? Lead and design group-wide CIAM & IAM architecture projects ( One Identity, Entra ID, Ping identity suit (Directory, Ping-One, Ping federate))
? Lead project to define IAM standards (SAML, OAuth,Open-ID,MFA, SSO) and GDPR-aligned data-protection controls and identity lifecycle management
? Led architecture squad; prepared DORA-compliance and network-segmentation strategy
- Provisioning of IAM Automates user onboarding/offboarding and group assignments.
- Directory Sync with Entra ID to Syncs users from on-prem AD to Entra ID.
- Identity Lifecycle Management at UNIQA with Entra ID governance to manages roles and permissions over time.
- CIAM (Customer Identity and Access management) PING ONE suit and Microsoft Entra ID.
- Identity provider Ping Directory, Azure AD B2C transformation
- Authentication & Authorization: Ping Federate, Ping ID using OpenID, OAuth, SAML.
Security Compliance: Multi-Factor Authentication (MFA), Conditional Access (limited in CIAM), Role Based access? Migration program manager for Directed AD ? Azure AD & Microsoft 365 migration, integrating SaaS workloads
? Introduced updated IAM policies for GDPR
? Managed mixed on-site/remote engineering team; aligned business & technical stakeholders
Azure Cloud Migration components:
: Azure Migrate: Server Migration Lift-and-shift of VMs (Hyper-V, VMware, physical)
: Move files and structured data to Azure
Create Azure Virtual Network,
: Migrate apps to Azure App Service or virtual environment.
Sync users from AD to Azure, Role-based access control, MFA and Conditional Access? Manage project to re-architected monolith trading platform into micro-services; produced risk analysis (ISO 27001)
? Oversaw DevOps pipeline and stakeholder communication across Europe
- TCP IP communication isolation, protecting sensitive systems from unauthorized access
- Filtering, firewall rules, packet filtering, intrusion detection systems (IDS), log analysis,
- DMZ creation, designing and deploying buffer zones to isolate public-facing services (web servers, gateways, load balancers, reverse proxies, and hardening OS configurations)
Rollout management project leading for multiple technical teams (Solaris, network, Microsoft), Patch and OS lifecycle management, Infrastructure migrations or upgrades, compliance-driven deployments (ISO 27001, GDPR)? Lead and design group-wide CIAM & IAM architecture projects ( One Identity, Entra ID, Ping identity suit (Directory, Ping-One, Ping federate))
? Lead project to define IAM standards (SAML, OAuth,Open-ID,MFA, SSO) and GDPR-aligned data-protection controls and identity lifecycle management
? Led architecture squad; prepared DORA-compliance and network-segmentation strategy
- Provisioning of IAM Automates user onboarding/offboarding and group assignments.
- Directory Sync with Entra ID to Syncs users from on-prem AD to Entra ID.
- Identity Lifecycle Management at UNIQA with Entra ID governance to manages roles and permissions over time.
- CIAM (Customer Identity and Access management) PING ONE suit and Microsoft Entra ID.
- Identity provider Ping Directory, Azure AD B2C transformation
- Authentication & Authorization: Ping Federate, Ping ID using OpenID, OAuth, SAML.
Security Compliance: Multi-Factor Authentication (MFA), Conditional Access (limited in CIAM), Role Based access? Migration program manager for Directed AD ? Azure AD & Microsoft 365 migration, integrating SaaS workloads
? Introduced updated IAM policies for GDPR
? Managed mixed on-site/remote engineering team; aligned business & technical stakeholders
Azure Cloud Migration components:
: Azure Migrate: Server Migration Lift-and-shift of VMs (Hyper-V, VMware, physical)
: Move files and structured data to Azure
Create Azure Virtual Network,
: Migrate apps to Azure App Service or virtual environment.
Sync users from AD to Azure, Role-based access control, MFA and Conditional Access? Manage project to re-architected monolith trading platform into micro-services; produced risk analysis (ISO 27001)
? Oversaw DevOps pipeline and stakeholder communication across Europe
- TCP IP communication isolation, protecting sensitive systems from unauthorized access
- Filtering, firewall rules, packet filtering, intrusion detection systems (IDS), log analysis,
- DMZ creation, designing and deploying buffer zones to isolate public-facing services (web servers, gateways, load balancers, reverse proxies, and hardening OS configurations)
Rollout management project leading for multiple technical teams (Solaris, network, Microsoft), Patch and OS lifecycle management, Infrastructure migrations or upgrades, compliance-driven deployments (ISO 27001, GDPR)