Arpana Gupta

I am a certified ISO 27001 Lead Auditor with over 16 years of experience specializing in Second Line of Defense (2LoD) Technology Risk Oversight, ITGC, and Identity Governance & Administration (IGA) across Tier-1 global banking and life sciences sectors (HSBC, Barclays, Michelin, Agilent).

Notably, my background fulfils the requirements for the New Zealand Green List (Tier 1: Straight to Residence Pathway) under the ICT Security Specialist (ANZSCO 262112) classification, enabling me to bring immediate value to a New Zealand entity.

Key GRC achievements from my career include:

• IAM Exception Governance: Governed lifecycle reviews, technical ingestion, and testing of complex IAM control exceptions across global entities at scale (HSBC, Barclays).
• Enterprise IGA Transformations: Coordinated large-scale application onboarding, architected process workflows, and validated end-to-end readiness during global SailPoint and OIM migrations.
• 2LOD SOX 404 & ITGC Compliance: Managed external testing vendors through full-lifecycle Operating Effectiveness (OE) audits, directed Root Cause Analysis (RCA), and formulated CAPAs.
• 3LoD Audit Collaboration: Partnered with the 3rd Line of Defense as a guest auditor to execute ITGC domain testing across Change Management, Incident Management, and BCP frameworks.

I excel at translating abstract security frameworks into robust operational policies while driving seamless collaboration between steering committees, application owners, and external auditors. I look forward to bringing my risk mitigation and audit management expertise to New Zealand’s fast-evolving cybersecurity sector.

Thank you for your time and consideration. I welcome the opportunity to discuss how my identity governance and technology risk experience can strengthen your organization's security posture.