Arpit Dhanotiya

GRC, RSA Archer
Client - Leading bank of UAE, Saudi Arabia
• Working on Development and implementation of enterprise governance, risk, and
compliance strategy and solutions.
• Works on hands-on gap or risk assessments to identify significant information security
risks (including applications, systems, data centers, and infrastructure and vendor security
risk assessments) to determine the organizational risk posture.
• Coordinate, monitor, and report the progress of IS risk remediation activities, resulting
from oversight and monitoring processes.
• Working on different types of regulatory assessments like RBI, CBK, QCB, CBB, CBE etc.
• Having good experience in RCSA process including Risk register creation, Control testing,
Operating and design test and self-attestation.
• Working on full lifecycle of project deliverable from Requirement gathering to production
deployment for GRC solutions.
• Working on Deployment, data migration, applications VA fixing.
• Working experience on GRC solutions like Archer, ProcessUnity etc.
Client - Leading bank of Kuwait
• Conducted periodic compliance reviews against regulatory Information Security
requirements and internal Policies, procedures, and standards.
• Manage expectations and requests of internal and external auditors, including the
establishment of a program of audit and verification of compliance with both industry
standards and the assurance framework.
• Conducted security training and distributing security governance documents (covering
end-to-end security).
• BCM implementation (BIA, BCP Plans), review, assessment of BIA’s, Coordinate third party
technical risk assessments and related audit activity.
• Monitor compliance with bank’s policies, standards, guidelines, and procedures.
• Conducted Risk assessments for IT assets and vendors.

Client: Axis Bank Pvt. Ltd.
• Worked on Security Architecture Risk Assessment, Security Operational Risk Assessment
frameworks, Vendor Risk Assessment, Risk register.
• Worked on Risk metrics configuration based on RSA standard, Axis bank Risk
methodology.
• Implemented Policy management, Third party risk management, Issue Management, IT
Risk Management solutions.
• Created Quarterly tracking system to automate the RBI Quarterly reports generation,
assessments, advisories, Control reports etc.
• Perform the Risk assessments on IT asset.
• Implementation of vendor risk assessment framework, perform the vendor risk
assessment.
• Document and reports control failures and gaps to stakeholders. Provides remediation
guidance and prepares management reports to track remediation activities.
• Implemented LDAP, Data feed, Notifications, Mail merge, Custom reports, and iView’s in
RSA Archer.
• Configured data feed for Data transfer between DMZ and Non- DMZ zone through Archer-
to-Archer data Feed.
• Worked on client Demo, Presentation of Archer application with multiple stakeholders of
Axis bank.
• Implemented, Archer to Archer, File, Database, and RSS feed, http, Questionnaire.

Client: State Street Corporation & American Express (Amex)
• Implemented IT Risk Management, Policy management, Data Governance, Privacy
Program management, Incident Management, Operational risk management, Loss event
management, Issue Management.
• Design the framework for various types of Risk Assessment (Application, Device,
Information Asset, etc.)
• Implementation of reporting metrics, Dashboards, evidence artifacts, automation of GRC
processes to continuously monitor information security controls.
• Implemented Security controls and provides support to all stakeholders on security
controls covering internal assessments, regulations, protecting Personally Identifying
Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
• Designed the workflow for all application in RSA Archer with the help of Workflow
diagram provided by the Client. Configured workflow with the advanced workflow.
• Working on the data migration task to migrate the record form OpenPages to Archer
platform through the data feed.
• Worked on API integration with other management tools, security tools.
• Created Workspace, dashboards, Reports, iView’s, Notifications for ICAM’s.
• Work on packaging, Access control integration.
• Worked on Agile methodology for project implementation.