Mithun Kalappura

Mithun Kalappura

Senior Manager, IT Risk Consulting

KPMG in Kuwait

Mithun has more than 9 years of experience in managing IT Internal Audit/ IT External Audit engagements (including General IT Controls Testing and Application Control Testing), Cybersecurity Internal Audits, IT/ IS Risk Assessments and Technology Gap Assessments.


Position: Manager, IT Risk


Mithun leads the IT Audit Practice in KPMG Kuwait and has more than 9 years of experience in IT Auditing, Cybersecurity Auditing, Cybersecurity Consulting, and Project Management.

He has assisted various clients in their IT Audit requirements which include developing Risk-based IT Audit Plans and executing IT Audits according to the plan and has managed clientele across different industries ranging from Banking to Technology Companies.

He has in-depth knowledge and experience in various standards and frameworks such as COBIT, ISMS, ITIL, NIST, CIS, SWIFT CSCF, etc.

Experience :

Since commencing a career in KPMG Kuwait, Mithun has been leading various engagements in IT Risk and Information Security Domains including IT Internal Audits, Cybersecurity Audits, IT Internal Control Reviews, Application Control Reviews, SWIFT CSCF Assessments, Post Implementation Reviews, and Compliance related IT Audits,  for clients across various industries such as Banks, Investments Companies, Real Estate Companies, Manufacturing/ Production Companies, Financial Brokerage Firms, Hospitals, Oil Companies, Entertainment Companies within Kuwait.

He has vast exposure in Banking/ Financial Services sector having provided different services such as IT Audits, Risk & Control Self Assessments, Internal Control Reviews, Post Implementation Reviews, Agreed-Upon Procedures, and other regulatory-driven reviews to clients.  Has recently led the IT Internal Control Review of Subsidiaries of a major Kuwait Bank located in London, Egypt, and Lebanon. 

He has been engaged in multiple Quality Assurance Reviews assessing the effectiveness and quality of the in-house internal audit functions across major clients.

He has led Information Security Risk Assessment for one of the largest Asset Management Companies in Kuwait. He has led a number of Information Security Internal Audits for few clients in Kuwait in the technology and payment sectors. He was also responsible for managing the internal audit of Technology Infrastructure for ATM, POS, Payment Gateway functions for one of the largest payment service providers in the region. He was also responsible for leading the reviews of Information Security and Information Technology domains as part of the Internal Control Reviews for different financial institutions including Banks in Kuwait.

He was seconded to one of the largest telecom companies in the region as a Lead Cybersecurity Consultant for a tenure of 3 months.

Before joining KPMG Kuwait, he was working with an advisory firm in India specializing in IT Risk Assessments, System Post Implementation reviews, Cybersecurity Reviews (including penetration testing and vulnerability assessments), and implementation consulting for standards (ISO 27001, COBIT, QMS, etc.). Prior to this, he worked with KPMG Dubai where he concentrated on IT general control reviews, internal audits, and application control reviews. He has also conducted engagements like business process engineering and has thereby helped various clients to streamline their processes, identify functional-control risks, and implement better controls. He was also responsible for formulating/reviewing standard operating policies and procedures across various organizations in India and in the Middle East.

Load more
Load more