yes, I have experience with GDPR and SOC 2 compliance. My responsibilities included:
- Ensuring data protection measures were in place
- Managing access controls and audit logs
- Conducting periodic security and compliance assessments

Can you explain how Identity and Access Management (IAM) plays a role in compliance?
IAM ensures that only authorized users have access to critical systems, reducing security
risks and ensuring compliance with regulations like GDPR and SOC 2.

What are some common findings in IT audits, and how would you address them?
Common findings include:
- Lack of proper access controls
- Incomplete validation documentation
- Unsecured audit trails
To address these, I ensure continuous compliance monitoring, conduct training sessions,
and implement corrective actions.

What is the importance of risk management in IT compliance?


Risk management helps organizations identify, assess, and mitigate potential threats to IT
systems, ensuring compliance and business continuity.

How do you identify and mitigate IT risks?


I use risk assessment methodologies such as:
- Identifying critical assets and threats
- Performing impact analysis
- Implementing risk mitigation strategies

What are COBIT and NIST frameworks, and how do they apply to GRC?
COBIT is a framework for IT governance and management, ensuring IT aligns with business
objectives. NIST provides guidelines for cybersecurity risk management.

Can you explain a real-world scenario where you had to assess and manage a risk?
During a project, we identified a gap in access control. I implemented an IAM policy and
audit tracking system to mitigate unauthorized access risks.

How do you handle gap analysis for compliance and security?


I perform gap analysis by comparing current processes with regulatory requirements,
identifying gaps, and implementing corrective actions.

What was your role in Deloitte USI’s IT Quality & Compliance team?
I was responsible for executing validation activities, maintaining compliance
documentation, and collaborating with teams to optimize IAM protocols.

How did you collaborate with clients to optimize IAM protocols?


I conducted IAM risk assessments, implemented access controls, and provided training to
ensure regulatory compliance.

Can you share an experience where you had to work with cross-functional teams?
I worked with IT, compliance, and security teams to implement validation processes,
ensuring adherence to regulatory standards.

Tell us about a challenging project you worked on and how you resolved issues.
One challenge was managing compliance across different development methodologies. I
implemented automated validation scripts to ensure continuous compliance.

How do you stay updated with compliance regulations and industry trends?
I regularly review industry guidelines (FDA, ISO, GDPR) and participate in webinars and
training sessions.
Why do you want to join Infosys GRC team?
Infosys has a strong reputation in IT governance, risk, and compliance. I am eager to
contribute my skills in CSV, audits, and risk assessment while growing in a dynamic
environment.

Where do you see yourself in five years?


I see myself in a leadership role in IT compliance and risk management, contributing to
large-scale regulatory projects.

What are your salary expectations?


Based on my experience and industry standards, I expect a competitive package. However, I
am open to discussion based on the role’s responsibilities.

How do you handle pressure and tight deadlines?


I prioritize tasks, break them into smaller milestones, and maintain clear communication
with stakeholders to ensure timely delivery.

Do you have any questions for us?


Yes, I’d love to know more about the team structure and key challenges in the GRC domain
at Infosys.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy