• Reviewed Client`s DevSecOps Practices of their current IT systems infrastructure and the so-called target architecture solution, covering Microservice, Kubernetes, Atlassian Eco system (Jira, Confluence), SNOW, Zero-trust, Service meshes, PAM, ML\AI (LLM) and CI\CD automation (Azure DevOps)ensuring compliance with GxP and cGxP.
• Enhance Govern and establish a proper MEASURE and MANAGE Functions for , objective, repeatable, scalable test, evaluation, verification, and validation (TEVV) processes including metrics, methods, and methodologies, ensuring that they are in place, followed, and documented.
• Recommended and architected improvements on sustainable hybrid cloud architectures with lean, automated, and secure maintenance practices, ensuring high availability, resilience, scalability, and performance. Collaborated with senior stakeholders across Digital, OT, Enterprise Architecture, QA, and IT Security to drive DevOps culture through containerization, Usage of AI(LLM) and associated concept?s introduction.
• Provided streamlined and structured approach to develop LLM-infused applications. Allow well-defined process and lifecycle to guides the process of building, testing, optimizing, and deploying flows, culminating in the creation of fully functional LLM-infused OPS solutions.
• Designed and implemented scalable cloud architectures on Azure and Oracle Cloud, supporting business growth while reducing infrastructure costs by 20%.
• Optimized cloud resource allocation through continuous monitoring and performance tuning, achieving a 15% improvement in system performance.
• Automated the deployment of cloud infrastructure using Terraform and ARM templates, reducing manual errors and deployment time by 30%.
• Administered Linux servers and databases (SQL, Oracle, Postgres, MySQL), ensuring high availability, security, and optimal performance.
• Collaborated with external suppliers to manage support services, ensuring compliance with SLAs and resolving issues promptly.
• Architected and implemented robust CI/CD pipelines using Azure devOps, Jenkins, Rancher, Docker, and Kubernetes, resulting in a 30% reduction in deployment times.
• Led a team of DevOps engineers to migrate legacy applications to a microservices architecture, leveraging Kubernetes for orchestration.
• Designed and deployed automated testing frameworks integrating with CI/CD pipelines, improving code quality and reducing bugs by 25%.
• Collaborated with development, QA, and operations teams to foster a DevOps culture and streamline the software development lifecycle.
• Implemented monitoring and logging solutions using ELK stack and Prometheus, enhancing system observability and incident response times.
• Improved, designed containerized solutions meeting GxP and cGXP requirements, IT security, and reliability standards, while defining cloud standards and frameworks for managing infrastructure lifecycle with DevOps techniques, including:
  • Secure throughout the software development lifecycle to minimize vulnerabilities in software code.
  • Proper function of the DevOps teams, including developers and operations teams.
  • Confirmed shared responsibility for following security best practices.
  • Evaluate efficiency and effectiveness of automated security checks at each stage of software delivery.
  • Recommend improvements on integrated security controls, tools, and processes into the DevOps workflow.
• Ensured designs complied with IT Security and QA standards through reviews and promoted cloud-native setups for forward-looking architectures and applications, ensuring Traceability, Accountability and Data integrity.
• Identified and recommended infrastructure improvements for more efficient services, optimizing resource utilization and enhancing overall system performance and cost reduction.
• Recommend implementation of new methodologies using modern agile approaches, driving continuous improvement and innovation within the organization.

• Orchestrated and executed security solutions, encompassing Zero Trust principles, and WAF (AKAMAI) for BASIS Administration, SAP IAS, IPS, MS Azure, S/4, public cloud, BTP, and Fiori applications, ensuring adherence to best practices and compliance standards.
• Design proper integration patterns of S4C public cloud with HR platform, Salesforce and IAM\PAM solutions Assets on Azure and AWS allowing benefits from AI Automation for Incident (Recognition, Response and Handling).
• Define:
  • enhanced processes for governing, mapping, measuring, and managing Risks, and clearly documenting outcomes;
  • improved awareness of the relationships and tradeoffs among trustworthiness characteristics, socio-technical approaches, and risks;
  • explicit processes for making go/no-go system commissioning and deployment decisions;
  • establish policies, processes, practices, and procedures for improving organizational accountability efforts related to AI system risks;
  • enhance organizational culture which prioritizes the identification and management of AI system risks and potential impacts to individuals, communities, organizations, and society;
  • better information sharing within and across organizations about risks, decision-making-processes, responsibilities, common pitfalls, Test, Evaluation, Verification, and Validation (TEVV) practices, and approaches for continuous improvement;
  • and create a greater contextual knowledge for increased awareness of downstream risks;
• Adopt a first principals? approach when testing each input by examining the original expected value and the servers response when the value is modified, determine how data may be being processed by the server and can then dynamically evolve each test to identify vulnerabilities.
• Contributed to the design and optimization of large-scale distributed systems, ensuring reliability and scalability.
• Designed and implemented secure and scalable container-based systems using Docker and Kubernetes on AWS & Azure
• Collaborate with key stakeholders to understand business processes and identify areas for improvement in risk management and compliance

• Spearheaded the transition to a fully automated CI/CD process, integrating Jenkins, GitLab CI, and Ansible, reducing manual intervention by 40%.
• Developed and maintained infrastructure as code (IaC) using Terraform and AWS CloudFormation, enabling consistent and repeatable infrastructure deployments.
• Introduced containerization strategies using Docker and Kubernetes, resulting in improved scalability and deployment flexibility.
• Conducted training sessions and workshops on CI/CD best practices and tools, enhancing team proficiency and collaboration.
• Worked with SwissRe's Cyber Risk team to ensure SwissRe's security standards are implemented and Documentation of the measures implemented is in place.
• Cultivates and implements a culture of risk management within organizations designing, developing, deploying, evaluating, and acquiring AI systems;
• Outlines processes, documents, and organizational schemes that anticipate, identify, and manage the risks a system can pose, including to users and others across society? and procedures to achieve those outcomes;
• Incorporates processes to assess potential impacts;
• Provides a structure by which AI risk management functions can align with organizational principles, policies, and strategic priorities;
• Connects technical aspects of AI system design and development to organizational values and principles, and enables organizational practices and competencies for the individuals involved in acquiring, training, deploying, and monitoring such systems; and
• Addresses full product lifecycle and associated processes, including legal and other issues concerning use of third-party software or hardware systems and data.
• Design, build and optimize security controls and automated response solutions in AWS (AWS stack: Control tower, CloudFront, Load Balancers, WAFv2, Security Groups, Security Hub, Inspector, IAM, Kinesis, Guard duty, Cloud Watch, CloudTrail, Lambda etc.) and Azure Cloud (Defender and Sentinel)
• Vulnerability management, system and network hardening (CIS and AWS benchmarks)
• Prime liaison with the client, including participation in Crisis Management, Continuous improvements in coordination with the Platform teams, requests coordination with stakeholders and tracking until delivery
• Participation in the global Saga and Epic planning by providing insight from own experience and state-of-the-art knowledge
• Security architecture review
• Perform Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) assessments on applications, systems, and software components to identify security vulnerabilities, weaknesses, and risks.
• Collaborate with the central security team to introduce and scale industry-leading security testing tools and methodologies to conduct thorough security assessments.
• Collaborate with development teams to provide guidance and recommendations for secure coding practices and vulnerability remediation.
• Participate in threat modelling activities to identify potential security risks and develop appropriate mitigation strategies.
• Stay up-to-date with the latest security trends, vulnerabilities, and attack vectors, and provide proactive recommendations to enhance security measures.
• Ensure compliance with requirements on Encryption at rest and in transit. Hands-on experience with Microsoft Azure and Azure Security Technologies specifically, Azure KeyVault, Azure Managed HSM or Azure Dedicated HSM, enforcing data encryption standards and solutions.
• Design, implement and ensure best practices of AuthZ, via token rotation: both for human and non-human

As Technology Partner in FIS Global I am responsible for building and developing the Digital Identity Practice as part of Cyber Security services. The Digital Identity practice consists of PAM (Privileged Access Management), IGA (Identity Governance and Administration) and CIAM (Customer IAM). The current toolset in use for the following topics are as follows: IGA ? SailPoint IIQ, OMADA, MIM 2016, PAM ? CyberArk, CIAM ? ForgeRock and Transmit Security Microsoft Based Security ? On-Premise and Azure Cloud As part of the company leadership team, I am responsible for building, developing and administrating a team of 20+ people across Central and Eastern Europe. Daily, I am taking management and architectural role in various projects covering services such as assessment, design, implementation, and managed service across Europe with the technology stacks mentioned above. I have experience in various industries and expert knowledge in IAM/PAM best practices and compliance standards across widely regulated and non-regulated businesses. In the past 10+ years I have been involved in projects taking various roles from Implementation Engineer to Solution Architect for businesses in any size ? from small to large global companies spanned across the globe. My expertise and understanding of the overall IT Infrastructure and in-depth knowledge in Authorization, Authentication and Security allowed me to successfully deliver all those projects regardless of the project complexity, timeline, location or size. My strongest features are my devotion to work and desire to solve complex challenges with the highest quality, ability to lead teams and coordinate activities, ability to consult and discuss on every level from top management level through enterprise architecture down to in-depth technical discussions and low-level solution specific conversations with developers and engineers. In my current role, my main responsibilities include driving the line of business forward by developing new client relationships and delivering complex projects from Management and Architectural perspective including but not limiting to:

• Roadmap design HLD, LLD and Pilot implementation of Companywide PAM solution as a Service provided from a market leader.
• Close collaboration with IT teams, design a security architecture framework (guidelines, technology reference models, guidelines, and training material)
• Assess and transpose embed security requirements into existing or new IT systems (business applications including SAP, IT infrastructure, on-prem and cloud systems including Microsoft office 365).
• Perform cyber security architecture reviews and documentation of the security requirements in architecture handbooks in close collaboration, partnering and advising IT and business teams to implement a ?secure by design? strategy that provides the following - Regulatory compliance, Security policy enforcement, Support of ?bring your own device? (BYOD), Remote control of device updates, Application control, Automated device registration & Data backup
• Advise and design security solutions for implementation into complex customer IT environments which carry proprietary real-time life critical data and diagnostic quality images which require reliability and high availability output based on GCP Native services like (Access Transparency, Assured Workloads, Binary Authorization, Cloud Asset Inventory, Cloud Data Loss Prevention, Cloud Key Management, to manage encryption keys on Google Cloud, Confidential Computing, Firewalls, Secret Manager to store API keys, passwords, certificates, and other sensitive data, Security Command Center, Shielded VMs, VPC Service Controls, BeyondCorp Enterprise for Scalable zero trust platform with integrated threat and data protection, Cloud Identity, Identity and Access Management, Identity-Aware Proxy, Policy Intelligence, Titan Security Key for MFA, etc.
  • Employ DevSecOps, AIOps and Safe Code Practices. Ensuring that technical solutions are cohesive across the provisioning sub-teams and complete against business requirements. Allowing rapid:
  • Bootstrapping: create a Cloud Setups with corresponding resource hierarchy, and permissions for the initial CI/CD pipeline to deploy next stages.
  • Baseline the a set of configurations that allows the delivery of the security and compliance monitoring, alerting and as foundational guardrails.
  • Covering Business Specific Requirements: Delivers business specific components and integrations (such as SSO, monitoring etc);
  • Establishment of proper Workload services at Applications level running proper set of Application Infrastructure: Any of the many cloud services that form the business? platform for workloads (Servers, Storage, IAM\PAM, SIEM, SOAR etc). The final goal of the Landing Zone: to deliver value to the business
  • Validate, evaluate and technical sign-off of technical changes in capabilities and solutions proposed by external partners.
  • Oversee and guide deployment of security patches, enhancements and changes to the Windows\Linux IT Landscape (including PoCs, PoVs, Canary and Blue-Green deployments, Gold images, and Transfer-to Operations together with L2/L3 running everything as a code)

• Design and develop services and solutions based on cloud security-based practices - CSA CCM and BSI C5.
• Perform risk assessment of proposed and existing system architecture for compliance with security best practices, recommending technical, administrative, and physical controls to mitigate identified risks.
• Developed service security and compliance requirements for SaaS multi-tenant systems.
• Designed and developed cloud security architectures and perform architecture design reviews.
• Designed and develop frameworks and solutions to secure cloud applications and infrastructure.
• Lead and execute end to end compliance initiatives, based on selected industry frameworks and compliance standards.
• Set up Security Baselining and ensure compliance with State authorities utilizing Modern technology (DevOps, DevSecOps, CI\CD) trends Security
  • Aacted as Security PO directly responsible for:
  • Fadata`s SaaS Security Concept;
  • Identification of the Critical assets - Our in-depth reference architectural model, is based on ISO/IEC 17789 and NIST 500-292
  • Development and optimization of the ISMS (Information Security Management System) according to ISO27001, GDPR and FINMA requirement
  • Appling of Passwordless authentication techniques (MFA, OATH, FIDO2, SSO, Yubikey)
  • Cloud Compute and Workload security protecting Software defined networking, Virtual machines/Instances, containers, Platform-based workloads and Serverless computing;
  • Defining Key risks and controls
  • Centralized Authentication/authorization - utilization of Managed services for authentication and authorization (Okta) together with LDAP DS, and dedicated Oath 2 platforms
  • System integrity, System administration, and Software deployment via Terraform, CloudFormation and Ansible Scrips (DevSecOps).
  • Security patch management via Immutable Workloads Enable Security - Nexus IQ
  • Automatic identification of OSS\TP component and risk modeling in accordance with Risk Appetite.
  • Malware\edge Protection via a combination of managed services (WAFs) ?CloudFlare and edge NGxFW (Palo Alto network)
  • System hardening, performance tuning and patch management;
  • Tenant segregation, multiple VPC
  • RBAC of Technical Users and business users, role definition certification and enforcement.
  • KMS management Private keys, envelope encryption Securing data at rest, and in transit and pseudo-anonymization via tokens.
  • Enforcing Safe code security practice and monitoring of OSS\TP components in use;
  • Attack surface and treat modeling, Static Code Scanning and Free and Open Source Scanning., Appling measures to prevent OWASP 10 vulnerabilities, Code repository security (Nexus IQ) together with Sonar cube
  • Service continuity, disaster recovery
• Business Continuity Within the Cloud Provider
• Business Continuity for Loss of the Cloud Provider
• BC\DR Remediation Actions
  • Propper security monitoring logic (Events & Time Series) via Cloud Watch, Cloudtrail and Panorama
  • Integrating with 3rd party SOC Providers, enablement paging duties
  • Backup orchestration to another cloud vendor;
  • IT Cyber Security Metrics,
• Implement, maintain, and improve existing industry best practices of operational security controls such as Monitoring, Identity and access management, Encryption and data security, and Self-auditing.
• Guide Product Management on defining and prioritizing the development of secure SaaS solutions.
• Drive and lead security processes, tools, methods, and knowledge and security enhancements.
• Prepare and deliver training and security awareness activities to the Engineering teams.
• Acquire relevant knowledge, remain up to date, attend security conferences, and be involved in the security community.

• Enable Open banking for BMW Bank, allowing access and control of consumer banking and financial accounts through third-party applications.
• Architecting of APIMv2 heterogenic platform-based SaaS microservices (Kubernetes).
• Enabling migration from heterogenic (mix of on-prem and SaaS solution) to Cloud first \ Cloud only (AZURE and AWS). Clearing the path for BMW`s IT eco to become API driven and BMW to become a Tech Company.
• Employing DevSecOps and Safe Code Practices, Running everything as a code
• Enhancement of IT & Security Risk control mechanism of GCP, AWS and Azure based APIM platform.
• Responsible for Creation of security standard based on IT and security frameworks (Such as OWASP10, ISO 23167:2020, ISO 23188:2020, ISO 23029:2020, ISO27001/2, NIST 500, NIST 800,GxP, CIS and COBIT);
• Development of security concept and road map for achievement of desirable future state.
• Interact with senior stakeholders across departments and will reach and influence a wide range of people across larger teams and communities
• Research and apply innovative Cloud and Security architecture solutions to new or existing problems
• Work out subtle Cloud and Security needs and will understand the impact of decisions, balancing requirements and deciding between approaches.
• Design and plan a cloud solution architecture, produce particular patterns and support quality assurance, and is the point of escalation for architects below them
• Post bridge assessment and validation of execution for AD and AAD
• Designing and Implementation of AD Tiering model
• Migration to tiering model
• Designing AD Concept for Application and Server administration
• Designing AD Concept for self-evolution of rights
• Developing PAM Program
• Designing CyberArk Core PAS Solution
• Implementing CyberArk Core PAS
• Designing Client specific use cases for CyberArk EPM
• Implementation of CyberArk EPM
• Manage and provision the cloud solution infrastructure
• Design for security and compliance
• Analyse and optimize technical and business processes
• Manage implementations of cloud architecture
• Ensure solution and operation reliability
• Configure access within a cloud solution environment
• Ensure data protection
• Manage operations within a cloud solution environment
• Ensure compliance and reliability

• Conceptualizing defense in deep approach for HILTI Cloud ? EMEA, APAC, Nord America, and China Mainland.
• Creation of road map for implementation of layered defence-in-depth strategy. Technology stack including WAF (Web Application firewall),
• Leading the VRM process selection and setting up of Vendor battles
• Performing of POCs with shortlisted vendors.
• Setting up criteria and Perform interoperability, regression, and Unity testing of the selected stack with the existing Hilti eco system

• DB Access gate (OneIM) with Wealth Management Platform (WME) dedicated to automate user lifecycle (access provisioning and deprovisioning) and to allow usage of hybrid identities of Wealth management Eco system (300+) applications.
• Architecting (HLD, LLD, API contracts) for fleet of Rest Full APIs, dedicate to overcome One- IM Constrains and limitations. 

• Creating a Roadmap for migrating of on-prem OpenShift platform to the cloud (AZURE - ARO, CGP - GKE and AWS ? ECS, EKS, Fargate ) aiming utilization of cloud native approach
• Participates in and contributes thought leadership and strategic direction during ISRM leadership team meetings and executive workshops
• Prepares strategic updates and vision documents, briefings, and reports, and demonstrates excellent communication skills and executive presence in presentations to TR executives, customers, and partners
• PaaS DevOps consulting on the migration of existing IT applications to the PaaS solution
• Analysis of existing IT applications, defining Changes in the software architecture on High and Low Level
• Architecting Data flow relaying on GCP\AWS\Azure out of the box services and enabling usage of GraphQL as super positioned touch point.
• Own the security architecture process, enabling the development and implementation identity and security solutions and capabilities enterprise wide, clearly aligned with business, technology and threat drivers. Translating security policies and directives into specific requirements, procedures, standards and guidelines
• Defining architectural principles, Consulting of project and line organizations regarding the implementation of safety requirements, ensure that company-wide security requirements are correctly implemented
• Develops hybrid cloud strategy and governance to meet future business requirements, with a focus on containerization and microservice architectures
• Develops infrastructure identity and security strategy plans, roadmaps and other architecture artifacts based on sound enterprise architecture practices.
• Participates as a consultant in application and infrastructure projects to provide infrastructure & security-planning advice
• Determines baseline infrastructure configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM) platforms and capabilities.
• Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
• Reviews network segmentation strategy (also in a containerized environment) to ensure least privilege for network access, ensures this translates to a new software defined data canter offering.

• Own the security architecture process, enabling the development and implementation identity and security solutions and capabilities enterprise wide, clearly aligned with business, technology and threat drivers. Translating security policies and directives into specific requirements, procedures, standards and guidelines
• Defining architectural principles, Consulting of project and line organizations regarding the implementation of safety requirements, Ensure that company-wide security requirements are correctly implemented
• Development of identity and security strategy plans and roadmaps ensuring Confidentiality Integrity and Availability of resources based on sound enterprise architecture practices.
• Development and maintenance of identity and security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.
• Provides strategic technical and architectural guidance to senior management, business technology project teams and functional organizations
• Designs and builds security models and capabilities as it relates to network, cloud, endpoint, identity, and data security domains; authors and drives compliance with enterprise security policies and standards
• Leads technical defense-in-depth reviews of TR?s product portfolio to evaluate the application of security controls and identify opportunities to enhance the product?s security posture
• Guides teams in defining future state end-to-end architectures, platforms, products, tools and solutions to advance security capabilities in the business
• Develops and drives the ISRM technology roadmap, defining current and future security platform lifecycles (candidate, POC, deployed, pending decommission) to continuously improve TR?s security controls posture
• Work closely with internal teams to effectively deliver internal change capability
• Clearly define programme requirements and ensure clear communication at all times
• Consulting the automation DevOps lead on network layouts and negotiating with other network teams on integration and segregation topics Performing application vulnerability and security assessments
• Performing application security risk assessments
• Performing code review across a variety of programming languages
• Defining application security controls (ITGCs)
• Performing application security design activities
• Performing assessments of SDLC and DevOps processes, Promoting DevSecOps and safe code practices;
• Developing and delivering application security training and outreach
• Creating gap analysis and client improvement program recommendations
• Other security-related projects that may be assigned according to skills
• Review and evolve customer and internal access management technologies. Create the IAM policies and technical standards. Advise technical teams on the control design and perform risk assessments and define the IAM related security requirements.
• Translating clients' risk, security, and compliance requirements into specific Cloud security solutions and design patterns
• Set up Security Baselining and ensure compliance with State authorities
• Utilizing Modern technology (DevOps, DevSecOps, CI\CD) trends Security
• Security PO directly responsible for:
• iptiQ PnC Security Concept;
• Identification of the Critical assets - Our in-depth reference architectural model, is based on ISO/IEC 17789 and NIST 500-292
• Development and optimization of the ISMS (Information Security Management System) according to ISO27001, GDPR and FINMA requirement
• Appling of Passwordless authentication techniques (MFA, OATH, FIDO2, SSO, Yubikey)
• Cloud Compute and Workload security protecting Software defined networking, Virtual machines/Instances, containers, Platform-based workloads and Serverless computing;
• Defining Key risks and controls
• Centralized Authentication/authorization - utilization of Managed services for authentication and authorization (Okta) together with LDAP DS, and dedicated Oath 2 platforms
• System integrity, System administration, and Software deployment via Terraform, CloudFormation and Ansible Scrips (DevSecOps).
• Security patch management via Immutable Workloads Enable Security - Nexus IQ
• Automatic identification of OSS\TP component and risk modeling in accordance with Risk Appetite.
• Malware\edge Protection via a combination of managed services (WAFs) ?CloudFlare and edge NGxFW (Palo Alto network)
• System hardening, performance tuning and patch management;
• Tenant segregation, multiple VPC
• RBAC of Technical Users and business users, role definition certification and enforcement;
• KMS management Private keys, envelope encryption Securing data at rest, and in transit and pseudo-anonymization via tokens;
• Enforcing Safe code security practice and monitoring of OSS\TP components in use;
• Attack surface and treat modeling, Static Code Scanning and Free and Open Source Scanning., Appling measures to prevent OWASP 10 vulnerabilities, Code repository security (Nexus IQ) together with Sonar cube
• Service continuity, disaster recovery
  • Business Continuity Within the Cloud Provider
  • Business Continuity for Loss of the Cloud Provider
  • BC\DR Remediation Actions
• Propper security monitoring logic (Events & Time Series) via Cloud Watch, Cloudtrail and Panorama
• Integrating with 3rd party SOC Providers, enablement paging deuties
• Backup orchestration to another cloud vendor;
• IT Cyber Security Metrics,
• Implementation of Advanced End Point Protection